dsconfig Subcommands Reference This section covers dsconfig subcommands. dsconfig create-access-log-filtering-criteria(1) Name dsconfig create-access-log-filtering-criteria - Creates Access Log Filtering Criteria Synopsis dsconfig create-access-log-filtering-criteria {options} Description Creates Access Log Filtering Criteria. Options The dsconfig create-access-log-filtering-criteria command takes the following options: --publisher-name {name} The name of the Access Log Publisher. Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: access-log-filtering-criteria Default {name}: Access Log Filtering Criteria Enabled by default: false See Access Log Filtering Criteria for the properties of this Access Log Filtering Criteria type. --criteria-name {name} The name of the new Access Log Filtering Criteria. Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Access Log Filtering Criteria types: access-log-filtering-criteria Default {name}: Access Log Filtering Criteria Enabled by default: false See Access Log Filtering Criteria for the properties of this Access Log Filtering Criteria type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Access Log Filtering Criteria properties depend on the Access Log Filtering Criteria type, which depends on the --criteria-name {name} option. Access Log Filtering Criteria Access Log Filtering Criteria of type access-log-filtering-criteria have the following properties: connection-client-address-equal-to Description Filters log records associated with connections which match at least one of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value None Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No connection-client-address-not-equal-to Description Filters log records associated with connections which do not match any of the specified client host names or address masks. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value None Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No connection-port-equal-to Description Filters log records associated with connections to any of the specified listener port numbers. Default Value None Allowed Values An integer value. Lower value is 1. Upper value is 65535. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No connection-protocol-equal-to Description Filters log records associated with connections which match any of the specified protocols. Typical values include "ldap", "ldaps", or "jmx". Default Value None Allowed Values The protocol name as reported in the access log. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No log-record-type Description Filters log records based on their type. Default Value None Allowed Values abandon Abandon operations add Add operations bind Bind operations compare Compare operations connect Client connections delete Delete operations disconnect Client disconnections extended Extended operations modify Modify operations rename Rename operations search Search operations unbind Unbind operations Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No request-target-dn-equal-to Description Filters operation log records associated with operations which target entries matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard replaces one or more RDN components (as in uid=dmiller,,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No request-target-dn-not-equal-to Description Filters operation log records associated with operations which target entries matching none of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard replaces one or more RDN components (as in uid=dmiller,,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No response-etime-greater-than Description Filters operation response log records associated with operations which took longer than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No response-etime-less-than Description Filters operation response log records associated with operations which took less than the specified number of milli-seconds to complete. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No response-result-code-equal-to Description Filters operation response log records associated with operations which include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No response-result-code-not-equal-to Description Filters operation response log records associated with operations which do not include any of the specified result codes. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No search-response-is-indexed Description Filters search operation response log records associated with searches which were either indexed or unindexed. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No search-response-nentries-greater-than Description Filters search operation response log records associated with searches which returned more than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No search-response-nentries-less-than Description Filters search operation response log records associated with searches which returned less than the specified number of entries. It is recommended to only use this criteria in conjunction with the "combined" output mode of the access logger, since this filter criteria is only applied to response log messages. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No user-dn-equal-to Description Filters log records associated with users matching at least one of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard replaces one or more RDN components (as in uid=dmiller,,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No user-dn-not-equal-to Description Filters log records associated with users which do not match any of the specified DN patterns. Valid DN filters are strings composed of zero or more wildcards. A double wildcard replaces one or more RDN components (as in uid=dmiller,,dc=example,dc=com). A simple wildcard * replaces either a whole RDN, or a whole type, or a value substring (as in uid=bj*,ou=people,dc=example,dc=com). Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No user-is-member-of Description Filters log records associated with users which are members of at least one of the specified groups. Default Value None Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No user-is-not-member-of Description Filters log records associated with users which are not members of any of the specified groups. Default Value None Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No dsconfig create-account-status-notification-handler(1) Name dsconfig create-account-status-notification-handler - Creates Account Status Notification Handlers Synopsis dsconfig create-account-status-notification-handler {options} Description Creates Account Status Notification Handlers. Options The dsconfig create-account-status-notification-handler command takes the following options: --handler-name {name} The name of the new Account Status Notification Handler. Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Account Status Notification Handler types: error-log-account-status-notification-handler Default {name}: Error Log Account Status Notification Handler Enabled by default: true See Error Log Account Status Notification Handler for the properties of this Account Status Notification Handler type. smtp-account-status-notification-handler Default {name}: SMTP Account Status Notification Handler Enabled by default: true See SMTP Account Status Notification Handler for the properties of this Account Status Notification Handler type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the --handler-name {name} option. -t | --type {type} The type of Account Status Notification Handler which should be created. The value for TYPE can be one of: custom | error-log | smtp. Account Status Notification Handler properties depend on the Account Status Notification Handler type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Account Status Notification Handler types: error-log-account-status-notification-handler Default {type}: Error Log Account Status Notification Handler Enabled by default: true See Error Log Account Status Notification Handler for the properties of this Account Status Notification Handler type. smtp-account-status-notification-handler Default {type}: SMTP Account Status Notification Handler Enabled by default: true See SMTP Account Status Notification Handler for the properties of this Account Status Notification Handler type. Error Log Account Status Notification Handler Account Status Notification Handlers of type error-log-account-status-notification-handler have the following properties: account-status-notification-type Description Indicates which types of event can trigger an account status notification. Default Value None Allowed Values account-disabled Generate a notification whenever a user account has been disabled by an administrator. account-enabled Generate a notification whenever a user account has been enabled by an administrator. account-expired Generate a notification whenever a user authentication has failed because the account has expired. account-idle-locked Generate a notification whenever a user account has been locked because it was idle for too long. account-permanently-locked Generate a notification whenever a user account has been permanently locked after too many failed attempts. account-reset-locked Generate a notification whenever a user account has been locked, because the password had been reset by an administrator but not changed by the user within the required interval. account-temporarily-locked Generate a notification whenever a user account has been temporarily locked after too many failed attempts. account-unlocked Generate a notification whenever a user account has been unlocked by an administrator. password-changed Generate a notification whenever a user changes his/her own password. password-expired Generate a notification whenever a user authentication has failed because the password has expired. password-expiring Generate a notification whenever a password expiration warning is encountered for a user password for the first time. password-reset Generate a notification whenever a user’s password is reset by an administrator. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Error Log Account Status Notification Handler implementation. Default Value org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler Multi-valued No Required Yes Admin Action Required The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No SMTP Account Status Notification Handler Account Status Notification Handlers of type smtp-account-status-notification-handler have the following properties: email-address-attribute-type Description Specifies which attribute in the user's entries may be used to obtain the email address when notifying the end user. You can specify more than one email address as separate values. In this case, the OpenDJ server sends a notification to all email addresses identified. Default Value If no email address attribute types are specified, then no attempt is made to send email notification messages to end users. Only those users specified in the set of additional recipient addresses are sent the notification messages. Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Account Status Notification Handler is enabled. Only enabled handlers are invoked whenever a related event occurs in the server. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the SMTP Account Status Notification Handler implementation. Default Value org.opends.server.extensions.SMTPAccountStatusNotificationHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AccountStatusNotificationHandler Multi-valued No Required Yes Admin Action Required The Account Status Notification Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No message-subject Description Specifies the subject that should be used for email messages generated by this account status notification handler. The values for this property should begin with the name of an account status notification type followed by a colon and the subject that should be used for the associated notification message. If an email message is generated for an account status notification type for which no subject is defined, then that message is given a generic subject. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No message-template-file Description Specifies the path to the file containing the message template to generate the email notification messages. The values for this property should begin with the name of an account status notification type followed by a colon and the path to the template file that should be used for that notification type. If an account status notification has a notification type that is not associated with a message template file, then no email message is generated for that notification. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No recipient-address Description Specifies an email address to which notification messages are sent, either instead of or in addition to the end user for whom the notification has been generated. This may be used to ensure that server administrators also receive a copy of any notification messages that are generated. Default Value If no additional recipient addresses are specified, then only the end users that are the subjects of the account status notifications receive the notification messages. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No send-email-as-html Description Indicates whether an email notification message should be sent as HTML. If this value is true, email notification messages are marked as text/html. Otherwise outgoing email messages are assumed to be plaintext and marked as text/plain. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No send-message-without-end-user-address Description Indicates whether an email notification message should be generated and sent to the set of notification recipients even if the user entry does not contain any values for any of the email address attributes (that is, in cases when it is not be possible to notify the end user). This is only applicable if both one or more email address attribute types and one or more additional recipient addresses are specified. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No sender-address Description Specifies the email address from which the message is sent. Note that this does not necessarily have to be a legitimate email address. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-alert-handler(1) Name dsconfig create-alert-handler - Creates Alert Handlers Synopsis dsconfig create-alert-handler {options} Description Creates Alert Handlers. Options The dsconfig create-alert-handler command takes the following options: --handler-name {name} The name of the new Alert Handler. Alert Handler properties depend on the Alert Handler type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Alert Handler types: jmx-alert-handler Default {name}: JMX Alert Handler Enabled by default: true See JMX Alert Handler for the properties of this Alert Handler type. smtp-alert-handler Default {name}: SMTP Alert Handler Enabled by default: true See SMTP Alert Handler for the properties of this Alert Handler type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Alert Handler properties depend on the Alert Handler type, which depends on the --handler-name {name} option. -t | --type {type} The type of Alert Handler which should be created. The value for TYPE can be one of: custom | jmx | smtp. Alert Handler properties depend on the Alert Handler type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Alert Handler types: jmx-alert-handler Default {type}: JMX Alert Handler Enabled by default: true See JMX Alert Handler for the properties of this Alert Handler type. smtp-alert-handler Default {type}: SMTP Alert Handler Enabled by default: true See SMTP Alert Handler for the properties of this Alert Handler type. JMX Alert Handler Alert Handlers of type jmx-alert-handler have the following properties: disabled-alert-type Description Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. Default Value If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Alert Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled-alert-type Description Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. Default Value All alerts with types not included in the set of disabled alert types are allowed. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the JMX Alert Handler implementation. Default Value org.opends.server.extensions.JMXAlertHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler Multi-valued No Required Yes Admin Action Required The Alert Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No SMTP Alert Handler Alert Handlers of type smtp-alert-handler have the following properties: disabled-alert-type Description Specifies the names of the alert types that are disabled for this alert handler. If there are any values for this attribute, then no alerts with any of the specified types are allowed. If there are no values for this attribute, then only alerts with a type included in the set of enabled alert types are allowed, or if there are no values for the enabled alert types option, then all alert types are allowed. Default Value If there is a set of enabled alert types, then only alerts with one of those types are allowed. Otherwise, all alerts are allowed. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Alert Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled-alert-type Description Specifies the names of the alert types that are enabled for this alert handler. If there are any values for this attribute, then only alerts with one of the specified types are allowed (unless they are also included in the disabled alert types). If there are no values for this attribute, then any alert with a type not included in the list of disabled alert types is allowed. Default Value All alerts with types not included in the set of disabled alert types are allowed. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the SMTP Alert Handler implementation. Default Value org.opends.server.extensions.SMTPAlertHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AlertHandler Multi-valued No Required Yes Admin Action Required The Alert Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No message-body Description Specifies the body that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No message-subject Description Specifies the subject that should be used for email messages generated by this alert handler. The token "%%%%alert-type%%%%" is dynamically replaced with the alert type string. The token "%%%%alert-id%%%%" is dynamically replaced with the alert ID value. The token "%%%%alert-message%%%%" is dynamically replaced with the alert message. The token "\n" is replaced with an end-of-line marker. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No recipient-address Description Specifies an email address to which the messages should be sent. Multiple values may be provided if there should be more than one recipient. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No sender-address Description Specifies the email address to use as the sender for messages generated by this alert handler. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-backend(1) Name dsconfig create-backend - Creates Backends Synopsis dsconfig create-backend {options} Description Creates Backends. Options The dsconfig create-backend command takes the following options: --backend-name {STRING} The name of the new Backend which will also be used as the value of the "backend-id" property: Specifies a name to identify the associated backend. Backend properties depend on the Backend type, which depends on the {STRING} you provide. By default, OpenDJ directory server supports the following Backend types: backup-backend Default {STRING}: Backup Backend Enabled by default: true See Backup Backend for the properties of this Backend type. cas-backend Default {STRING}: CAS Backend Enabled by default: true See CAS Backend for the properties of this Backend type. jdbc-backend Default {STRING}: JDBC Backend Enabled by default: true See JDBC Backend for the properties of this Backend type. je-backend Default {STRING}: JE Backend Enabled by default: true See JE Backend for the properties of this Backend type. ldif-backend Default {STRING}: LDIF Backend Enabled by default: true See LDIF Backend for the properties of this Backend type. memory-backend Default {STRING}: Memory Backend Enabled by default: true See Memory Backend for the properties of this Backend type. monitor-backend Default {STRING}: Monitor Backend Enabled by default: true See Monitor Backend for the properties of this Backend type. null-backend Default {STRING}: Null Backend Enabled by default: true See Null Backend for the properties of this Backend type. pdb-backend Default {STRING}: PDB Backend Enabled by default: true See PDB Backend for the properties of this Backend type. schema-backend Default {STRING}: Schema Backend Enabled by default: true See Schema Backend for the properties of this Backend type. task-backend Default {STRING}: Task Backend Enabled by default: true See Task Backend for the properties of this Backend type. trust-store-backend Default {STRING}: Trust Store Backend Enabled by default: true See Trust Store Backend for the properties of this Backend type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Backend properties depend on the Backend type, which depends on the --backend-name {STRING} option. -t | --type {type} The type of Backend which should be created. The value for TYPE can be one of: backup | cas | custom | custom-local | jdbc | je | ldif | memory | monitor | null | pdb | schema | task | trust-store. Backend properties depend on the Backend type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Backend types: backup-backend Default {type}: Backup Backend Enabled by default: true See Backup Backend for the properties of this Backend type. cas-backend Default {type}: CAS Backend Enabled by default: true See CAS Backend for the properties of this Backend type. jdbc-backend Default {type}: JDBC Backend Enabled by default: true See JDBC Backend for the properties of this Backend type. je-backend Default {type}: JE Backend Enabled by default: true See JE Backend for the properties of this Backend type. ldif-backend Default {type}: LDIF Backend Enabled by default: true See LDIF Backend for the properties of this Backend type. memory-backend Default {type}: Memory Backend Enabled by default: true See Memory Backend for the properties of this Backend type. monitor-backend Default {type}: Monitor Backend Enabled by default: true See Monitor Backend for the properties of this Backend type. null-backend Default {type}: Null Backend Enabled by default: true See Null Backend for the properties of this Backend type. pdb-backend Default {type}: PDB Backend Enabled by default: true See PDB Backend for the properties of this Backend type. schema-backend Default {type}: Schema Backend Enabled by default: true See Schema Backend for the properties of this Backend type. task-backend Default {type}: Task Backend Enabled by default: true See Task Backend for the properties of this Backend type. trust-store-backend Default {type}: Trust Store Backend Enabled by default: true See Trust Store Backend for the properties of this Backend type. Backup Backend Backends of type backup-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes backup-directory Description Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.BackupBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value disabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No CAS Backend Backends of type cas-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No cipher-key-length Description Specifies the key length in bits for the preferred cipher. Default Value 128 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No cipher-transformation Description Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. Default Value AES/CBC/PKCS5Padding Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No compact-encoding Description Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property No Read-only No confidentiality-enabled Description Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-directory Description Specifies the keyspace name The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. Default Value ldap_opendj Allowed Values A String Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No entries-compressed Description Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No import-offheap-memory-size Description Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). Default Value Use only heap memory. Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-entry-limit Description Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. Default Value 4000 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required NoneIf any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. Advanced Property No Read-only No index-filter-analyzer-enabled Description Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-filter-analyzer-max-filters Description The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. Default Value 25 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.cassandra.Backend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No preload-time-limit Description Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. Default Value 0s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No JDBC Backend Backends of type jdbc-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No cipher-key-length Description Specifies the key length in bits for the preferred cipher. Default Value 128 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No cipher-transformation Description Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. Default Value AES/CBC/PKCS5Padding Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No compact-encoding Description Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property No Read-only No confidentiality-enabled Description Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-directory Description Specifies the connection string jdbc:postgresql://localhost/test Default Value jdbc:postgresql://localhost/test Allowed Values A String Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No entries-compressed Description Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No import-offheap-memory-size Description Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). Default Value Use only heap memory. Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-entry-limit Description Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. Default Value 4000 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required NoneIf any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. Advanced Property No Read-only No index-filter-analyzer-enabled Description Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-filter-analyzer-max-filters Description The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. Default Value 25 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.jdbc.Backend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No preload-time-limit Description Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. Default Value 0s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No JE Backend Backends of type je-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No cipher-key-length Description Specifies the key length in bits for the preferred cipher. Default Value 128 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No cipher-transformation Description Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. Default Value AES/CBC/PKCS5Padding Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No compact-encoding Description Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property No Read-only No confidentiality-enabled Description Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-cache-percent Description Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. Default Value 50 Allowed Values An integer value. Lower value is 1. Upper value is 90. