Versions Compared

Old Version 22

changes.mady.by.user Emmanuel Lécharny

Saved on

compared with

New Version 23

changes.mady.by.user Emmanuel Lécharny

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added the DirectoryService configuration

...

Parameter

Default

Mandatory

Description

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="83181381f529fed5-726e442e-49dd45bb-a6589c4f-3a1191e84b2e64e90f6b15f8"><ac:plain-text-body><![CDATA[

attributeId

NA

yes

The attributeType to index (see below, [1])

]]></ac:plain-text-body></ac:structured-macro>

cacheSize

100

no

The number of objects stored into the cache

numDupLimit

512

no

WARNING : this is a technical parameter, do not
change it without good reasons. This parameter tells the server to switch
from a linear storage of duplicated elements to a B-tree backed storage
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9edaaa9bd4120452-acd91197-44304512-b58c878e-1349c9eac7ee9c88b76579c4"><ac:plain-text-body><![CDATA[ (see below, [2])

]]></ac:plain-text-body></ac:structured-macro>

wkDirPath

NA

no

WARNING : this is a technical parameter, do not
change it without good reasons. Sets the working directory path to something
other than the default. Sometimes more performance is gained by locating
indices on separate disk spindles.

...

We have define two indexes for the ou and uid attributeType, on top of the technical attributeTypes (all the OIDs), and the ObjectClass, obviously. The cache size is small (from 10 objects to 100 objects).

DefaultDirectoryService

This is the directory service managing all the stored information for many protocols, including LDAP, KDC, DNS and ChangePassword.

Protocols

All the supported protocols (except DHCP) are derived from the AbstractProtocolService, and all of those protocols but NTP inherit from the DirectoryBackedService.

...

Parameter

Default

Mandatory

Description

allowableClockSkew

5 minutes

no

The allowable clock skew.

emptyAddressesAllowed

true

no

Whether tickets issued with empty Host Addresses are allowed.

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e87579fe5cf4f45a-abdbbeb9-4b3141c3-b0f889bc-1550ba97069543f951c35a73"><ac:plain-text-body><![CDATA[

encryptionTypes

des-cbc-md5

no

A list of possible encryption types. See [1] for the possible values

]]></ac:plain-text-body></ac:structured-macro>

policyCategoryCount

3

no

The policy for number of character categories required (A - Z), (a - z), (0 - 9),
non-alphanumeric (!, $, #, %, ... ).

policyPasswordLength

6

no

The policy for minimum password length.

policyTokenSize

3

no

The policy for minimum token size. Passwords must not contain tokens smaller
than 'policyTokenSize' that occur in the user's principal name

primaryRealm

EXAMPLE.COM

no

The primary realm.

servicePrincipal

kadmin/changepw@EXAMPLE.COM

no

The service principal name.

...

Code Block
<ldapService>
    ...
    <!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. -->
    <saslRealms>
      <s:value>example.com</s:value>
      <s:value>apache.org</s:value>
    </saslRealms>
    ...

DirectoryService configuration

This is the directory service managing all the stored information for many protocols, including LDAP, KDC, DNS and ChangePassword.

It has many parameters which can be tunned. Here is the list of all the available parameters :

Parameter

Default

Mandatory

Description

accessControlEnabled

false

no

Sets whether to enable basic access control checks or not

allowAnonymousAccess

true

no

Sets whether to allow anonymous access to entries other than the RootDSE

changeLog

N/A

no

Sets the ChangeLog service for this DirectoryService used for tracking changes

denormalizeOpAttrsEnabled

false

no

Sets whether the operational attributes are denormalized when returned

exitVmOnShutdown

true

no

A flag used to shutdown the VM when stopping the server. Useful
when the server is standalone. If the server is embedded, we don't
want to shutdown the VM

interceptors

N/A

yes

Manage the list of available interceptors. See Interceptors

journal

N/A

no

Manage the Journaling system. See Journal

maxPDUSize

Integer.MAX

no

The maximum size for an incoming PDU

partitions

N/A

yes

The set of all declared partitions

passwordHidden

false

no

A flag to tell if the userPassword attribute's value must be hidden (NYI)

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90e20ae9-bc87-443a-b91e-c15fa22e992d"><ac:plain