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-cache-size Description The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. Default Value 0 MB Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-checkpointer-bytes-interval Description Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero. Default Value 500mb Allowed Values Upper value is 9223372036854775807. Multi-valued No Required No Admin Action Required Restart the server Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-checkpointer-wakeup-interval Description Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero. Default Value 30s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 seconds.Upper limit is 4294 seconds. Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-cleaner-min-utilization Description Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database. Default Value 50 Allowed Values An integer value. Lower value is 0. Upper value is 90. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-directory Description Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. Default Value db Allowed Values A String Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No db-directory-permissions Description Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. Default Value 700 Allowed Values Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). Multi-valued No Required No Admin Action Required Restart the server Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-evictor-core-threads Description Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. Default Value 1 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-evictor-keep-alive Description The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. Default Value 600s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 seconds.Upper limit is 86400 seconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-evictor-lru-only Description Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-evictor-max-threads Description Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool. Default Value 10 Allowed Values An integer value. Lower value is 1. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-evictor-nodes-per-scan Description Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application. Default Value 10 Allowed Values An integer value. Lower value is 1. Upper value is 1000. Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-log-file-max Description Specifies the maximum size for a database log file. Default Value 100mb Allowed Values Lower value is 1000000.Upper value is 4294967296. Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-log-filecache-size Description Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately. Default Value 100 Allowed Values An integer value. Lower value is 3. Upper value is 2147483647. Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-logging-file-handler-on Description Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-logging-level Description Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL. Default Value CONFIG Allowed Values A String Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-num-cleaner-threads Description Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization. Default Value Let the server decide. Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-num-lock-tables Description Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server. Default Value Let the server decide. Allowed Values An integer value. Lower value is 1. Upper value is 32767. Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-run-cleaner Description Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-txn-no-sync Description Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-txn-write-no-sync Description Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally). Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No disk-full-threshold Description Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. Default Value 100 megabytes Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No disk-low-threshold Description Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. Default Value 200 megabytes Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No entries-compressed Description Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No import-offheap-memory-size Description Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). Default Value Use only heap memory. Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-entry-limit Description Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. Default Value 4000 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required NoneIf any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. Advanced Property No Read-only No index-filter-analyzer-enabled Description Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-filter-analyzer-max-filters Description The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. Default Value 25 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.jeb.JEBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No je-property Description Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution. Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No preload-time-limit Description Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. Default Value 0s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No LDIF Backend Backends of type ldif-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No is-private-backend Description Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.LDIFBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No ldif-file Description Specifies the path to the LDIF file containing the data for this backend. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Memory Backend Backends of type memory-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.MemoryBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Monitor Backend Backends of type monitor-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.MonitorBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value disabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Null Backend Backends of type null-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.NullBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No PDB Backend Backends of type pdb-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No cipher-key-length Description Specifies the key length in bits for the preferred cipher. Default Value 128 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No cipher-transformation Description Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. Default Value AES/CBC/PKCS5Padding Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately but only affect cryptographic operations performed after the change. Advanced Property No Read-only No compact-encoding Description Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property No Read-only No confidentiality-enabled Description Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-cache-percent Description Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. Default Value 50 Allowed Values An integer value. Lower value is 1. Upper value is 90. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-cache-size Description The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. Default Value 0 MB Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No db-checkpointer-wakeup-interval Description Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time. Default Value 15s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 10 seconds.Upper limit is 3600 seconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-directory Description Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents. Default Value db Allowed Values A String Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No db-directory-permissions Description Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files. Default Value 700 Allowed Values Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory). Multi-valued No Required No Admin Action Required Restart the server Advanced Property Yes (Use --advanced in interactive mode.) Read-only No db-txn-no-sync Description Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server). Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No disk-full-threshold Description Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold. Default Value 100 megabytes Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No disk-low-threshold Description Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege. Default Value 200 megabytes Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No entries-compressed Description Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required NoneChanges to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No import-offheap-memory-size Description Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index). Default Value Use only heap memory. Allowed Values Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-entry-limit Description Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit. Default Value 4000 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required NoneIf any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit. Advanced Property No Read-only No index-filter-analyzer-enabled Description Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No index-filter-analyzer-max-filters Description The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted. Default Value 25 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.pdb.PDBBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No preload-time-limit Description Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load. Default Value 0s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Schema Backend Backends of type schema-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.SchemaBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No schema-entry-dn Description Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. Default Value cn=schema Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No show-all-attributes Description Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Task Backend Backends of type task-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.task.TaskBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No notification-sender-address Description Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution. Default Value The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running. Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No task-backing-file Description Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No task-retention-time Description Specifies the length of time that task entries should be retained after processing on the associated task has been completed. Default Value 24 hours Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Trust Store Backend Backends of type trust-store-backend have the following properties: backend-id Description Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes base-dn Description Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. Default Value None Allowed Values A valid DN. Multi-valued Yes Required Yes Admin Action Required NoneNo administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Advanced Property No Read-only No enabled Description Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the backend implementation. Default Value org.opends.server.backends.TrustStoreBackend Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Backend Multi-valued No Required Yes Admin Action Required The Backend must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No trust-store-file Description Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root. Default Value config/ads-truststore Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No trust-store-pin Description Specifies the clear-text PIN needed to access the Trust Store Backend . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Trust Store Backend is accessed. Advanced Property No Read-only No trust-store-pin-environment-variable Description Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Trust Store Backend is accessed. Advanced Property No Read-only No trust-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Trust Store Backend is accessed. Advanced Property No Read-only No trust-store-pin-property Description Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Trust Store Backend is accessed. Advanced Property No Read-only No trust-store-type Description Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. Default Value The JVM default value is used. Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property take effect the next time that the key manager is accessed. Advanced Property No Read-only No writability-mode Description Specifies the behavior that the backend should use when processing write operations. Default Value enabled Allowed Values disabled Causes all write attempts to fail. enabled Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). internal-only Causes external write attempts to fail but allows writes by replication and internal operations. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-backend-index(1) Name dsconfig create-backend-index - Creates Backend Indexes Synopsis dsconfig create-backend-index {options} Description Creates Backend Indexes. Options The dsconfig create-backend-index command takes the following options: --backend-name {name} The name of the Pluggable Backend. Backend Index properties depend on the Backend Index type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Backend Index types: backend-index Default {name}: Backend Index Enabled by default: false See Backend Index for the properties of this Backend Index type. --index-name {OID} The name of the new Backend Index which will also be used as the value of the "attribute" property: Specifies the name of the attribute for which the index is to be maintained. Backend Index properties depend on the Backend Index type, which depends on the {OID} you provide. By default, OpenDJ directory server supports the following Backend Index types: backend-index Default {OID}: Backend Index Enabled by default: false See Backend Index for the properties of this Backend Index type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Backend Index properties depend on the Backend Index type, which depends on the --index-name {OID} option. Backend Index Backend Indexes of type backend-index have the following properties: attribute Description Specifies the name of the attribute for which the index is to be maintained. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes confidentiality-enabled Description Specifies whether contents of the index should be confidential. Setting the flag to true will hash keys for equality type indexes using SHA-1 and encrypt the list of entries matching a substring key for substring indexes. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required If the index for the attribute must be protected for security purposes and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. The property cannot be set on a backend for which confidentiality is not enabled. Advanced Property No Read-only No index-entry-limit Description Specifies the maximum number of entries that are allowed to match a given index key before that particular index key is no longer maintained. This is analogous to the ALL IDs threshold in the Sun Java System Directory Server. If this is specified, its value overrides the JE backend-wide configuration. For no limit, use 0 for the value. Default Value 4000 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required If any index keys have already reached this limit, indexes must be rebuilt before they will be allowed to use the new limit. Advanced Property No Read-only No index-extensible-matching-rule Description The extensible matching rule in an extensible index. An extensible matching rule must be specified using either LOCALE or OID of the matching rule. Default Value No extensible matching rules will be indexed. Allowed Values A Locale or an OID. Multi-valued Yes Required No Admin Action Required The index must be rebuilt before it will reflect the new value. Advanced Property No Read-only No index-type Description Specifies the type(s) of indexing that should be performed for the associated attribute. For equality, presence, and substring index types, the associated attribute type must have a corresponding matching rule. Default Value None Allowed Values approximate This index type is used to improve the efficiency of searches using approximate matching search filters. equality This index type is used to improve the efficiency of searches using equality search filters. extensible This index type is used to improve the efficiency of searches using extensible matching search filters. ordering This index type is used to improve the efficiency of searches using "greater than or equal to" or "less then or equal to" search filters. presence This index type is used to improve the efficiency of searches using the presence search filters. substring This index type is used to improve the efficiency of searches using substring search filters. Multi-valued Yes Required Yes Admin Action Required If any new index types are added for an attribute, and values for that attribute already exist in the database, the index must be rebuilt before it will be accurate. Advanced Property No Read-only No substring-length Description The length of substrings in a substring index. Default Value 6 Allowed Values An integer value. Lower value is 3. Multi-valued No Required No Admin Action Required The index must be rebuilt before it will reflect the new value. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-backend-vlv-index(1) Name dsconfig create-backend-vlv-index - Creates Backend VLV Indexes Synopsis dsconfig create-backend-vlv-index {options} Description Creates Backend VLV Indexes. Options The dsconfig create-backend-vlv-index command takes the following options: --backend-name {name} The name of the Pluggable Backend. Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Backend VLV Index types: backend-vlv-index Default {name}: Backend VLV Index Enabled by default: false See Backend VLV Index for the properties of this Backend VLV Index type. --index-name {STRING} The name of the new Backend VLV Index which will also be used as the value of the "name" property: Specifies a unique name for this VLV index. Backend VLV Index properties depend on the Backend VLV Index type, which depends on the {STRING} you provide. By default, OpenDJ directory server supports the following Backend VLV Index types: backend-vlv-index Default {STRING}: Backend VLV Index Enabled by default: false See Backend VLV Index for the properties of this Backend VLV Index type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Backend VLV Index properties depend on the Backend VLV Index type, which depends on the --index-name {STRING} option. Backend VLV Index Backend VLV Indexes of type backend-vlv-index have the following properties: base-dn Description Specifies the base DN used in the search query that is being indexed. Default Value None Allowed Values A valid DN. Multi-valued No Required Yes Admin Action Required The index must be rebuilt after modifying this property. Advanced Property No Read-only No filter Description Specifies the LDAP filter used in the query that is being indexed. Default Value None Allowed Values A valid LDAP search filter. Multi-valued No Required Yes Admin Action Required The index must be rebuilt after modifying this property. Advanced Property No Read-only No name Description Specifies a unique name for this VLV index. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required NoneThe VLV index name cannot be altered after the index is created. Advanced Property No Read-only Yes scope Description Specifies the LDAP scope of the query that is being indexed. Default Value None Allowed Values base-object Search the base object only. single-level Search the immediate children of the base object but do not include any of their descendants or the base object itself. subordinate-subtree Search the entire subtree below the base object but do not include the base object itself. whole-subtree Search the base object and the entire subtree below the base object. Multi-valued No Required Yes Admin Action Required The index must be rebuilt after modifying this property. Advanced Property No Read-only No sort-order Description Specifies the names of the attributes that are used to sort the entries for the query being indexed. Multiple attributes can be used to determine the sort order by listing the attribute names from highest to lowest precedence. Optionally, + or - can be prefixed to the attribute name to sort the attribute in ascending order or descending order respectively. Default Value None Allowed Values Valid attribute types defined in the schema, separated by a space and optionally prefixed by + or -. Multi-valued No Required Yes Admin Action Required The index must be rebuilt after modifying this property. Advanced Property No Read-only No dsconfig create-certificate-mapper(1) Name dsconfig create-certificate-mapper - Creates Certificate Mappers Synopsis dsconfig create-certificate-mapper {options} Description Creates Certificate Mappers. Options The dsconfig create-certificate-mapper command takes the following options: --mapper-name {name} The name of the new Certificate Mapper. Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Certificate Mapper types: fingerprint-certificate-mapper Default {name}: Fingerprint Certificate Mapper Enabled by default: true See Fingerprint Certificate Mapper for the properties of this Certificate Mapper type. subject-attribute-to-user-attribute-certificate-mapper Default {name}: Subject Attribute To User Attribute Certificate Mapper Enabled by default: true See Subject Attribute To User Attribute Certificate Mapper for the properties of this Certificate Mapper type. subject-dn-to-user-attribute-certificate-mapper Default {name}: Subject DN To User Attribute Certificate Mapper Enabled by default: true See Subject DN To User Attribute Certificate Mapper for the properties of this Certificate Mapper type. subject-equals-dn-certificate-mapper Default {name}: Subject Equals DN Certificate Mapper Enabled by default: true See Subject Equals DN Certificate Mapper for the properties of this Certificate Mapper type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Certificate Mapper properties depend on the Certificate Mapper type, which depends on the --mapper-name {name} option. -t | --type {type} The type of Certificate Mapper which should be created. The value for TYPE can be one of: custom | fingerprint | subject-attribute-to-user-attribute | subject-dn-to-user-attribute | subject-equals-dn. Certificate Mapper properties depend on the Certificate Mapper type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Certificate Mapper types: fingerprint-certificate-mapper Default {type}: Fingerprint Certificate Mapper Enabled by default: true See Fingerprint Certificate Mapper for the properties of this Certificate Mapper type. subject-attribute-to-user-attribute-certificate-mapper Default {type}: Subject Attribute To User Attribute Certificate Mapper Enabled by default: true See Subject Attribute To User Attribute Certificate Mapper for the properties of this Certificate Mapper type. subject-dn-to-user-attribute-certificate-mapper Default {type}: Subject DN To User Attribute Certificate Mapper Enabled by default: true See Subject DN To User Attribute Certificate Mapper for the properties of this Certificate Mapper type. subject-equals-dn-certificate-mapper Default {type}: Subject Equals DN Certificate Mapper Enabled by default: true See Subject Equals DN Certificate Mapper for the properties of this Certificate Mapper type. Fingerprint Certificate Mapper Certificate Mappers of type fingerprint-certificate-mapper have the following properties: enabled Description Indicates whether the Certificate Mapper is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No fingerprint-algorithm Description Specifies the name of the digest algorithm to compute the fingerprint of client certificates. Default Value None Allowed Values md5 Use the MD5 digest algorithm to compute certificate fingerprints. sha1 Use the SHA-1 digest algorithm to compute certificate fingerprints. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No fingerprint-attribute Description Specifies the attribute in which to look for the fingerprint. Values of the fingerprint attribute should exactly match the MD5 or SHA1 representation of the certificate fingerprint. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Fingerprint Certificate Mapper implementation. Default Value org.opends.server.extensions.FingerprintCertificateMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper Multi-valued No Required Yes Admin Action Required The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No user-base-dn Description Specifies the set of base DNs below which to search for users. The base DNs are used when performing searches to map the client certificates to a user entry. Default Value The server performs the search in all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No Subject Attribute To User Attribute Certificate Mapper Certificate Mappers of type subject-attribute-to-user-attribute-certificate-mapper have the following properties: enabled Description Indicates whether the Certificate Mapper is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Subject Attribute To User Attribute Certificate Mapper implementation. Default Value org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper Multi-valued No Required Yes Admin Action Required The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No subject-attribute-mapping Description Specifies a mapping between certificate attributes and user attributes. Each value should be in the form "certattr:userattr" where certattr is the name of the attribute in the certificate subject and userattr is the name of the corresponding attribute in user entries. There may be multiple mappings defined, and when performing the mapping values for all attributes present in the certificate subject that have mappings defined must be present in the corresponding user entries. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No user-base-dn Description Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. Default Value The server will perform the search in all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No Subject DN To User Attribute Certificate Mapper Certificate Mappers of type subject-dn-to-user-attribute-certificate-mapper have the following properties: enabled Description Indicates whether the Certificate Mapper is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Subject DN To User Attribute Certificate Mapper implementation. Default Value org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper Multi-valued No Required Yes Admin Action Required The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No subject-attribute Description Specifies the name or OID of the attribute whose value should exactly match the certificate subject DN. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No user-base-dn Description Specifies the base DNs that should be used when performing searches to map the client certificate to a user entry. Default Value The server will perform the search in all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No Subject Equals DN Certificate Mapper Certificate Mappers of type subject-equals-dn-certificate-mapper have the following properties: enabled Description Indicates whether the Certificate Mapper is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Subject Equals DN Certificate Mapper implementation. Default Value org.opends.server.extensions.SubjectEqualsDNCertificateMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.CertificateMapper Multi-valued No Required Yes Admin Action Required The Certificate Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-connection-handler(1) Name dsconfig create-connection-handler - Creates Connection Handlers Synopsis dsconfig create-connection-handler {options} Description Creates Connection Handlers. Options The dsconfig create-connection-handler command takes the following options: --handler-name {name} The name of the new Connection Handler. Connection Handler properties depend on the Connection Handler type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Connection Handler types: http-connection-handler Default {name}: HTTP Connection Handler Enabled by default: true See HTTP Connection Handler for the properties of this Connection Handler type. jmx-connection-handler Default {name}: JMX Connection Handler Enabled by default: true See JMX Connection Handler for the properties of this Connection Handler type. ldap-connection-handler Default {name}: LDAP Connection Handler Enabled by default: true See LDAP Connection Handler for the properties of this Connection Handler type. ldif-connection-handler Default {name}: LDIF Connection Handler Enabled by default: true See LDIF Connection Handler for the properties of this Connection Handler type. snmp-connection-handler Default {name}: SNMP Connection Handler Enabled by default: true See SNMP Connection Handler for the properties of this Connection Handler type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Connection Handler properties depend on the Connection Handler type, which depends on the --handler-name {name} option. -t | --type {type} The type of Connection Handler which should be created. The value for TYPE can be one of: custom | http | jmx | ldap | ldif | snmp. Connection Handler properties depend on the Connection Handler type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Connection Handler types: http-connection-handler Default {type}: HTTP Connection Handler Enabled by default: true See HTTP Connection Handler for the properties of this Connection Handler type. jmx-connection-handler Default {type}: JMX Connection Handler Enabled by default: true See JMX Connection Handler for the properties of this Connection Handler type. ldap-connection-handler Default {type}: LDAP Connection Handler Enabled by default: true See LDAP Connection Handler for the properties of this Connection Handler type. ldif-connection-handler Default {type}: LDIF Connection Handler Enabled by default: true See LDIF Connection Handler for the properties of this Connection Handler type. snmp-connection-handler Default {type}: SNMP Connection Handler Enabled by default: true See SNMP Connection Handler for the properties of this Connection Handler type. HTTP Connection Handler Connection Handlers of type http-connection-handler have the following properties: accept-backlog Description Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. Default Value 128 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allow-tcp-reuse-address Description Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allowed-client Description Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No buffer-size Description Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing. Default Value 4096 bytes Allowed Values Lower value is 1.Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No denied-client Description Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Default Value If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No enabled Description Indicates whether the Connection Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation. Default Value org.opends.server.protocols.http.HTTPConnectionHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No keep-stats Description Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No key-manager-provider Description Specifies the name of the key manager that should be used with this HTTP Connection Handler . Default Value None Allowed Values The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. Advanced Property No Read-only No listen-address Description Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces. Default Value 0.0.0.0 Allowed Values An IP address Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No listen-port Description Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided. Default Value None Allowed Values An integer value. Lower value is 1. Upper value is 65535. Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No max-blocked-write-time-limit Description Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. Default Value 2 minutes Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No max-concurrent-ops-per-connection Description Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced. Default Value Let the server decide. Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No max-request-size Description Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. Default Value 5 megabytes Allowed Values Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No num-request-handlers Description Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. Default Value Let the server decide. Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No ssl-cert-nickname Description Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL. Default Value Let the server decide. Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No ssl-cipher-suite Description Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. Default Value Uses the default set of SSL cipher suites provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. Advanced Property No Read-only No ssl-client-auth-policy Description Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. Default Value optional Allowed Values disabled Clients must not provide their own certificates when performing SSL negotiation. optional Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. required Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No ssl-protocol Description Specifies the names of the SSL protocols that are allowed for use in SSL communication. Default Value Uses the default set of SSL protocols provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. Advanced Property No Read-only No trust-manager-provider Description Specifies the name of the trust manager that should be used with the HTTP Connection Handler . Default Value Use the trust manager provided by the JVM. Allowed Values The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. Advanced Property No Read-only No use-ssl Description Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No use-tcp-keep-alive Description Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No use-tcp-no-delay Description Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No JMX Connection Handler Connection Handlers of type jmx-connection-handler have the following properties: allowed-client Description Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No denied-client Description Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Default Value If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No enabled Description Indicates whether the Connection Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation. Default Value org.opends.server.protocols.jmx.JmxConnectionHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-manager-provider Description Specifies the name of the key manager that should be used with this JMX Connection Handler . Default Value None Allowed Values The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. Advanced Property No Read-only No listen-address Description Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces. Default Value 0.0.0.0 Allowed Values An IP address Multi-valued No Required No Admin Action Required Restart the server Advanced Property No Read-only No listen-port Description Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided. Default Value None Allowed Values An integer value. Lower value is 1. Upper value is 65535. Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No rmi-port Description Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own. Default Value 0 Allowed Values An integer value. Lower value is 0. Upper value is 65535. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No ssl-cert-nickname Description Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL. Default Value Let the server decide. Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No use-ssl Description Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No LDAP Connection Handler Connection Handlers of type ldap-connection-handler have the following properties: accept-backlog Description Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established. Default Value 128 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allow-ldap-v2 Description Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No allow-start-tls Description Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No allow-tcp-reuse-address Description Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allowed-client Description Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No buffer-size Description Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing. Default Value 4096 bytes Allowed Values Lower value is 1.Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No denied-client Description Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Default Value If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No enabled Description Indicates whether the Connection Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation. Default Value org.opends.server.protocols.ldap.LDAPConnectionHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No keep-stats Description Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No key-manager-provider Description Specifies the name of the key manager that should be used with this LDAP Connection Handler . Default Value None Allowed Values The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections. Advanced Property No Read-only No listen-address Description Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces. Default Value 0.0.0.0 Allowed Values An IP address Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No listen-port Description Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided. Default Value None Allowed Values An integer value. Lower value is 1. Upper value is 65535. Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No max-blocked-write-time-limit Description Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated. Default Value 2 minutes Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No max-request-size Description Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory. Default Value 5 megabytes Allowed Values Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No num-request-handlers Description Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time. Default Value Let the server decide. Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No send-rejection-notice Description Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No ssl-cert-nickname Description Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL. Default Value Let the server decide. Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No ssl-cipher-suite Description Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication. Default Value Uses the default set of SSL cipher suites provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. Advanced Property No Read-only No ssl-client-auth-policy Description Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL. Default Value optional Allowed Values disabled Clients must not provide their own certificates when performing SSL negotiation. optional Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate. required Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No ssl-protocol Description Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. Default Value Uses the default set of SSL protocols provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. Advanced Property No Read-only No trust-manager-provider Description Specifies the name of the trust manager that should be used with the LDAP Connection Handler . Default Value Use the trust manager provided by the JVM. Allowed Values The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections. Advanced Property No Read-only No use-ssl Description Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No use-tcp-keep-alive Description Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No use-tcp-no-delay Description Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No LDIF Connection Handler Connection Handlers of type ldif-connection-handler have the following properties: allowed-client Description Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No denied-client Description Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Default Value If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No enabled Description Indicates whether the Connection Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation. Default Value org.opends.server.protocols.LDIFConnectionHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No ldif-directory Description Specifies the path to the directory in which the LDIF files should be placed. Default Value config/auto-process-ldif Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No poll-interval Description Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added. Default Value 5 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No SNMP Connection Handler Connection Handlers of type snmp-connection-handler have the following properties: allowed-client Description Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Default Value All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No allowed-manager Description Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers. Default Value * Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No allowed-user Description Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users. Default Value * Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No community Description Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set. Default Value OpenDJ Allowed Values A String Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No denied-client Description Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Default Value If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. Allowed Values An IP address mask Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately and do not interfere with connections that may have already been established. Advanced Property No Read-only No enabled Description Indicates whether the Connection Handler is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation. Default Value org.opends.server.snmp.SNMPConnectionHandler Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No listen-address Description Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces. Default Value 0.0.0.0 Allowed Values An IP address Multi-valued Yes Required No Admin Action Required Restart the server Advanced Property No Read-only Yes listen-port Description Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided. Default Value None Allowed Values An integer value. Lower value is 1. Upper value is 65535. Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No opendmk-jarfile Description Indicates the OpenDMK runtime jar file location Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No registered-mbean Description Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No security-agent-file Description Specifies the USM security configuration to receive authenticated only SNMP requests. Default Value config/snmp/security/opendj-snmp.security Allowed Values A String Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No security-level Description Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration. Default Value authnopriv Allowed Values authnopriv Authentication activated with no privacy. authpriv Authentication with privacy activated. noauthnopriv No security mechanisms activated. Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No trap-port Description Specifies the port to use to send SNMP Traps. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required Yes Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No traps-community Description Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3. Default Value OpenDJ Allowed Values A String Multi-valued No Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No traps-destination Description Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess. Default Value If the list is empty, V1 traps are sent to "localhost". Allowed Values A String Multi-valued Yes Required No Admin Action Required The Connection Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No dsconfig create-debug-target(1) Name dsconfig create-debug-target - Creates Debug Targets Synopsis dsconfig create-debug-target {options} Description Creates Debug Targets. Options The dsconfig create-debug-target command takes the following options: --publisher-name {name} The name of the Debug Log Publisher. Debug Target properties depend on the Debug Target type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Debug Target types: debug-target Default {name}: Debug Target Enabled by default: true See Debug Target for the properties of this Debug Target type. --target-name {STRING} The name of the new Debug Target which will also be used as the value of the "debug-scope" property: Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). Debug Target properties depend on the Debug Target type, which depends on the {STRING} you provide. By default, OpenDJ directory server supports the following Debug Target types: debug-target Default {STRING}: Debug Target Enabled by default: true See Debug Target for the properties of this Debug Target type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Debug Target properties depend on the Debug Target type, which depends on the --target-name {STRING} option. Debug Target Debug Targets of type debug-target have the following properties: debug-exceptions-only Description Indicates whether only logs with exception should be logged. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No debug-scope Description Specifies the fully-qualified OpenDJ Java package, class, or method affected by the settings in this target definition. Use the number character (#) to separate the class name and the method name (that is, org.opends.server.core.DirectoryServer#startUp). Default Value None Allowed Values The fully-qualified OpenDJ Java package, class, or method name. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes enabled Description Indicates whether the Debug Target is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No include-throwable-cause Description Specifies the property to indicate whether to include the cause of exceptions in exception thrown and caught messages. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No omit-method-entry-arguments Description Specifies the property to indicate whether to include method arguments in debug messages. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No omit-method-return-value Description Specifies the property to indicate whether to include the return value in debug messages. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No throwable-stack-frames Description Specifies the property to indicate the number of stack frames to include in the stack trace for method entry and exception thrown messages. Default Value 0 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No dsconfig create-entry-cache(1) Name dsconfig create-entry-cache - Creates Entry Caches Synopsis dsconfig create-entry-cache {options} Description Creates Entry Caches. Options The dsconfig create-entry-cache command takes the following options: --cache-name {name} The name of the new Entry Cache. Entry Cache properties depend on the Entry Cache type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Entry Cache types: fifo-entry-cache Default {name}: FIFO Entry Cache Enabled by default: true See FIFO Entry Cache for the properties of this Entry Cache type. soft-reference-entry-cache Default {name}: Soft Reference Entry Cache Enabled by default: true See Soft Reference Entry Cache for the properties of this Entry Cache type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Entry Cache properties depend on the Entry Cache type, which depends on the --cache-name {name} option. -t | --type {type} The type of Entry Cache which should be created. The value for TYPE can be one of: custom | fifo | soft-reference. Entry Cache properties depend on the Entry Cache type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Entry Cache types: fifo-entry-cache Default {type}: FIFO Entry Cache Enabled by default: true See FIFO Entry Cache for the properties of this Entry Cache type. soft-reference-entry-cache Default {type}: Soft Reference Entry Cache Enabled by default: true See Soft Reference Entry Cache for the properties of this Entry Cache type. FIFO Entry Cache Entry Caches of type fifo-entry-cache have the following properties: cache-level Description Specifies the cache level in the cache order if more than one instance of the cache is configured. Default Value None Allowed Values An integer value. Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Entry Cache is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No exclude-filter Description The set of filters that define the entries that should be excluded from the cache. Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No include-filter Description The set of filters that define the entries that should be included in the cache. Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the FIFO Entry Cache implementation. Default Value org.opends.server.extensions.FIFOEntryCache Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.EntryCache Multi-valued No Required Yes Admin Action Required The Entry Cache must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No lock-timeout Description Specifies the length of time to wait while attempting to acquire a read or write lock. Default Value 2000.0ms Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No max-entries Description Specifies the maximum number of entries that we will allow in the cache. Default Value 2147483647 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No max-memory-percent Description Specifies the maximum percentage of JVM memory used by the server before the entry caches stops caching and begins purging itself. Very low settings such as 10 or 20 (percent) can prevent this entry cache from having enough space to hold any of the entries to cache, making it appear that the server is ignoring or skipping the entry cache entirely. Default Value 90 Allowed Values An integer value. Lower value is 1. Upper value is 100. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No Soft Reference Entry Cache Entry Caches of type soft-reference-entry-cache have the following properties: cache-level Description Specifies the cache level in the cache order if more than one instance of the cache is configured. Default Value None Allowed Values An integer value. Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Entry Cache is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No exclude-filter Description The set of filters that define the entries that should be excluded from the cache. Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No include-filter Description The set of filters that define the entries that should be included in the cache. Default Value None Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Soft Reference Entry Cache implementation. Default Value org.opends.server.extensions.SoftReferenceEntryCache Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.EntryCache Multi-valued No Required Yes Admin Action Required The Entry Cache must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No lock-timeout Description Specifies the length of time in milliseconds to wait while attempting to acquire a read or write lock. Default Value 3000ms Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> A value of "-1" or "unlimited" for no limit. Lower limit is 0 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-extended-operation-handler(1) Name dsconfig create-extended-operation-handler - Creates Extended Operation Handlers Synopsis dsconfig create-extended-operation-handler {options} Description Creates Extended Operation Handlers. Options The dsconfig create-extended-operation-handler command takes the following options: --handler-name {name} The name of the new Extended Operation Handler. Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Extended Operation Handler types: cancel-extended-operation-handler Default {name}: Cancel Extended Operation Handler Enabled by default: true See Cancel Extended Operation Handler for the properties of this Extended Operation Handler type. get-connection-id-extended-operation-handler Default {name}: Get Connection Id Extended Operation Handler Enabled by default: true See Get Connection Id Extended Operation Handler for the properties of this Extended Operation Handler type. get-symmetric-key-extended-operation-handler Default {name}: Get Symmetric Key Extended Operation Handler Enabled by default: true See Get Symmetric Key Extended Operation Handler for the properties of this Extended Operation Handler type. password-modify-extended-operation-handler Default {name}: Password Modify Extended Operation Handler Enabled by default: true See Password Modify Extended Operation Handler for the properties of this Extended Operation Handler type. password-policy-state-extended-operation-handler Default {name}: Password Policy State Extended Operation Handler Enabled by default: true See Password Policy State Extended Operation Handler for the properties of this Extended Operation Handler type. start-tls-extended-operation-handler Default {name}: Start TLS Extended Operation Handler Enabled by default: true See Start TLS Extended Operation Handler for the properties of this Extended Operation Handler type. who-am-i-extended-operation-handler Default {name}: Who Am I Extended Operation Handler Enabled by default: true See Who Am I Extended Operation Handler for the properties of this Extended Operation Handler type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the --handler-name {name} option. -t | --type {type} The type of Extended Operation Handler which should be created. The value for TYPE can be one of: cancel | custom | get-connection-id | get-symmetric-key | password-modify | password-policy-state | start-tls | who-am-i. Extended Operation Handler properties depend on the Extended Operation Handler type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Extended Operation Handler types: cancel-extended-operation-handler Default {type}: Cancel Extended Operation Handler Enabled by default: true See Cancel Extended Operation Handler for the properties of this Extended Operation Handler type. get-connection-id-extended-operation-handler Default {type}: Get Connection Id Extended Operation Handler Enabled by default: true See Get Connection Id Extended Operation Handler for the properties of this Extended Operation Handler type. get-symmetric-key-extended-operation-handler Default {type}: Get Symmetric Key Extended Operation Handler Enabled by default: true See Get Symmetric Key Extended Operation Handler for the properties of this Extended Operation Handler type. password-modify-extended-operation-handler Default {type}: Password Modify Extended Operation Handler Enabled by default: true See Password Modify Extended Operation Handler for the properties of this Extended Operation Handler type. password-policy-state-extended-operation-handler Default {type}: Password Policy State Extended Operation Handler Enabled by default: true See Password Policy State Extended Operation Handler for the properties of this Extended Operation Handler type. start-tls-extended-operation-handler Default {type}: Start TLS Extended Operation Handler Enabled by default: true See Start TLS Extended Operation Handler for the properties of this Extended Operation Handler type. who-am-i-extended-operation-handler Default {type}: Who Am I Extended Operation Handler Enabled by default: true See Who Am I Extended Operation Handler for the properties of this Extended Operation Handler type. Cancel Extended Operation Handler Extended Operation Handlers of type cancel-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Cancel Extended Operation Handler implementation. Default Value org.opends.server.extensions.CancelExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Get Connection Id Extended Operation Handler Extended Operation Handlers of type get-connection-id-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Get Connection Id Extended Operation Handler implementation. Default Value org.opends.server.extensions.GetConnectionIDExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Get Symmetric Key Extended Operation Handler Extended Operation Handlers of type get-symmetric-key-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Get Symmetric Key Extended Operation Handler implementation. Default Value org.opends.server.crypto.GetSymmetricKeyExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Password Modify Extended Operation Handler Extended Operation Handlers of type password-modify-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description Specifies the name of the identity mapper that should be used in conjunction with the password modify extended operation. This property is used to identify a user based on an authorization ID in the 'u:' form. Changes to this property take effect immediately. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Password Modify Extended Operation Handler is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Password Modify Extended Operation Handler implementation. Default Value org.opends.server.extensions.PasswordModifyExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Password Policy State Extended Operation Handler Extended Operation Handlers of type password-policy-state-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Password Policy State Extended Operation Handler implementation. Default Value org.opends.server.extensions.PasswordPolicyStateExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Start TLS Extended Operation Handler Extended Operation Handlers of type start-tls-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Start TLS Extended Operation Handler implementation. Default Value org.opends.server.extensions.StartTLSExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Who Am I Extended Operation Handler Extended Operation Handlers of type who-am-i-extended-operation-handler have the following properties: enabled Description Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Who Am I Extended Operation Handler implementation. Default Value org.opends.server.extensions.WhoAmIExtendedOperation Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.ExtendedOperationHandler Multi-valued No Required Yes Admin Action Required The Extended Operation Handler must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-group-implementation(1) Name dsconfig create-group-implementation - Creates Group Implementations Synopsis dsconfig create-group-implementation {options} Description Creates Group Implementations. Options The dsconfig create-group-implementation command takes the following options: --implementation-name {name} The name of the new Group Implementation. Group Implementation properties depend on the Group Implementation type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Group Implementation types: dynamic-group-implementation Default {name}: Dynamic Group Implementation Enabled by default: true See Dynamic Group Implementation for the properties of this Group Implementation type. static-group-implementation Default {name}: Static Group Implementation Enabled by default: true See Static Group Implementation for the properties of this Group Implementation type. virtual-static-group-implementation Default {name}: Virtual Static Group Implementation Enabled by default: true See Virtual Static Group Implementation for the properties of this Group Implementation type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Group Implementation properties depend on the Group Implementation type, which depends on the --implementation-name {name} option. -t | --type {type} The type of Group Implementation which should be created. The value for TYPE can be one of: custom | dynamic | static | virtual-static. Group Implementation properties depend on the Group Implementation type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Group Implementation types: dynamic-group-implementation Default {type}: Dynamic Group Implementation Enabled by default: true See Dynamic Group Implementation for the properties of this Group Implementation type. static-group-implementation Default {type}: Static Group Implementation Enabled by default: true See Static Group Implementation for the properties of this Group Implementation type. virtual-static-group-implementation Default {type}: Virtual Static Group Implementation Enabled by default: true See Virtual Static Group Implementation for the properties of this Group Implementation type. Dynamic Group Implementation Group Implementations of type dynamic-group-implementation have the following properties: enabled Description Indicates whether the Group Implementation is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Dynamic Group Implementation implementation. Default Value org.opends.server.extensions.DynamicGroup Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Group Multi-valued No Required Yes Admin Action Required The Group Implementation must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Static Group Implementation Group Implementations of type static-group-implementation have the following properties: enabled Description Indicates whether the Group Implementation is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Static Group Implementation implementation. Default Value org.opends.server.extensions.StaticGroup Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Group Multi-valued No Required Yes Admin Action Required The Group Implementation must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Virtual Static Group Implementation Group Implementations of type virtual-static-group-implementation have the following properties: enabled Description Indicates whether the Group Implementation is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Virtual Static Group Implementation implementation. Default Value org.opends.server.extensions.VirtualStaticGroup Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.Group Multi-valued No Required Yes Admin Action Required The Group Implementation must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-http-authorization-mechanism(1) Name dsconfig create-http-authorization-mechanism - Creates HTTP Authorization Mechanisms Synopsis dsconfig create-http-authorization-mechanism {options} Description Creates HTTP Authorization Mechanisms. Options The dsconfig create-http-authorization-mechanism command takes the following options: --mechanism-name {name} The name of the new HTTP Authorization Mechanism. HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: http-anonymous-authorization-mechanism Default {name}: HTTP Anonymous Authorization Mechanism Enabled by default: true See HTTP Anonymous Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-basic-authorization-mechanism Default {name}: HTTP Basic Authorization Mechanism Enabled by default: true See HTTP Basic Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-cts-authorization-mechanism Default {name}: HTTP Oauth2 Cts Authorization Mechanism Enabled by default: true See HTTP Oauth2 Cts Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-file-authorization-mechanism Default {name}: HTTP Oauth2 File Authorization Mechanism Enabled by default: true See HTTP Oauth2 File Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-openam-authorization-mechanism Default {name}: HTTP Oauth2 Openam Authorization Mechanism Enabled by default: true See HTTP Oauth2 Openam Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-token-introspection-authorization-mechanism Default {name}: HTTP Oauth2 Token Introspection Authorization Mechanism Enabled by default: true See HTTP Oauth2 Token Introspection Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the --mechanism-name {name} option. -t | --type {type} The type of HTTP Authorization Mechanism which should be created. The value for TYPE can be one of: http-anonymous-authorization-mechanism | http-basic-authorization-mechanism | http-oauth2-cts-authorization-mechanism | http-oauth2-file-authorization-mechanism | http-oauth2-openam-authorization-mechanism | http-oauth2-token-introspection-authorization-mechanism. HTTP Authorization Mechanism properties depend on the HTTP Authorization Mechanism type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following HTTP Authorization Mechanism types: http-anonymous-authorization-mechanism Default {type}: HTTP Anonymous Authorization Mechanism Enabled by default: true See HTTP Anonymous Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-basic-authorization-mechanism Default {type}: HTTP Basic Authorization Mechanism Enabled by default: true See HTTP Basic Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-cts-authorization-mechanism Default {type}: HTTP Oauth2 Cts Authorization Mechanism Enabled by default: true See HTTP Oauth2 Cts Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-file-authorization-mechanism Default {type}: HTTP Oauth2 File Authorization Mechanism Enabled by default: true See HTTP Oauth2 File Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-openam-authorization-mechanism Default {type}: HTTP Oauth2 Openam Authorization Mechanism Enabled by default: true See HTTP Oauth2 Openam Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. http-oauth2-token-introspection-authorization-mechanism Default {type}: HTTP Oauth2 Token Introspection Authorization Mechanism Enabled by default: true See HTTP Oauth2 Token Introspection Authorization Mechanism for the properties of this HTTP Authorization Mechanism type. HTTP Anonymous Authorization Mechanism HTTP Authorization Mechanisms of type http-anonymous-authorization-mechanism have the following properties: enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Anonymous Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpAnonymousAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No user-dn Description The authorization DN which will be used for performing anonymous operations. Default Value By default, operations will be performed using an anonymously bound connection. Allowed Values A valid DN. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No HTTP Basic Authorization Mechanism HTTP Authorization Mechanisms of type http-basic-authorization-mechanism have the following properties: alt-authentication-enabled Description Specifies whether user credentials may be provided using alternative headers to the standard 'Authorize' header. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No alt-password-header Description Alternate HTTP headers to get the user's password from. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No alt-username-header Description Alternate HTTP headers to get the user's name from. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description > Specifies the name of the identity mapper used to get the user's entry corresponding to the user-id provided in the HTTP authentication header. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Basic Authorization Mechanism is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Basic Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpBasicAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No HTTP Oauth2 Cts Authorization Mechanism HTTP Authorization Mechanisms of type http-oauth2-cts-authorization-mechanism have the following properties: access-token-cache-enabled Description Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No access-token-cache-expiration Description Token cache expiration Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No authzid-json-pointer Description Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No base-dn Description The base DN of the Core Token Service where access token are stored. (example: ou=famrecords,ou=openam-session,ou=tokens,dc=example,dc=com) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description > Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Cts Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpOAuth2CtsAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No required-scope Description Scopes required to grant access to the service. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No HTTP Oauth2 File Authorization Mechanism HTTP Authorization Mechanisms of type http-oauth2-file-authorization-mechanism have the following properties: access-token-cache-enabled Description Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No access-token-cache-expiration Description Token cache expiration Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No access-token-directory Description Directory containing token files. File names must be equal to the token strings. The file content must a JSON object with the following attributes: 'scope', 'expireTime' and all the field(s) needed to resolve the authzIdTemplate. Default Value oauth2-demo/ Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No authzid-json-pointer Description Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description > Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 File Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpOAuth2FileAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No required-scope Description Scopes required to grant access to the service. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No HTTP Oauth2 Openam Authorization Mechanism HTTP Authorization Mechanisms of type http-oauth2-openam-authorization-mechanism have the following properties: access-token-cache-enabled Description Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No access-token-cache-expiration Description Token cache expiration Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No authzid-json-pointer Description Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description > Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Openam Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpOAuth2OpenAmAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-manager-provider Description Specifies the name of the key manager that should be used with this HTTP Oauth2 Openam Authorization Mechanism . Default Value By default the system key manager(s) will be used. Allowed Values The DN of any Key Manager Provider. The referenced key manager provider must be enabled. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent requests to the authorization server. Advanced Property No Read-only No required-scope Description Scopes required to grant access to the service. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No token-info-url Description Defines the OpenAM endpoint URL where the access-token resolution request should be sent. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No trust-manager-provider Description Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. Default Value By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. Allowed Values The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only impact subsequent SSL connection negotiations. Advanced Property No Read-only No HTTP Oauth2 Token Introspection Authorization Mechanism HTTP Authorization Mechanisms of type http-oauth2-token-introspection-authorization-mechanism have the following properties: access-token-cache-enabled Description Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No access-token-cache-expiration Description Token cache expiration Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No authzid-json-pointer Description Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No client-id Description Client's ID to use during the HTTP basic authentication against the authorization server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No client-secret Description Client's secret to use during the HTTP basic authentication against the authorization server. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Authorization Mechanism is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No identity-mapper Description > Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token. Default Value None Allowed Values The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation. Default Value org.opends.server.protocols.http.authz.HttpOAuth2TokenIntrospectionAuthorizationMechanism Allowed Values A Java class that implements or extends the class(es): org.opends.server.protocols.http.authz.HttpAuthorizationMechanism Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-manager-provider Description Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism . Default Value None Allowed Values The DN of any Key Manager Provider. The referenced key manager provider must be enabled. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only for subsequent requests to the authorization server. Advanced Property No Read-only No required-scope Description Scopes required to grant access to the service. Default Value None Allowed Values A String Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No token-introspection-url Description Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect) Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No trust-manager-provider Description Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server. Default Value By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. Allowed Values The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only impact subsequent SSL connection negotiations. Advanced Property No Read-only No dsconfig create-http-endpoint(1) Name dsconfig create-http-endpoint - Creates HTTP Endpoints Synopsis dsconfig create-http-endpoint {options} Description Creates HTTP Endpoints. Options The dsconfig create-http-endpoint command takes the following options: --endpoint-name {STRING} The name of the new HTTP Endpoint which will also be used as the value of the "base-path" property: All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {STRING} you provide. By default, OpenDJ directory server supports the following HTTP Endpoint types: admin-endpoint Default {STRING}: Admin Endpoint Enabled by default: true See Admin Endpoint for the properties of this HTTP Endpoint type. rest2ldap-endpoint Default {STRING}: Rest2ldap Endpoint Enabled by default: true See Rest2ldap Endpoint for the properties of this HTTP Endpoint type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the --endpoint-name {STRING} option. -t | --type {type} The type of HTTP Endpoint which should be created (Default: generic). The value for TYPE can be one of: admin-endpoint | generic | rest2ldap-endpoint. HTTP Endpoint properties depend on the HTTP Endpoint type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following HTTP Endpoint types: admin-endpoint Default {type}: Admin Endpoint Enabled by default: true See Admin Endpoint for the properties of this HTTP Endpoint type. rest2ldap-endpoint Default {type}: Rest2ldap Endpoint Enabled by default: true See Rest2ldap Endpoint for the properties of this HTTP Endpoint type. Admin Endpoint HTTP Endpoints of type admin-endpoint have the following properties: authorization-mechanism Description The HTTP authorization mechanisms supported by this HTTP Endpoint. Default Value None Allowed Values The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No base-path Description All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes enabled Description Indicates whether the HTTP Endpoint is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Admin Endpoint implementation. Default Value org.opends.server.protocols.http.rest2ldap.AdminEndpoint Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Rest2ldap Endpoint HTTP Endpoints of type rest2ldap-endpoint have the following properties: authorization-mechanism Description The HTTP authorization mechanisms supported by this HTTP Endpoint. Default Value None Allowed Values The DN of any HTTP Authorization Mechanism. The referenced authorization mechanism must be enabled when the HTTP Endpoint is enabled. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No base-path Description All HTTP requests matching the base path or subordinate to it will be routed to the HTTP endpoint unless a more specific HTTP endpoint is found. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only Yes config-directory Description The directory containing the Rest2Ldap configuration file(s) for this specific endpoint. The directory must be readable by the server and may contain multiple configuration files, one for each supported version of the REST endpoint. If a relative path is used then it will be resolved against the server's instance directory. Default Value None Allowed Values A directory that is readable by the server. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the HTTP Endpoint is enabled. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Rest2ldap Endpoint implementation. Default Value org.opends.server.protocols.http.rest2ldap.Rest2LdapEndpoint Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.HttpEndpoint Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-identity-mapper(1) Name dsconfig create-identity-mapper - Creates Identity Mappers Synopsis dsconfig create-identity-mapper {options} Description Creates Identity Mappers. Options The dsconfig create-identity-mapper command takes the following options: --mapper-name {name} The name of the new Identity Mapper. Identity Mapper properties depend on the Identity Mapper type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Identity Mapper types: exact-match-identity-mapper Default {name}: Exact Match Identity Mapper Enabled by default: true See Exact Match Identity Mapper for the properties of this Identity Mapper type. regular-expression-identity-mapper Default {name}: Regular Expression Identity Mapper Enabled by default: true See Regular Expression Identity Mapper for the properties of this Identity Mapper type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Identity Mapper properties depend on the Identity Mapper type, which depends on the --mapper-name {name} option. -t | --type {type} The type of Identity Mapper which should be created. The value for TYPE can be one of: custom | exact-match | regular-expression. Identity Mapper properties depend on the Identity Mapper type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Identity Mapper types: exact-match-identity-mapper Default {type}: Exact Match Identity Mapper Enabled by default: true See Exact Match Identity Mapper for the properties of this Identity Mapper type. regular-expression-identity-mapper Default {type}: Regular Expression Identity Mapper Enabled by default: true See Regular Expression Identity Mapper for the properties of this Identity Mapper type. Exact Match Identity Mapper Identity Mappers of type exact-match-identity-mapper have the following properties: enabled Description Indicates whether the Identity Mapper is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Exact Match Identity Mapper implementation. Default Value org.opends.server.extensions.ExactMatchIdentityMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper Multi-valued No Required Yes Admin Action Required The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No match-attribute Description Specifies the attribute whose value should exactly match the ID string provided to this identity mapper. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. The internal search performed includes a logical OR across all of these values. Default Value uid Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No match-base-dn Description Specifies the set of base DNs below which to search for users. The base DNs will be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all specified base DNs. Default Value The server searches below all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No Regular Expression Identity Mapper Identity Mappers of type regular-expression-identity-mapper have the following properties: enabled Description Indicates whether the Identity Mapper is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Regular Expression Identity Mapper implementation. Default Value org.opends.server.extensions.RegularExpressionIdentityMapper Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.IdentityMapper Multi-valued No Required Yes Admin Action Required The Identity Mapper must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No match-attribute Description Specifies the name or OID of the attribute whose value should match the provided identifier string after it has been processed by the associated regular expression. All values must refer to the name or OID of an attribute type defined in the directory server schema. If multiple attributes or OIDs are provided, at least one of those attributes must contain the provided ID string value in exactly one entry. Default Value uid Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No match-base-dn Description Specifies the base DN(s) that should be used when performing searches to map the provided ID string to a user entry. If multiple values are given, searches are performed below all the specified base DNs. Default Value The server searches below all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No match-pattern Description Specifies the regular expression pattern that is used to identify portions of the ID string that will be replaced. Any portion of the ID string that matches this pattern is replaced in accordance with the provided replace pattern (or is removed if no replace pattern is specified). If multiple substrings within the given ID string match this pattern, all occurrences are replaced. If no part of the given ID string matches this pattern, the ID string is not altered. Exactly one match pattern value must be provided, and it must be a valid regular expression as described in the API documentation for the java.util.regex.Pattern class, including support for capturing groups. Default Value None Allowed Values Any valid regular expression pattern which is supported by the javax.util.regex.Pattern class (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html for documentation about this class for Java SE 6). Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No replace-pattern Description Specifies the replacement pattern that should be used for substrings in the ID string that match the provided regular expression pattern. If no replacement pattern is provided, then any matching portions of the ID string will be removed (i.e., replaced with an empty string). The replacement pattern may include a string from a capturing group by using a dollar sign ($) followed by an integer value that indicates which capturing group should be used. Default Value The replace pattern will be the empty string. Allowed Values Any valid replacement string that is allowed by the javax.util.regex.Matcher class. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No dsconfig create-key-manager-provider(1) Name dsconfig create-key-manager-provider - Creates Key Manager Providers Synopsis dsconfig create-key-manager-provider {options} Description Creates Key Manager Providers. Options The dsconfig create-key-manager-provider command takes the following options: --provider-name {name} The name of the new Key Manager Provider. Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Key Manager Provider types: file-based-key-manager-provider Default {name}: File Based Key Manager Provider Enabled by default: true See File Based Key Manager Provider for the properties of this Key Manager Provider type. ldap-key-manager-provider Default {name}: LDAP Key Manager Provider Enabled by default: true See LDAP Key Manager Provider for the properties of this Key Manager Provider type. pkcs11-key-manager-provider Default {name}: PKCS11 Key Manager Provider Enabled by default: true See PKCS11 Key Manager Provider for the properties of this Key Manager Provider type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Key Manager Provider properties depend on the Key Manager Provider type, which depends on the --provider-name {name} option. -t | --type {type} The type of Key Manager Provider which should be created. The value for TYPE can be one of: custom | file-based | ldap | pkcs11. Key Manager Provider properties depend on the Key Manager Provider type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Key Manager Provider types: file-based-key-manager-provider Default {type}: File Based Key Manager Provider Enabled by default: true See File Based Key Manager Provider for the properties of this Key Manager Provider type. ldap-key-manager-provider Default {type}: LDAP Key Manager Provider Enabled by default: true See LDAP Key Manager Provider for the properties of this Key Manager Provider type. pkcs11-key-manager-provider Default {type}: PKCS11 Key Manager Provider Enabled by default: true See PKCS11 Key Manager Provider for the properties of this Key Manager Provider type. File Based Key Manager Provider Key Manager Providers of type file-based-key-manager-provider have the following properties: enabled Description Indicates whether the Key Manager Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based Key Manager Provider implementation. Default Value org.opends.server.extensions.FileBasedKeyManagerProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider Multi-valued No Required Yes Admin Action Required The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-store-file Description Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key manager is accessed. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No key-store-pin Description Specifies the clear-text PIN needed to access the File Based Key Manager Provider . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the File Based Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-environment-variable Description Specifies the name of the environment variable that contains the clear-text PIN needed to access the File Based Key Manager Provider . Default Value None Allowed Values The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the File Based Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the File Based Key Manager Provider . Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the File Based Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-property Description Specifies the name of the Java property that contains the clear-text PIN needed to access the File Based Key Manager Provider . Default Value None Allowed Values The name of a defined Java property. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the File Based Key Manager Provider is accessed. Advanced Property No Read-only No key-store-type Description Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. If no value is provided, the JVM-default value is used. Changes to this configuration attribute will take effect the next time that the key manager is accessed. Default Value None Allowed Values Any key store format supported by the Java runtime environment. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No LDAP Key Manager Provider Key Manager Providers of type ldap-key-manager-provider have the following properties: base-dn Description The base DN beneath which LDAP key store entries are located. Default Value None Allowed Values A valid DN. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Key Manager Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the LDAP Key Manager Provider implementation. Default Value org.opends.server.extensions.LDAPKeyManagerProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider Multi-valued No Required Yes Admin Action Required The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-store-pin Description Specifies the clear-text PIN needed to access the LDAP Key Manager Provider . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the LDAP Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-environment-variable Description Specifies the name of the environment variable that contains the clear-text PIN needed to access the LDAP Key Manager Provider . Default Value None Allowed Values The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the LDAP Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the LDAP Key Manager Provider . Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the LDAP Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-property Description Specifies the name of the Java property that contains the clear-text PIN needed to access the LDAP Key Manager Provider . Default Value None Allowed Values The name of a defined Java property. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the LDAP Key Manager Provider is accessed. Advanced Property No Read-only No PKCS11 Key Manager Provider Key Manager Providers of type pkcs11-key-manager-provider have the following properties: enabled Description Indicates whether the Key Manager Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the PKCS11 Key Manager Provider implementation. Default Value org.opends.server.extensions.PKCS11KeyManagerProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.KeyManagerProvider Multi-valued No Required Yes Admin Action Required The Key Manager Provider must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-store-pin Description Specifies the clear-text PIN needed to access the PKCS11 Key Manager Provider . Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-environment-variable Description Specifies the name of the environment variable that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . Default Value None Allowed Values The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the PKCS11 Key Manager Provider . Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. Advanced Property No Read-only No key-store-pin-property Description Specifies the name of the Java property that contains the clear-text PIN needed to access the PKCS11 Key Manager Provider . Default Value None Allowed Values The name of a defined Java property. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the PKCS11 Key Manager Provider is accessed. Advanced Property No Read-only No dsconfig create-log-publisher(1) Name dsconfig create-log-publisher - Creates Log Publishers Synopsis dsconfig create-log-publisher {options} Description Creates Log Publishers. Options The dsconfig create-log-publisher command takes the following options: --publisher-name {name} The name of the new Log Publisher. Log Publisher properties depend on the Log Publisher type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Log Publisher types: csv-file-access-log-publisher Default {name}: Csv File Access Log Publisher Enabled by default: true See Csv File Access Log Publisher for the properties of this Log Publisher type. csv-file-http-access-log-publisher Default {name}: Csv File HTTP Access Log Publisher Enabled by default: true See Csv File HTTP Access Log Publisher for the properties of this Log Publisher type. external-access-log-publisher Default {name}: External Access Log Publisher Enabled by default: true See External Access Log Publisher for the properties of this Log Publisher type. external-http-access-log-publisher Default {name}: External HTTP Access Log Publisher Enabled by default: true See External HTTP Access Log Publisher for the properties of this Log Publisher type. file-based-access-log-publisher Default {name}: File Based Access Log Publisher Enabled by default: true See File Based Access Log Publisher for the properties of this Log Publisher type. file-based-audit-log-publisher Default {name}: File Based Audit Log Publisher Enabled by default: true See File Based Audit Log Publisher for the properties of this Log Publisher type. file-based-debug-log-publisher Default {name}: File Based Debug Log Publisher Enabled by default: true See File Based Debug Log Publisher for the properties of this Log Publisher type. file-based-error-log-publisher Default {name}: File Based Error Log Publisher Enabled by default: true See File Based Error Log Publisher for the properties of this Log Publisher type. file-based-http-access-log-publisher Default {name}: File Based HTTP Access Log Publisher Enabled by default: true See File Based HTTP Access Log Publisher for the properties of this Log Publisher type. json-file-access-log-publisher Default {name}: Json File Access Log Publisher Enabled by default: true See Json File Access Log Publisher for the properties of this Log Publisher type. json-file-http-access-log-publisher Default {name}: Json File HTTP Access Log Publisher Enabled by default: true See Json File HTTP Access Log Publisher for the properties of this Log Publisher type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Log Publisher properties depend on the Log Publisher type, which depends on the --publisher-name {name} option. -t | --type {type} The type of Log Publisher which should be created. The value for TYPE can be one of: csv-file-access | csv-file-http-access | custom-access | custom-debug | custom-error | custom-http-access | external-access | external-http-access | file-based-access | file-based-audit | file-based-debug | file-based-error | file-based-http-access | json-file-access | json-file-http-access. Log Publisher properties depend on the Log Publisher type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Log Publisher types: csv-file-access-log-publisher Default {type}: Csv File Access Log Publisher Enabled by default: true See Csv File Access Log Publisher for the properties of this Log Publisher type. csv-file-http-access-log-publisher Default {type}: Csv File HTTP Access Log Publisher Enabled by default: true See Csv File HTTP Access Log Publisher for the properties of this Log Publisher type. external-access-log-publisher Default {type}: External Access Log Publisher Enabled by default: true See External Access Log Publisher for the properties of this Log Publisher type. external-http-access-log-publisher Default {type}: External HTTP Access Log Publisher Enabled by default: true See External HTTP Access Log Publisher for the properties of this Log Publisher type. file-based-access-log-publisher Default {type}: File Based Access Log Publisher Enabled by default: true See File Based Access Log Publisher for the properties of this Log Publisher type. file-based-audit-log-publisher Default {type}: File Based Audit Log Publisher Enabled by default: true See File Based Audit Log Publisher for the properties of this Log Publisher type. file-based-debug-log-publisher Default {type}: File Based Debug Log Publisher Enabled by default: true See File Based Debug Log Publisher for the properties of this Log Publisher type. file-based-error-log-publisher Default {type}: File Based Error Log Publisher Enabled by default: true See File Based Error Log Publisher for the properties of this Log Publisher type. file-based-http-access-log-publisher Default {type}: File Based HTTP Access Log Publisher Enabled by default: true See File Based HTTP Access Log Publisher for the properties of this Log Publisher type. json-file-access-log-publisher Default {type}: Json File Access Log Publisher Enabled by default: true See Json File Access Log Publisher for the properties of this Log Publisher type. json-file-http-access-log-publisher Default {type}: Json File HTTP Access Log Publisher Enabled by default: true See Json File HTTP Access Log Publisher for the properties of this Log Publisher type. Csv File Access Log Publisher Log Publishers of type csv-file-access-log-publisher have the following properties: asynchronous Description Indicates whether the Csv File Access Log Publisher will publish records asynchronously. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No csv-delimiter-char Description The delimiter character to use when writing in CSV format. Default Value , Allowed Values The delimiter character to use when writing in CSV format. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No csv-eol-symbols Description The string that marks the end of a line. Default Value Use the platform specific end of line character sequence. Allowed Values The string that marks the end of a line. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No csv-quote-char Description The character to append and prepend to a CSV field when writing in CSV format. Default Value " Allowed Values The quote character to use when writting in CSV format. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No filtering-policy Description Specifies how filtering criteria should be applied to log records. Default Value no-filtering Allowed Values exclusive Records must not match any of the filtering criteria in order to be logged. inclusive Records must match at least one of the filtering criteria in order to be logged. no-filtering No filtering will be performed, and all records will be logged. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the Csv File Access Log Publisher implementation. Default Value org.opends.server.loggers.CsvFileAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-store-file Description Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No key-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File Access Log Publisher . Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Csv File Access Log Publisher is accessed. Advanced Property No Read-only No log-control-oids Description Specifies whether control OIDs will be included in operation log records. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No log-directory Description The directory to use for the log files generated by the Csv File Access Log Publisher. The path to the directory is relative to the server root. Default Value logs Allowed Values A path to an existing directory that is readable and writable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No retention-policy Description The retention policy to use for the Csv File Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the Csv File Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No signature-time-interval Description Specifies the interval at which to sign the log file when the tamper-evident option is enabled. Default Value 3s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-internal-operations Description Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-synchronization-operations Description Indicates whether access messages that are generated by synchronization operations should be suppressed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No tamper-evident Description Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No Csv File HTTP Access Log Publisher Log Publishers of type csv-file-http-access-log-publisher have the following properties: asynchronous Description Indicates whether the Csv File HTTP Access Log Publisher will publish records asynchronously. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No csv-delimiter-char Description The delimiter character to use when writing in CSV format. Default Value , Allowed Values The delimiter character to use when writing in CSV format. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No csv-eol-symbols Description The string that marks the end of a line. Default Value Use the platform specific end of line character sequence. Allowed Values The string that marks the end of a line. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No csv-quote-char Description The character to append and prepend to a CSV field when writing in CSV format. Default Value " Allowed Values The quote character to use when writing in CSV format. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the Csv File HTTP Access Log Publisher implementation. Default Value org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No key-store-file Description Specifies the path to the file that contains the private key information. This may be an absolute path, or a path that is relative to the OpenDJ instance root. Changes to this property will take effect the next time that the key store is accessed. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No key-store-pin-file Description Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Csv File HTTP Access Log Publisher . Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required NoneChanges to this property will take effect the next time that the Csv File HTTP Access Log Publisher is accessed. Advanced Property No Read-only No log-directory Description The directory to use for the log files generated by the Csv File HTTP Access Log Publisher. The path to the directory is relative to the server root. Default Value logs Allowed Values A path to an existing directory that is readable and writable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No retention-policy Description The retention policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the Csv File HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No signature-time-interval Description Specifies the interval at which to sign the log file when secure option is enabled. Default Value 3s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No tamper-evident Description Specifies whether the log should be signed in order to detect tampering. Every log record will be signed, making it possible to verify that the log has not been tampered with. This feature has a significative impact on performance of the server. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No External Access Log Publisher Log Publishers of type external-access-log-publisher have the following properties: config-file Description The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No filtering-policy Description Specifies how filtering criteria should be applied to log records. Default Value no-filtering Allowed Values exclusive Records must not match any of the filtering criteria in order to be logged. inclusive Records must match at least one of the filtering criteria in order to be logged. no-filtering No filtering will be performed, and all records will be logged. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. Default Value org.opends.server.loggers.ExternalAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-control-oids Description Specifies whether control OIDs will be included in operation log records. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No suppress-internal-operations Description Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-synchronization-operations Description Indicates whether access messages that are generated by synchronization operations should be suppressed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No External HTTP Access Log Publisher Log Publishers of type external-http-access-log-publisher have the following properties: config-file Description The JSON configuration file that defines the External HTTP Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the server root. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the External HTTP Access Log Publisher implementation. Default Value org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No File Based Access Log Publisher Log Publishers of type file-based-access-log-publisher have the following properties: append Description Specifies whether to append to existing log files. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No asynchronous Description Indicates whether the File Based Access Log Publisher will publish records asynchronously. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No buffer-size Description Specifies the log file buffer size. Default Value 64kb Allowed Values Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No filtering-policy Description Specifies how filtering criteria should be applied to log records. Default Value no-filtering Allowed Values exclusive Records must not match any of the filtering criteria in order to be logged. inclusive Records must match at least one of the filtering criteria in order to be logged. no-filtering No filtering will be performed, and all records will be logged. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based Access Log Publisher implementation. Default Value org.opends.server.loggers.TextAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-control-oids Description Specifies whether control OIDs will be included in operation log records. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No log-file Description The file name to use for the log files generated by the File Based Access Log Publisher. The path to the file is relative to the server root. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No log-file-permissions Description The UNIX permissions of the log files created by this File Based Access Log Publisher. Default Value 640 Allowed Values A valid UNIX mode string. The mode string must contain three digits between zero and seven. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No log-format Description Specifies how log records should be formatted and written to the access log. Default Value multi-line Allowed Values combined Combine log records for operation requests and responses into a single record. This format should be used when log records are to be filtered based on response criteria (e.g. result code). multi-line Outputs separate log records for operation requests and responses. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No log-record-time-format Description Specifies the format string that is used to generate log record timestamps. Default Value dd/MMM/yyyy:HH:mm:ss Z Allowed Values Any valid format string that can be used with the java.text.SimpleDateFormat class. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No queue-size Description The maximum number of log records that can be stored in the asynchronous queue. Default Value 5000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No retention-policy Description The retention policy to use for the File Based Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the File Based Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No suppress-internal-operations Description Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-synchronization-operations Description Indicates whether access messages that are generated by synchronization operations should be suppressed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No time-interval Description Specifies the interval at which to check whether the log files need to be rotated. Default Value 5s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No File Based Audit Log Publisher Log Publishers of type file-based-audit-log-publisher have the following properties: append Description Specifies whether to append to existing log files. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No asynchronous Description Indicates whether the File Based Audit Log Publisher will publish records asynchronously. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No buffer-size Description Specifies the log file buffer size. Default Value 64kb Allowed Values Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No filtering-policy Description Specifies how filtering criteria should be applied to log records. Default Value no-filtering Allowed Values exclusive Records must not match any of the filtering criteria in order to be logged. inclusive Records must match at least one of the filtering criteria in order to be logged. no-filtering No filtering will be performed, and all records will be logged. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based Audit Log Publisher implementation. Default Value org.opends.server.loggers.TextAuditLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-file Description The file name to use for the log files generated by the File Based Audit Log Publisher. The path to the file is relative to the server root. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No log-file-permissions Description The UNIX permissions of the log files created by this File Based Audit Log Publisher. Default Value 640 Allowed Values A valid UNIX mode string. The mode string must contain three digits between zero and seven. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No queue-size Description The maximum number of log records that can be stored in the asynchronous queue. Default Value 5000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No retention-policy Description The retention policy to use for the File Based Audit Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the File Based Audit Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No suppress-internal-operations Description Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-synchronization-operations Description Indicates whether access messages that are generated by synchronization operations should be suppressed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No time-interval Description Specifies the interval at which to check whether the log files need to be rotated. Default Value 5s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No File Based Debug Log Publisher Log Publishers of type file-based-debug-log-publisher have the following properties: append Description Specifies whether to append to existing log files. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No asynchronous Description Indicates whether the File Based Debug Log Publisher will publish records asynchronously. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No buffer-size Description Specifies the log file buffer size. Default Value 64kb Allowed Values Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No default-debug-exceptions-only Description Indicates whether only logs with exception should be logged. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No default-include-throwable-cause Description Indicates whether to include the cause of exceptions in exception thrown and caught messages logged by default. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No default-omit-method-entry-arguments Description Indicates whether to include method arguments in debug messages logged by default. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No default-omit-method-return-value Description Indicates whether to include the return value in debug messages logged by default. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No default-throwable-stack-frames Description Indicates the number of stack frames to include in the stack trace for method entry and exception thrown messages. Default Value 2147483647 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based Debug Log Publisher implementation. Default Value org.opends.server.loggers.TextDebugLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-file Description The file name to use for the log files generated by the File Based Debug Log Publisher . The path to the file is relative to the server root. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No log-file-permissions Description The UNIX permissions of the log files created by this File Based Debug Log Publisher . Default Value 640 Allowed Values A valid UNIX mode string. The mode string must contain three digits between zero and seven. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No queue-size Description The maximum number of log records that can be stored in the asynchronous queue. Default Value 5000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No retention-policy Description The retention policy to use for the File Based Debug Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the File Based Debug Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No time-interval Description Specifies the interval at which to check whether the log files need to be rotated. Default Value 5s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No File Based Error Log Publisher Log Publishers of type file-based-error-log-publisher have the following properties: append Description Specifies whether to append to existing log files. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No asynchronous Description Indicates whether the File Based Error Log Publisher will publish records asynchronously. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer will be flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No buffer-size Description Specifies the log file buffer size. Default Value 64kb Allowed Values Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No default-severity Description Specifies the default severity levels for the logger. Default Value error warning Allowed Values all Messages of all severity levels are logged. debug The error log severity that is used for messages that provide debugging information triggered during processing. error The error log severity that is used for messages that provide information about errors which may force the server to shut down or operate in a significantly degraded state. info The error log severity that is used for messages that provide information about significant events within the server that are not warnings or errors. none No messages of any severity are logged by default. This value is intended to be used in conjunction with the override-severity property to define an error logger that will publish no error message beside the errors of a given category. notice The error log severity that is used for the most important informational messages (i.e., information that should almost always be logged but is not associated with a warning or error condition). warning The error log severity that is used for messages that provide information about warnings triggered during processing. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based Error Log Publisher implementation. Default Value org.opends.server.loggers.TextErrorLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-file Description The file name to use for the log files generated by the File Based Error Log Publisher . The path to the file is relative to the server root. Default Value None Allowed Values A String Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No log-file-permissions Description The UNIX permissions of the log files created by this File Based Error Log Publisher . Default Value 640 Allowed Values A valid UNIX mode string. The mode string must contain three digits between zero and seven. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No override-severity Description Specifies the override severity levels for the logger based on the category of the messages. Each override severity level should include the category and the severity levels to log for that category, for example, core=error,info,warning. Valid categories are: core, extensions, protocol, config, log, util, schema, plugin, jeb, backend, tools, task, access-control, admin, sync, version, quicksetup, admin-tool, dsconfig, user-defined. Valid severities are: all, error, info, warning, notice, debug. Default Value All messages with the default severity levels are logged. Allowed Values A string in the form category=severity1,severity2… Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No queue-size Description The maximum number of log records that can be stored in the asynchronous queue. Default Value 5000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No retention-policy Description The retention policy to use for the File Based Error Log Publisher . When multiple policies are used, log files will be cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files will never be cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the File Based Error Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No time-interval Description Specifies the interval at which to check whether the log files need to be rotated. Default Value 5s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No File Based HTTP Access Log Publisher Log Publishers of type file-based-http-access-log-publisher have the following properties: append Description Specifies whether to append to existing log files. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No asynchronous Description Indicates whether the File Based HTTP Access Log Publisher will publish records asynchronously. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No auto-flush Description Specifies whether to flush the writer after every log record. If the asynchronous writes option is used, the writer is flushed after all the log records in the queue are written. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No buffer-size Description Specifies the log file buffer size. Default Value 64kb Allowed Values Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the File Based HTTP Access Log Publisher implementation. Default Value org.opends.server.loggers.TextHTTPAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-file Description The file name to use for the log files generated by the File Based HTTP Access Log Publisher. The path to the file is relative to the server root. Default Value None Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No log-file-permissions Description The UNIX permissions of the log files created by this File Based HTTP Access Log Publisher. Default Value 640 Allowed Values A valid UNIX mode string. The mode string must contain three digits between zero and seven. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No log-format Description Specifies how log records should be formatted and written to the HTTP access log. Default Value cs-host c-ip cs-username x-datetime cs-method cs-uri-stem cs-uri-query cs-version sc-status cs(User-Agent) x-connection-id x-etime x-transaction-id Allowed Values A space separated list of fields describing the extended log format to be used for logging HTTP accesses. Available values are listed on the W3C working draft http://www.w3.org/TR/WD-logfile.html and Microsoft website http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true OpenDJ supports the following standard fields: "c-ip", "c-port", "cs-host", "cs-method", "cs-uri", "cs-uri-stem", "cs-uri-query", "cs(User-Agent)", "cs-username", "cs-version", "s-computername", "s-ip", "s-port", "sc-status". OpenDJ supports the following application specific field extensions: "x-connection-id" displays the internal connection ID assigned to the HTTP client connection, "x-datetime" displays the completion date and time for the logged HTTP request and its ouput is controlled by the "ds-cfg-log-record-time-format" property, "x-etime" displays the total execution time for the logged HTTP request, "x-transaction-id" displays the transaction id associated to a request Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No log-record-time-format Description Specifies the format string that is used to generate log record timestamps. Default Value dd/MMM/yyyy:HH:mm:ss Z Allowed Values Any valid format string that can be used with the java.text.SimpleDateFormat class. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No queue-size Description The maximum number of log records that can be stored in the asynchronous queue. Default Value 5000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No retention-policy Description The retention policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the File Based HTTP Access Log Publisher . When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No time-interval Description Specifies the interval at which to check whether the log files need to be rotated. Default Value 5s Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Json File Access Log Publisher Log Publishers of type json-file-access-log-publisher have the following properties: enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No filtering-policy Description Specifies how filtering criteria should be applied to log records. Default Value no-filtering Allowed Values exclusive Records must not match any of the filtering criteria in order to be logged. inclusive Records must match at least one of the filtering criteria in order to be logged. no-filtering No filtering will be performed, and all records will be logged. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the Json File Access Log Publisher implementation. Default Value org.opends.server.loggers.JsonFileAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-control-oids Description Specifies whether control OIDs will be included in operation log records. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No log-directory Description The directory to use for the log files generated by the Json File Access Log Publisher. The path to the directory is relative to the server root. Default Value logs Allowed Values A path to an existing directory that is readable and writable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No retention-policy Description The retention policy to use for the Json File Access Log Publisher. When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the Json File Access Log Publisher. When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No suppress-internal-operations Description Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No suppress-synchronization-operations Description Indicates whether access messages that are generated by synchronization operations should be suppressed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Json File HTTP Access Log Publisher Log Publishers of type json-file-http-access-log-publisher have the following properties: enabled Description Indicates whether the Log Publisher is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description The fully-qualified name of the Java class that provides the Json File HTTP Access Log Publisher implementation. Default Value org.opends.server.loggers.CommonAuditHTTPAccessLogPublisher Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.LogPublisher Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-directory Description The directory to use for the log files generated by the Json File HTTP Access Log Publisher. The path to the directory is relative to the server root. Default Value logs Allowed Values A path to an existing directory that is readable and writable by the server. Multi-valued No Required Yes Admin Action Required The Log Publisher must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No retention-policy Description The retention policy to use for the Json File HTTP Access Log Publisher. When multiple policies are used, log files are cleaned when any of the policy's conditions are met. Default Value No retention policy is used and log files are never cleaned. Allowed Values The DN of any Log Retention Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rotation-policy Description The rotation policy to use for the Json File HTTP Access Log Publisher. When multiple policies are used, rotation will occur if any policy's conditions are met. Default Value No rotation policy is used and log rotation will not occur. Allowed Values The DN of any Log Rotation Policy. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No dsconfig create-log-retention-policy(1) Name dsconfig create-log-retention-policy - Creates Log Retention Policies Synopsis dsconfig create-log-retention-policy {options} Description Creates Log Retention Policies. Options The dsconfig create-log-retention-policy command takes the following options: --policy-name {name} The name of the new Log Retention Policy. Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Log Retention Policy types: file-count-log-retention-policy Default {name}: File Count Log Retention Policy Enabled by default: false See File Count Log Retention Policy for the properties of this Log Retention Policy type. free-disk-space-log-retention-policy Default {name}: Free Disk Space Log Retention Policy Enabled by default: false See Free Disk Space Log Retention Policy for the properties of this Log Retention Policy type. size-limit-log-retention-policy Default {name}: Size Limit Log Retention Policy Enabled by default: false See Size Limit Log Retention Policy for the properties of this Log Retention Policy type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Log Retention Policy properties depend on the Log Retention Policy type, which depends on the --policy-name {name} option. -t | --type {type} The type of Log Retention Policy which should be created. The value for TYPE can be one of: custom | file-count | free-disk-space | size-limit. Log Retention Policy properties depend on the Log Retention Policy type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Log Retention Policy types: file-count-log-retention-policy Default {type}: File Count Log Retention Policy Enabled by default: false See File Count Log Retention Policy for the properties of this Log Retention Policy type. free-disk-space-log-retention-policy Default {type}: Free Disk Space Log Retention Policy Enabled by default: false See Free Disk Space Log Retention Policy for the properties of this Log Retention Policy type. size-limit-log-retention-policy Default {type}: Size Limit Log Retention Policy Enabled by default: false See Size Limit Log Retention Policy for the properties of this Log Retention Policy type. File Count Log Retention Policy Log Retention Policies of type file-count-log-retention-policy have the following properties: java-class Description Specifies the fully-qualified name of the Java class that provides the File Count Log Retention Policy implementation. Default Value org.opends.server.loggers.FileNumberRetentionPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No number-of-files Description Specifies the number of archived log files to retain before the oldest ones are cleaned. Default Value None Allowed Values An integer value. Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Free Disk Space Log Retention Policy Log Retention Policies of type free-disk-space-log-retention-policy have the following properties: free-disk-space Description Specifies the minimum amount of free disk space that should be available on the file system on which the archived log files are stored. Default Value None Allowed Values Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Free Disk Space Log Retention Policy implementation. Default Value org.opends.server.loggers.FreeDiskSpaceRetentionPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Size Limit Log Retention Policy Log Retention Policies of type size-limit-log-retention-policy have the following properties: disk-space-used Description Specifies the maximum total disk space used by the log files. Default Value None Allowed Values Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Size Limit Log Retention Policy implementation. Default Value org.opends.server.loggers.SizeBasedRetentionPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RetentionPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-log-rotation-policy(1) Name dsconfig create-log-rotation-policy - Creates Log Rotation Policies Synopsis dsconfig create-log-rotation-policy {options} Description Creates Log Rotation Policies. Options The dsconfig create-log-rotation-policy command takes the following options: --policy-name {name} The name of the new Log Rotation Policy. Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Log Rotation Policy types: fixed-time-log-rotation-policy Default {name}: Fixed Time Log Rotation Policy Enabled by default: false See Fixed Time Log Rotation Policy for the properties of this Log Rotation Policy type. size-limit-log-rotation-policy Default {name}: Size Limit Log Rotation Policy Enabled by default: false See Size Limit Log Rotation Policy for the properties of this Log Rotation Policy type. time-limit-log-rotation-policy Default {name}: Time Limit Log Rotation Policy Enabled by default: false See Time Limit Log Rotation Policy for the properties of this Log Rotation Policy type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the --policy-name {name} option. -t | --type {type} The type of Log Rotation Policy which should be created. The value for TYPE can be one of: custom | fixed-time | size-limit | time-limit. Log Rotation Policy properties depend on the Log Rotation Policy type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Log Rotation Policy types: fixed-time-log-rotation-policy Default {type}: Fixed Time Log Rotation Policy Enabled by default: false See Fixed Time Log Rotation Policy for the properties of this Log Rotation Policy type. size-limit-log-rotation-policy Default {type}: Size Limit Log Rotation Policy Enabled by default: false See Size Limit Log Rotation Policy for the properties of this Log Rotation Policy type. time-limit-log-rotation-policy Default {type}: Time Limit Log Rotation Policy Enabled by default: false See Time Limit Log Rotation Policy for the properties of this Log Rotation Policy type. Fixed Time Log Rotation Policy Log Rotation Policies of type fixed-time-log-rotation-policy have the following properties: java-class Description Specifies the fully-qualified name of the Java class that provides the Fixed Time Log Rotation Policy implementation. Default Value org.opends.server.loggers.FixedTimeRotationPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No time-of-day Description Specifies the time of day at which log rotation should occur. Default Value None Allowed Values 24 hour time of day in HHmm format. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No Size Limit Log Rotation Policy Log Rotation Policies of type size-limit-log-rotation-policy have the following properties: file-size-limit Description Specifies the maximum size that a log file can reach before it is rotated. Default Value None Allowed Values Lower value is 1. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Size Limit Log Rotation Policy implementation. Default Value org.opends.server.loggers.SizeBasedRotationPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Time Limit Log Rotation Policy Log Rotation Policies of type time-limit-log-rotation-policy have the following properties: java-class Description Specifies the fully-qualified name of the Java class that provides the Time Limit Log Rotation Policy implementation. Default Value org.opends.server.loggers.TimeLimitRotationPolicy Allowed Values A Java class that implements or extends the class(es): org.opends.server.loggers.RotationPolicy Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No rotation-interval Description Specifies the time interval between rotations. Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-monitor-provider(1) Name dsconfig create-monitor-provider - Creates Monitor Providers Synopsis dsconfig create-monitor-provider {options} Description Creates Monitor Providers. Options The dsconfig create-monitor-provider command takes the following options: --provider-name {name} The name of the new Monitor Provider. Monitor Provider properties depend on the Monitor Provider type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Monitor Provider types: client-connection-monitor-provider Default {name}: Client Connection Monitor Provider Enabled by default: true See Client Connection Monitor Provider for the properties of this Monitor Provider type. entry-cache-monitor-provider Default {name}: Entry Cache Monitor Provider Enabled by default: true See Entry Cache Monitor Provider for the properties of this Monitor Provider type. memory-usage-monitor-provider Default {name}: Memory Usage Monitor Provider Enabled by default: true See Memory Usage Monitor Provider for the properties of this Monitor Provider type. stack-trace-monitor-provider Default {name}: Stack Trace Monitor Provider Enabled by default: true See Stack Trace Monitor Provider for the properties of this Monitor Provider type. system-info-monitor-provider Default {name}: System Info Monitor Provider Enabled by default: true See System Info Monitor Provider for the properties of this Monitor Provider type. version-monitor-provider Default {name}: Version Monitor Provider Enabled by default: true See Version Monitor Provider for the properties of this Monitor Provider type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Monitor Provider properties depend on the Monitor Provider type, which depends on the --provider-name {name} option. -t | --type {type} The type of Monitor Provider which should be created. The value for TYPE can be one of: client-connection | custom | entry-cache | memory-usage | stack-trace | system-info | version. Monitor Provider properties depend on the Monitor Provider type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Monitor Provider types: client-connection-monitor-provider Default {type}: Client Connection Monitor Provider Enabled by default: true See Client Connection Monitor Provider for the properties of this Monitor Provider type. entry-cache-monitor-provider Default {type}: Entry Cache Monitor Provider Enabled by default: true See Entry Cache Monitor Provider for the properties of this Monitor Provider type. memory-usage-monitor-provider Default {type}: Memory Usage Monitor Provider Enabled by default: true See Memory Usage Monitor Provider for the properties of this Monitor Provider type. stack-trace-monitor-provider Default {type}: Stack Trace Monitor Provider Enabled by default: true See Stack Trace Monitor Provider for the properties of this Monitor Provider type. system-info-monitor-provider Default {type}: System Info Monitor Provider Enabled by default: true See System Info Monitor Provider for the properties of this Monitor Provider type. version-monitor-provider Default {type}: Version Monitor Provider Enabled by default: true See Version Monitor Provider for the properties of this Monitor Provider type. Client Connection Monitor Provider Monitor Providers of type client-connection-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Client Connection Monitor Provider implementation. Default Value org.opends.server.monitors.ClientConnectionMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Entry Cache Monitor Provider Monitor Providers of type entry-cache-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Entry Cache Monitor Provider implementation. Default Value org.opends.server.monitors.EntryCacheMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Memory Usage Monitor Provider Monitor Providers of type memory-usage-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Memory Usage Monitor Provider implementation. Default Value org.opends.server.monitors.MemoryUsageMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Stack Trace Monitor Provider Monitor Providers of type stack-trace-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Stack Trace Monitor Provider implementation. Default Value org.opends.server.monitors.StackTraceMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No System Info Monitor Provider Monitor Providers of type system-info-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the System Info Monitor Provider implementation. Default Value org.opends.server.monitors.SystemInfoMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Version Monitor Provider Monitor Providers of type version-monitor-provider have the following properties: enabled Description Indicates whether the Monitor Provider is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Version Monitor Provider implementation. Default Value org.opends.server.monitors.VersionMonitorProvider Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.MonitorProvider Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-password-generator(1) Name dsconfig create-password-generator - Creates Password Generators Synopsis dsconfig create-password-generator {options} Description Creates Password Generators. Options The dsconfig create-password-generator command takes the following options: --generator-name {name} The name of the new Password Generator. Password Generator properties depend on the Password Generator type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Password Generator types: random-password-generator Default {name}: Random Password Generator Enabled by default: true See Random Password Generator for the properties of this Password Generator type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Password Generator properties depend on the Password Generator type, which depends on the --generator-name {name} option. -t | --type {type} The type of Password Generator which should be created. The value for TYPE can be one of: custom | random. Password Generator properties depend on the Password Generator type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Password Generator types: random-password-generator Default {type}: Random Password Generator Enabled by default: true See Random Password Generator for the properties of this Password Generator type. Random Password Generator Password Generators of type random-password-generator have the following properties: enabled Description Indicates whether the Password Generator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Random Password Generator implementation. Default Value org.opends.server.extensions.RandomPasswordGenerator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordGenerator Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No password-character-set Description Specifies one or more named character sets. This is a multi-valued property, with each value defining a different character set. The format of the character set is the name of the set followed by a colon and the characters that are in that set. For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a character set named "alpha" containing all of the lower-case ASCII alphabetic characters. Default Value None Allowed Values A character set name (consisting of ASCII letters) followed by a colon and the set of characters that are included in that character set. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No password-format Description Specifies the format to use for the generated password. The value is a comma-delimited list of elements in which each of those elements is comprised of the name of a character set defined in the password-character-set property, a colon, and the number of characters to include from that set. For example, a value of "alpha:3,numeric:2,alpha:3" generates an 8-character password in which the first three characters are from the "alpha" set, the next two are from the "numeric" set, and the final three are from the "alpha" set. Default Value None Allowed Values A comma-delimited list whose elements comprise a valid character set name, a colon, and a positive integer indicating the number of characters from that set to be included. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-password-policy(1) Name dsconfig create-password-policy - Creates Authentication Policies Synopsis dsconfig create-password-policy {options} Description Creates Authentication Policies. Options The dsconfig create-password-policy command takes the following options: --policy-name {name} The name of the new Authentication Policy. Authentication Policy properties depend on the Authentication Policy type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Authentication Policy types: ldap-pass-through-authentication-policy Default {name}: LDAP Pass Through Authentication Policy Enabled by default: false See LDAP Pass Through Authentication Policy for the properties of this Authentication Policy type. password-policy Default {name}: Password Policy Enabled by default: false See Password Policy for the properties of this Authentication Policy type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Authentication Policy properties depend on the Authentication Policy type, which depends on the --policy-name {name} option. -t | --type {type} The type of Authentication Policy which should be created. The value for TYPE can be one of: ldap-pass-through | password-policy. Authentication Policy properties depend on the Authentication Policy type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Authentication Policy types: ldap-pass-through-authentication-policy Default {type}: LDAP Pass Through Authentication Policy Enabled by default: false See LDAP Pass Through Authentication Policy for the properties of this Authentication Policy type. password-policy Default {type}: Password Policy Enabled by default: false See Password Policy for the properties of this Authentication Policy type. LDAP Pass Through Authentication Policy Authentication Policies of type ldap-pass-through-authentication-policy have the following properties: cached-password-storage-scheme Description Specifies the name of a password storage scheme which should be used for encoding cached passwords. Changing the password storage scheme will cause all existing cached passwords to be discarded. Default Value None Allowed Values The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No cached-password-ttl Description Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service. This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service. Default Value 8 hours Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No connection-timeout Description Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests. If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. Default Value 3 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 milliseconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation. Default Value org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory Multi-valued No Required Yes Admin Action Required The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No mapped-attribute Description Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies. At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No mapped-search-base-dn Description Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy. If multiple values are given, searches are performed below all specified base DNs. Default Value None Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No mapped-search-bind-dn Description Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service. Default Value Searches will be performed anonymously. Allowed Values A valid DN. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapped-search-bind-password Description Specifies the bind password which should be used to perform user searches in the remote LDAP directory service. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapped-search-bind-password-environment-variable Description Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapped-search-bind-password-file Description Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapped-search-bind-password-property Description Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service. Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapped-search-filter-template Description If defined, overrides the filter used when searching for the user, substituting %s with the value of the local entry's "mapped-attribute". The filter-template may include ZERO or ONE %s substitutions. If multiple mapped-attributes are configured, multiple renditions of this template will be aggregated into one larger filter using an OR (|) operator. An example use-case for this property would be to use a different attribute type on the mapped search. For example, mapped-attribute could be set to "uid" and filter-template to "(samAccountName=%s)". You can also use the filter to restrict search results. For example: "(&(uid=%s)(objectclass=student))" Default Value None Allowed Values A String Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No mapping-policy Description Specifies the mapping algorithm for obtaining the bind DN from the user's entry. Default Value unmapped Allowed Values mapped-bind Bind to the remote LDAP directory service using a DN obtained from an attribute in the user’s entry. This policy will check each attribute named in the "mapped-attribute" property. If more than one attribute or value is present then the first one will be used. mapped-search Bind to the remote LDAP directory service using the DN of an entry obtained using a search against the remote LDAP directory service. The search filter will comprise of an equality matching filter whose attribute type is the "mapped-attribute" property, and whose assertion value is the attribute value obtained from the user’s entry. If more than one attribute or value is present then the filter will be composed of multiple equality filters combined using a logical OR (union). unmapped Bind to the remote LDAP directory service using the DN of the user’s entry in this directory server. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No primary-remote-ldap-server Description Specifies the primary list of remote LDAP servers which should be used for pass through authentication. If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined. Default Value None Allowed Values A host name followed by a ":" and a port number. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No secondary-remote-ldap-server Description Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable. If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available. Default Value No secondary LDAP servers. Allowed Values A host name followed by a ":" and a port number. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No source-address Description If specified, the server will bind to the address before connecting to the remote server. The address must be one assigned to an existing network interface. Default Value Let the server decide. Allowed Values An IP address Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No ssl-cipher-suite Description Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections. Default Value Uses the default set of SSL cipher suites provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but will only impact new SSL LDAP connections created after the change. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No ssl-protocol Description Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections. Default Value Uses the default set of SSL protocols provided by the server’s JVM. Allowed Values A String Multi-valued Yes Required No Admin Action Required NoneChanges to this property take effect immediately but will only impact new SSL LDAP connections created after the change. Advanced Property Yes (Use --advanced in interactive mode.) Read-only No trust-manager-provider Description Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers. Default Value By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted. Allowed Values The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled. Multi-valued No Required No Admin Action Required NoneChanges to this property take effect immediately, but only impact subsequent SSL connection negotiations. Advanced Property No Read-only No use-password-caching Description Indicates whether passwords should be cached locally within the user's entry. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No use-ssl Description Indicates whether the LDAP Pass Through Authentication Policy should use SSL. If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No use-tcp-keep-alive Description Indicates whether LDAP connections should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No use-tcp-no-delay Description Indicates whether LDAP connections should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Password Policy Authentication Policies of type password-policy have the following properties: account-status-notification-handler Description Specifies the names of the account status notification handlers that are used with the associated password storage scheme. Default Value None Allowed Values The DN of any Account Status Notification Handler. The referenced account status notification handlers must be enabled. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No allow-expired-password-changes Description Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No allow-multiple-password-values Description Indicates whether user entries can have multiple distinct values for the password attribute. This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allow-pre-encoded-passwords Description Indicates whether users can change their passwords by providing a pre-encoded value. This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No allow-user-password-changes Description Indicates whether users can change their own passwords. This check is made in addition to access control evaluation. Both must allow the password change for it to occur. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No default-password-storage-scheme Description Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. Default Value None Allowed Values The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No deprecated-password-storage-scheme Description Specifies the names of the password storage schemes that are considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s). Default Value None Allowed Values The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No expire-passwords-without-warning Description Indicates whether the directory server allows a user's password to expire even if that user has never seen an expiration warning notification. If this property is true, accounts always expire when the expiration time arrives. If this property is false or disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No force-change-on-add Description Indicates whether users are forced to change their passwords upon first authenticating to the directory server after their account has been created. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No force-change-on-reset Description Indicates whether users are forced to change their passwords if they are reset by an administrator. For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No grace-login-count Description Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. A value of 0 indicates that no grace logins are allowed. Default Value 0 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No idle-lockout-interval Description Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class which provides the Password Policy implementation. Default Value org.opends.server.core.PasswordPolicyFactory Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.AuthenticationPolicyFactory Multi-valued No Required Yes Admin Action Required The Authentication Policy must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No last-login-time-attribute Description Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. This attribute type must be defined in the directory server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No last-login-time-format Description Specifies the format string that is used to generate the last login time value for users with the associated password policy. This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class. Default Value None Allowed Values Any valid format string that can be used with the java.text.SimpleDateFormat class. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No lockout-duration Description Specifies the length of time that an account is locked after too many authentication failures. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No lockout-failure-count Description Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. A value of 0 indicates that accounts are never locked out due to failed attempts. Default Value 0 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No lockout-failure-expiration-interval Description Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No max-password-age Description Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No max-password-reset-age Description Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No min-password-age Description Specifies the minimum length of time after a password change before the user is allowed to change the password again. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-attribute Description Specifies the attribute type used to hold user passwords. This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax. Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No password-change-requires-current-password Description Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-expiration-warning-interval Description Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval. Default Value 5 days Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-generator Description Specifies the name of the password generator that is used with the associated password policy. This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. Default Value None Allowed Values The DN of any Password Generator. The referenced password generator must be enabled. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-history-count Description Specifies the maximum number of former passwords to maintain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds). Default Value 0 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-history-duration Description Specifies the maximum length of time that passwords remain in the password history. When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero). Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds.Upper limit is 2147483647 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No password-validator Description Specifies the names of the password validators that are used with the associated password storage scheme. The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable. Default Value None Allowed Values The DN of any Password Validator. The referenced password validators must be enabled. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No previous-last-login-time-format Description Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class. Default Value None Allowed Values Any valid format string that can be used with the java.text.SimpleDateFormat class. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No require-change-by-time Description Specifies the time by which all users with the associated password policy must change their passwords. The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset. Default Value None Allowed Values A valid timestamp in generalized time form (for example, a value of "20070409185811Z" indicates a value of April 9, 2007 at 6:58:11 pm GMT). Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No require-secure-authentication Description Indicates whether users with the associated password policy are required to authenticate in a secure manner. This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No require-secure-password-changes Description Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No skip-validation-for-administrators Description Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No state-update-failure-policy Description Specifies how the server deals with the inability to update password policy state information during an authentication attempt. In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled). Default Value reactive Allowed Values ignore If a bind attempt would otherwise be successful, then do not reject it if a problem occurs while attempting to update the password policy state information for the user. proactive Proactively reject any bind attempt if it is known ahead of time that it would not be possible to update the user’s password policy state information. reactive Even if a bind attempt would otherwise be successful, reject it if a problem occurs while attempting to update the password policy state information for the user. Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-password-storage-scheme(1) Name dsconfig create-password-storage-scheme - Creates Password Storage Schemes Synopsis dsconfig create-password-storage-scheme {options} Description Creates Password Storage Schemes. Options The dsconfig create-password-storage-scheme command takes the following options: --scheme-name {name} The name of the new Password Storage Scheme. Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Password Storage Scheme types: aes-password-storage-scheme Default {name}: AES Password Storage Scheme Enabled by default: true See AES Password Storage Scheme for the properties of this Password Storage Scheme type. base64-password-storage-scheme Default {name}: Base64 Password Storage Scheme Enabled by default: true See Base64 Password Storage Scheme for the properties of this Password Storage Scheme type. bcrypt-password-storage-scheme Default {name}: Bcrypt Password Storage Scheme Enabled by default: true See Bcrypt Password Storage Scheme for the properties of this Password Storage Scheme type. blowfish-password-storage-scheme Default {name}: Blowfish Password Storage Scheme Enabled by default: true See Blowfish Password Storage Scheme for the properties of this Password Storage Scheme type. clear-password-storage-scheme Default {name}: Clear Password Storage Scheme Enabled by default: true See Clear Password Storage Scheme for the properties of this Password Storage Scheme type. crypt-password-storage-scheme Default {name}: Crypt Password Storage Scheme Enabled by default: true See Crypt Password Storage Scheme for the properties of this Password Storage Scheme type. md5-password-storage-scheme Default {name}: MD5 Password Storage Scheme Enabled by default: true See MD5 Password Storage Scheme for the properties of this Password Storage Scheme type. pbkdf2-hmac-sha256-password-storage-scheme Default {name}: PBKDF2 Hmac SHA256 Password Storage Scheme Enabled by default: true See PBKDF2 Hmac SHA256 Password Storage Scheme for the properties of this Password Storage Scheme type. pbkdf2-hmac-sha512-password-storage-scheme Default {name}: PBKDF2 Hmac SHA512 Password Storage Scheme Enabled by default: true See PBKDF2 Hmac SHA512 Password Storage Scheme for the properties of this Password Storage Scheme type. pkcs5s2-password-storage-scheme Default {name}: PKCS5S2 Password Storage Scheme Enabled by default: true See PKCS5S2 Password Storage Scheme for the properties of this Password Storage Scheme type. rc4-password-storage-scheme Default {name}: RC4 Password Storage Scheme Enabled by default: true See RC4 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-md5-password-storage-scheme Default {name}: Salted MD5 Password Storage Scheme Enabled by default: true See Salted MD5 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha1-password-storage-scheme Default {name}: Salted SHA1 Password Storage Scheme Enabled by default: true See Salted SHA1 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha256-password-storage-scheme Default {name}: Salted SHA256 Password Storage Scheme Enabled by default: true See Salted SHA256 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha384-password-storage-scheme Default {name}: Salted SHA384 Password Storage Scheme Enabled by default: true See Salted SHA384 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha512-password-storage-scheme Default {name}: Salted SHA512 Password Storage Scheme Enabled by default: true See Salted SHA512 Password Storage Scheme for the properties of this Password Storage Scheme type. sha1-password-storage-scheme Default {name}: SHA1 Password Storage Scheme Enabled by default: true See SHA1 Password Storage Scheme for the properties of this Password Storage Scheme type. triple-des-password-storage-scheme Default {name}: Triple DES Password Storage Scheme Enabled by default: true See Triple DES Password Storage Scheme for the properties of this Password Storage Scheme type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the --scheme-name {name} option. -t | --type {type} The type of Password Storage Scheme which should be created. The value for TYPE can be one of: aes | base64 | bcrypt | blowfish | clear | crypt | custom | md5 | pbkdf2 | pbkdf2-hmac-sha256 | pbkdf2-hmac-sha512 | pkcs5s2 | rc4 | salted-md5 | salted-sha1 | salted-sha256 | salted-sha384 | salted-sha512 | sha1 | triple-des. Password Storage Scheme properties depend on the Password Storage Scheme type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Password Storage Scheme types: aes-password-storage-scheme Default {type}: AES Password Storage Scheme Enabled by default: true See AES Password Storage Scheme for the properties of this Password Storage Scheme type. base64-password-storage-scheme Default {type}: Base64 Password Storage Scheme Enabled by default: true See Base64 Password Storage Scheme for the properties of this Password Storage Scheme type. bcrypt-password-storage-scheme Default {type}: Bcrypt Password Storage Scheme Enabled by default: true See Bcrypt Password Storage Scheme for the properties of this Password Storage Scheme type. blowfish-password-storage-scheme Default {type}: Blowfish Password Storage Scheme Enabled by default: true See Blowfish Password Storage Scheme for the properties of this Password Storage Scheme type. clear-password-storage-scheme Default {type}: Clear Password Storage Scheme Enabled by default: true See Clear Password Storage Scheme for the properties of this Password Storage Scheme type. crypt-password-storage-scheme Default {type}: Crypt Password Storage Scheme Enabled by default: true See Crypt Password Storage Scheme for the properties of this Password Storage Scheme type. md5-password-storage-scheme Default {type}: MD5 Password Storage Scheme Enabled by default: true See MD5 Password Storage Scheme for the properties of this Password Storage Scheme type. pbkdf2-hmac-sha256-password-storage-scheme Default {type}: PBKDF2 Hmac SHA256 Password Storage Scheme Enabled by default: true See PBKDF2 Hmac SHA256 Password Storage Scheme for the properties of this Password Storage Scheme type. pbkdf2-hmac-sha512-password-storage-scheme Default {type}: PBKDF2 Hmac SHA512 Password Storage Scheme Enabled by default: true See PBKDF2 Hmac SHA512 Password Storage Scheme for the properties of this Password Storage Scheme type. pkcs5s2-password-storage-scheme Default {type}: PKCS5S2 Password Storage Scheme Enabled by default: true See PKCS5S2 Password Storage Scheme for the properties of this Password Storage Scheme type. rc4-password-storage-scheme Default {type}: RC4 Password Storage Scheme Enabled by default: true See RC4 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-md5-password-storage-scheme Default {type}: Salted MD5 Password Storage Scheme Enabled by default: true See Salted MD5 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha1-password-storage-scheme Default {type}: Salted SHA1 Password Storage Scheme Enabled by default: true See Salted SHA1 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha256-password-storage-scheme Default {type}: Salted SHA256 Password Storage Scheme Enabled by default: true See Salted SHA256 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha384-password-storage-scheme Default {type}: Salted SHA384 Password Storage Scheme Enabled by default: true See Salted SHA384 Password Storage Scheme for the properties of this Password Storage Scheme type. salted-sha512-password-storage-scheme Default {type}: Salted SHA512 Password Storage Scheme Enabled by default: true See Salted SHA512 Password Storage Scheme for the properties of this Password Storage Scheme type. sha1-password-storage-scheme Default {type}: SHA1 Password Storage Scheme Enabled by default: true See SHA1 Password Storage Scheme for the properties of this Password Storage Scheme type. triple-des-password-storage-scheme Default {type}: Triple DES Password Storage Scheme Enabled by default: true See Triple DES Password Storage Scheme for the properties of this Password Storage Scheme type. AES Password Storage Scheme Password Storage Schemes of type aes-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the AES Password Storage Scheme implementation. Default Value org.opends.server.extensions.AESPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Base64 Password Storage Scheme Password Storage Schemes of type base64-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Base64 Password Storage Scheme implementation. Default Value org.opends.server.extensions.Base64PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Bcrypt Password Storage Scheme Password Storage Schemes of type bcrypt-password-storage-scheme have the following properties: bcrypt-cost Description The cost parameter specifies a key expansion iteration count as a power of two. A default value of 12 (2^12 iterations) is considered in 2016 as a reasonable balance between responsiveness and security for regular users. Default Value 12 Allowed Values An integer value. Lower value is 1. Upper value is 30. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Bcrypt Password Storage Scheme implementation. Default Value org.opends.server.extensions.BcryptPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Blowfish Password Storage Scheme Password Storage Schemes of type blowfish-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Blowfish Password Storage Scheme implementation. Default Value org.opends.server.extensions.BlowfishPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Clear Password Storage Scheme Password Storage Schemes of type clear-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Clear Password Storage Scheme implementation. Default Value org.opends.server.extensions.ClearPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Crypt Password Storage Scheme Password Storage Schemes of type crypt-password-storage-scheme have the following properties: crypt-password-storage-encryption-algorithm Description Specifies the algorithm to use to encrypt new passwords. Select the crypt algorithm to use to encrypt new passwords. The value can either be "unix", which means the password is encrypted with the weak Unix crypt algorithm, or "md5" which means the password is encrypted with the BSD MD5 algorithm and has a $1$ prefix, or "sha256" which means the password is encrypted with the SHA256 algorithm and has a $5$ prefix, or "sha512" which means the password is encrypted with the SHA512 algorithm and has a $6$ prefix. Default Value unix Allowed Values md5 New passwords are encrypted with the BSD MD5 algorithm. sha256 New passwords are encrypted with the Unix crypt SHA256 algorithm. sha512 New passwords are encrypted with the Unix crypt SHA512 algorithm. unix New passwords are encrypted with the Unix crypt algorithm. Passwords are truncated at 8 characters and the top bit of each character is ignored. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Crypt Password Storage Scheme implementation. Default Value org.opends.server.extensions.CryptPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No MD5 Password Storage Scheme Password Storage Schemes of type md5-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the MD5 Password Storage Scheme implementation. Default Value org.opends.server.extensions.MD5PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No PBKDF2 Hmac SHA256 Password Storage Scheme Password Storage Schemes of type pbkdf2-hmac-sha256-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the PBKDF2 Hmac SHA256 Password Storage Scheme implementation. Default Value org.opends.server.extensions.PBKDF2HmacSHA256PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No pbkdf2-iterations Description The number of algorithm iterations to make. NIST recommends at least 1000. Default Value 10000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No PBKDF2 Hmac SHA512 Password Storage Scheme Password Storage Schemes of type pbkdf2-hmac-sha512-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the PBKDF2 Hmac SHA512 Password Storage Scheme implementation. Default Value org.opends.server.extensions.PBKDF2HmacSHA512PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No pbkdf2-iterations Description The number of algorithm iterations to make. NIST recommends at least 1000. Default Value 10000 Allowed Values An integer value. Lower value is 1. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No PKCS5S2 Password Storage Scheme Password Storage Schemes of type pkcs5s2-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the PKCS5S2 Password Storage Scheme implementation. Default Value org.opends.server.extensions.PKCS5S2PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No RC4 Password Storage Scheme Password Storage Schemes of type rc4-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the RC4 Password Storage Scheme implementation. Default Value org.opends.server.extensions.RC4PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Salted MD5 Password Storage Scheme Password Storage Schemes of type salted-md5-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Salted MD5 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SaltedMD5PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Salted SHA1 Password Storage Scheme Password Storage Schemes of type salted-sha1-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Salted SHA1 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SaltedSHA1PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Salted SHA256 Password Storage Scheme Password Storage Schemes of type salted-sha256-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Salted SHA256 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SaltedSHA256PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Salted SHA384 Password Storage Scheme Password Storage Schemes of type salted-sha384-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Salted SHA384 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SaltedSHA384PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Salted SHA512 Password Storage Scheme Password Storage Schemes of type salted-sha512-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Salted SHA512 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SaltedSHA512PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No SHA1 Password Storage Scheme Password Storage Schemes of type sha1-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the SHA1 Password Storage Scheme implementation. Default Value org.opends.server.extensions.SHA1PasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Triple DES Password Storage Scheme Password Storage Schemes of type triple-des-password-storage-scheme have the following properties: enabled Description Indicates whether the Password Storage Scheme is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the Triple DES Password Storage Scheme implementation. Default Value org.opends.server.extensions.TripleDESPasswordStorageScheme Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordStorageScheme Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No dsconfig create-password-validator(1) Name dsconfig create-password-validator - Creates Password Validators Synopsis dsconfig create-password-validator {options} Description Creates Password Validators. Options The dsconfig create-password-validator command takes the following options: --validator-name {name} The name of the new Password Validator. Password Validator properties depend on the Password Validator type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Password Validator types: attribute-value-password-validator Default {name}: Attribute Value Password Validator Enabled by default: true See Attribute Value Password Validator for the properties of this Password Validator type. character-set-password-validator Default {name}: Character Set Password Validator Enabled by default: true See Character Set Password Validator for the properties of this Password Validator type. dictionary-password-validator Default {name}: Dictionary Password Validator Enabled by default: true See Dictionary Password Validator for the properties of this Password Validator type. length-based-password-validator Default {name}: Length Based Password Validator Enabled by default: true See Length Based Password Validator for the properties of this Password Validator type. repeated-characters-password-validator Default {name}: Repeated Characters Password Validator Enabled by default: true See Repeated Characters Password Validator for the properties of this Password Validator type. similarity-based-password-validator Default {name}: Similarity Based Password Validator Enabled by default: true See Similarity Based Password Validator for the properties of this Password Validator type. unique-characters-password-validator Default {name}: Unique Characters Password Validator Enabled by default: true See Unique Characters Password Validator for the properties of this Password Validator type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Password Validator properties depend on the Password Validator type, which depends on the --validator-name {name} option. -t | --type {type} The type of Password Validator which should be created. The value for TYPE can be one of: attribute-value | character-set | custom | dictionary | length-based | repeated-characters | similarity-based | unique-characters. Password Validator properties depend on the Password Validator type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Password Validator types: attribute-value-password-validator Default {type}: Attribute Value Password Validator Enabled by default: true See Attribute Value Password Validator for the properties of this Password Validator type. character-set-password-validator Default {type}: Character Set Password Validator Enabled by default: true See Character Set Password Validator for the properties of this Password Validator type. dictionary-password-validator Default {type}: Dictionary Password Validator Enabled by default: true See Dictionary Password Validator for the properties of this Password Validator type. length-based-password-validator Default {type}: Length Based Password Validator Enabled by default: true See Length Based Password Validator for the properties of this Password Validator type. repeated-characters-password-validator Default {type}: Repeated Characters Password Validator Enabled by default: true See Repeated Characters Password Validator for the properties of this Password Validator type. similarity-based-password-validator Default {type}: Similarity Based Password Validator Enabled by default: true See Similarity Based Password Validator for the properties of this Password Validator type. unique-characters-password-validator Default {type}: Unique Characters Password Validator Enabled by default: true See Unique Characters Password Validator for the properties of this Password Validator type. Attribute Value Password Validator Password Validators of type attribute-value-password-validator have the following properties: check-substrings Description Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.AttributeValuePasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No match-attribute Description Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry. Default Value All attributes in the user entry will be checked. Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No min-substring-length Description Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. Default Value 5 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No test-reversed-password Description Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Character Set Password Validator Password Validators of type character-set-password-validator have the following properties: allow-unclassified-characters Description Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No character-set Description Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. Default Value If no sets are specified, the validator only uses the defined character ranges. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No character-set-ranges Description Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered. Default Value If no ranges are specified, the validator only uses the defined character sets. Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.CharacterSetPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No min-character-sets Description Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3. Default Value The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges. Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No Dictionary Password Validator Password Validators of type dictionary-password-validator have the following properties: case-sensitive-validation Description Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. Default Value false Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No check-substrings Description Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No dictionary-file Description Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. Default Value For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt Allowed Values The path to any text file contained on the system that is readable by the server. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.DictionaryPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No min-substring-length Description Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. Default Value 5 Allowed Values An integer value. Lower value is 0. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No test-reversed-password Description Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. Default Value true Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Length Based Password Validator Password Validators of type length-based-password-validator have the following properties: enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.LengthBasedPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No max-password-length Description Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. Default Value 0 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No min-password-length Description Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length. Default Value 6 Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No Repeated Characters Password Validator Password Validators of type repeated-characters-password-validator have the following properties: case-sensitive-validation Description Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.RepeatedCharactersPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No max-consecutive-length Description Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Similarity Based Password Validator Password Validators of type similarity-based-password-validator have the following properties: enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.SimilarityBasedPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No min-password-difference Description Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. Default Value None Allowed Values An integer value. Lower value is 0. Upper value is 2147483647. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No Unique Characters Password Validator Password Validators of type unique-characters-password-validator have the following properties: case-sensitive-validation Description Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the password validator is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the password validator implementation. Default Value org.opends.server.extensions.UniqueCharactersPasswordValidator Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator Multi-valued No Required Yes Admin Action Required The Password Validator must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No min-unique-characters Description Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced. Default Value None Allowed Values An integer value. Lower value is 0. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No dsconfig create-plugin(1) Name dsconfig create-plugin - Creates Plugins Synopsis dsconfig create-plugin {options} Description Creates Plugins. Options The dsconfig create-plugin command takes the following options: --plugin-name {name} The name of the new Plugin. Plugin properties depend on the Plugin type, which depends on the {name} you provide. By default, OpenDJ directory server supports the following Plugin types: attribute-cleanup-plugin Default {name}: Attribute Cleanup Plugin Enabled by default: true See Attribute Cleanup Plugin for the properties of this Plugin type. change-number-control-plugin Default {name}: Change Number Control Plugin Enabled by default: true See Change Number Control Plugin for the properties of this Plugin type. entry-uuid-plugin Default {name}: Entry UUID Plugin Enabled by default: true See Entry UUID Plugin for the properties of this Plugin type. fractional-ldif-import-plugin Default {name}: Fractional LDIF Import Plugin Enabled by default: true See Fractional LDIF Import Plugin for the properties of this Plugin type. last-mod-plugin Default {name}: Last Mod Plugin Enabled by default: true See Last Mod Plugin for the properties of this Plugin type. ldap-attribute-description-list-plugin Default {name}: LDAP Attribute Description List Plugin Enabled by default: true See LDAP Attribute Description List Plugin for the properties of this Plugin type. password-policy-import-plugin Default {name}: Password Policy Import Plugin Enabled by default: true See Password Policy Import Plugin for the properties of this Plugin type. profiler-plugin Default {name}: Profiler Plugin Enabled by default: true See Profiler Plugin for the properties of this Plugin type. referential-integrity-plugin Default {name}: Referential Integrity Plugin Enabled by default: true See Referential Integrity Plugin for the properties of this Plugin type. samba-password-plugin Default {name}: Samba Password Plugin Enabled by default: true See Samba Password Plugin for the properties of this Plugin type. seven-bit-clean-plugin Default {name}: Seven Bit Clean Plugin Enabled by default: true See Seven Bit Clean Plugin for the properties of this Plugin type. unique-attribute-plugin Default {name}: Unique Attribute Plugin Enabled by default: true See Unique Attribute Plugin for the properties of this Plugin type. --set {PROP:VALUE} Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it. Plugin properties depend on the Plugin type, which depends on the --plugin-name {name} option. -t | --type {type} The type of Plugin which should be created. The value for TYPE can be one of: attribute-cleanup | change-number-control | custom | entry-uuid | fractional-ldif-import | last-mod | ldap-attribute-description-list | password-policy-import | profiler | referential-integrity | samba-password | seven-bit-clean | unique-attribute. Plugin properties depend on the Plugin type, which depends on the {type} you provide. By default, OpenDJ directory server supports the following Plugin types: attribute-cleanup-plugin Default {type}: Attribute Cleanup Plugin Enabled by default: true See Attribute Cleanup Plugin for the properties of this Plugin type. change-number-control-plugin Default {type}: Change Number Control Plugin Enabled by default: true See Change Number Control Plugin for the properties of this Plugin type. entry-uuid-plugin Default {type}: Entry UUID Plugin Enabled by default: true See Entry UUID Plugin for the properties of this Plugin type. fractional-ldif-import-plugin Default {type}: Fractional LDIF Import Plugin Enabled by default: true See Fractional LDIF Import Plugin for the properties of this Plugin type. last-mod-plugin Default {type}: Last Mod Plugin Enabled by default: true See Last Mod Plugin for the properties of this Plugin type. ldap-attribute-description-list-plugin Default {type}: LDAP Attribute Description List Plugin Enabled by default: true See LDAP Attribute Description List Plugin for the properties of this Plugin type. password-policy-import-plugin Default {type}: Password Policy Import Plugin Enabled by default: true See Password Policy Import Plugin for the properties of this Plugin type. profiler-plugin Default {type}: Profiler Plugin Enabled by default: true See Profiler Plugin for the properties of this Plugin type. referential-integrity-plugin Default {type}: Referential Integrity Plugin Enabled by default: true See Referential Integrity Plugin for the properties of this Plugin type. samba-password-plugin Default {type}: Samba Password Plugin Enabled by default: true See Samba Password Plugin for the properties of this Plugin type. seven-bit-clean-plugin Default {type}: Seven Bit Clean Plugin Enabled by default: true See Seven Bit Clean Plugin for the properties of this Plugin type. unique-attribute-plugin Default {type}: Unique Attribute Plugin Enabled by default: true See Unique Attribute Plugin for the properties of this Plugin type. Attribute Cleanup Plugin Plugins of type attribute-cleanup-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.AttributeCleanupPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value preparseadd preparsemodify Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No remove-inbound-attributes Description A list of attributes which should be removed from incoming add or modify requests. Default Value No attributes will be removed Allowed Values A String Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No rename-inbound-attributes Description A list of attributes which should be renamed in incoming add or modify requests. Default Value No attributes will be renamed Allowed Values An attribute name mapping. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No Change Number Control Plugin Plugins of type change-number-control-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.ChangeNumberControlPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value postOperationAdd postOperationDelete postOperationModify postOperationModifyDN Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Entry UUID Plugin Plugins of type entry-uuid-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.EntryUUIDPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value ldifimport preoperationadd Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Fractional LDIF Import Plugin Plugins of type fractional-ldif-import-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value None Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value None Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property No Read-only No Last Mod Plugin Plugins of type last-mod-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.LastModPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value preoperationadd preoperationmodify preoperationmodifydn Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No LDAP Attribute Description List Plugin Plugins of type ldap-attribute-description-list-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.LDAPADListPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value preparsesearch Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Password Policy Import Plugin Plugins of type password-policy-import-plugin have the following properties: default-auth-password-storage-scheme Description Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. Default Value If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. Allowed Values The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No default-user-password-storage-scheme Description Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. Default Value If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. Allowed Values The DN of any Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.PasswordPolicyImportPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value ldifimport Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No Profiler Plugin Plugins of type profiler-plugin have the following properties: enable-profiling-on-startup Description Indicates whether the profiler plug-in is to start collecting data automatically when the directory server is started. This property is read only when the server is started, and any changes take effect on the next restart. This property is typically set to "false" unless startup profiling is required, because otherwise the volume of data that can be collected can cause the server to run out of memory if it is not turned off in a timely manner. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.profiler.ProfilerPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value startup Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No profile-action Description Specifies the action that should be taken by the profiler. A value of "start" causes the profiler thread to start collecting data if it is not already active. A value of "stop" causes the profiler thread to stop collecting data and write it to disk, and a value of "cancel" causes the profiler thread to stop collecting data and discard anything that has been captured. These operations occur immediately. Default Value none Allowed Values cancel Stop collecting profile data and discard what has been captured. none Do not take any action. start Start collecting profile data. stop Stop collecting profile data and write what has been captured to a file in the profile directory. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No profile-directory Description Specifies the path to the directory where profile information is to be written. This path may be either an absolute path or a path that is relative to the root of the OpenDJ directory server instance. The directory must exist and the directory server must have permission to create new files in it. Default Value None Allowed Values The path to any directory that exists on the filesystem and that can be read and written by the server user. Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No profile-sample-interval Description Specifies the sample interval in milliseconds to be used when capturing profiling information in the server. When capturing data, the profiler thread sleeps for this length of time between calls to obtain traces for all threads running in the JVM. Default Value None Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 1 milliseconds.Upper limit is 2147483647 milliseconds. Multi-valued No Required Yes Admin Action Required NoneChanges to this configuration attribute take effect the next time the profiler is started. Advanced Property No Read-only No Referential Integrity Plugin Plugins of type referential-integrity-plugin have the following properties: attribute-type Description Specifies the attribute types for which referential integrity is to be maintained. At least one attribute type must be specified, and the syntax of any attributes must be either a distinguished name (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID (1.3.6.1.4.1.1466.115.121.1.34). Default Value None Allowed Values The name of an attribute type defined in the server schema. Multi-valued Yes Required Yes Admin Action Required None Advanced Property No Read-only No base-dn Description Specifies the base DN that limits the scope within which referential integrity is maintained. Default Value Referential integrity is maintained in all public naming contexts. Allowed Values A valid DN. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No check-references Description Specifies whether reference attributes must refer to existing entries. When this property is set to true, this plugin will ensure that any new references added as part of an add or modify operation point to existing entries, and that the referenced entries match the filter criteria for the referencing attribute, if specified. Default Value false Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No check-references-filter-criteria Description Specifies additional filter criteria which will be enforced when checking references. If a reference attribute has filter criteria defined then this plugin will ensure that any new references added as part of an add or modify operation refer to an existing entry which matches the specified filter. Default Value None Allowed Values An attribute-filter mapping. Multi-valued Yes Required No Admin Action Required None Advanced Property No Read-only No check-references-scope-criteria Description Specifies whether referenced entries must reside within the same naming context as the entry containing the reference. The reference scope will only be enforced when reference checking is enabled. Default Value global Allowed Values global References may refer to existing entries located anywhere in the Directory. naming-context References must refer to existing entries located within the same naming context. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.ReferentialIntegrityPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No log-file Description Specifies the log file location where the update records are written when the plug-in is in background-mode processing. The default location is the logs directory of the server instance, using the file name "referint". Default Value logs/referint Allowed Values A path to an existing file that is readable by the server. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value postoperationdelete postoperationmodifydn subordinatemodifydn subordinatedelete preoperationadd preoperationmodify Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete Invoked after completing the core delete processing but before sending the response to the client. postoperationextended Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch Invoked after completing the core search processing but before sending the response to the client. postoperationunbind Invoked after completing the unbind processing. postresponseadd Invoked after sending the add response to the client. postresponsebind Invoked after sending the bind response to the client. postresponsecompare Invoked after sending the compare response to the client. postresponsedelete Invoked after sending the delete response to the client. postresponseextended Invoked after sending the extended response to the client. postresponsemodify Invoked after sending the modify response to the client. postresponsemodifydn Invoked after sending the modify DN response to the client. postresponsesearch Invoked after sending the search result done message to the client. postsynchronizationadd Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd Invoked prior to performing the core add processing. preoperationbind Invoked prior to performing the core bind processing. preoperationcompare Invoked prior to performing the core compare processing. preoperationdelete Invoked prior to performing the core delete processing. preoperationextended Invoked prior to performing the core extended processing. preoperationmodify Invoked prior to performing the core modify processing. preoperationmodifydn Invoked prior to performing the core modify DN processing. preoperationsearch Invoked prior to performing the core search processing. preparseabandon Invoked prior to parsing an abandon request. preparseadd Invoked prior to parsing an add request. preparsebind Invoked prior to parsing a bind request. preparsecompare Invoked prior to parsing a compare request. preparsedelete Invoked prior to parsing a delete request. preparseextended Invoked prior to parsing an extended request. preparsemodify Invoked prior to parsing a modify request. preparsemodifydn Invoked prior to parsing a modify DN request. preparsesearch Invoked prior to parsing a search request. preparseunbind Invoked prior to parsing an unbind request. searchresultentry Invoked before sending a search result entry to the client. searchresultreference Invoked before sending a search result reference to the client. shutdown Invoked during a graceful directory server shutdown. startup Invoked during the directory server startup process. subordinatedelete Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. Multi-valued Yes Required Yes Admin Action Required The Plugin must be disabled and re-enabled for changes to this setting to take effect Advanced Property Yes (Use --advanced in interactive mode.) Read-only No update-interval Description Specifies the interval in seconds when referential integrity updates are made. If this value is 0, then the updates are made synchronously in the foreground. Default Value 0 seconds Allowed Values <xinclude:include href="itemizedlist-duration.xml" /> Lower limit is 0 seconds. Multi-valued No Required No Admin Action Required None Advanced Property No Read-only No Samba Password Plugin Plugins of type samba-password-plugin have the following properties: enabled Description Indicates whether the plug-in is enabled for use. Default Value None Allowed Values true false Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No invoke-for-internal-operations Description Indicates whether the plug-in should be invoked for internal operations. Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. Default Value true Allowed Values true false Multi-valued No Required No Admin Action Required None Advanced Property Yes (Use --advanced in interactive mode.) Read-only No java-class Description Specifies the fully-qualified name of the Java class that provides the plug-in implementation. Default Value org.opends.server.plugins.SambaPasswordPlugin Allowed Values A Java class that implements or extends the class(es): org.opends.server.api.plugin.DirectoryServerPlugin Multi-valued No Required Yes Admin Action Required None Advanced Property No Read-only No plugin-type Description Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. Default Value preoperationmodify postoperationextended Allowed Values intermediateresponse Invoked before sending an intermediate repsonse message to the client. ldifexport Invoked for each operation to be written during an LDIF export. ldifimport Invoked for each entry read during an LDIF import. ldifimportbegin Invoked at the beginning of an LDIF import session. ldifimportend Invoked at the end of an LDIF import session. postconnect Invoked whenever a new connection is established to the server. postdisconnect Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon Invoked after completing the abandon processing. postoperationadd Invoked after completing the core add processing but before sending the response to the client. postoperationbind Invoked afte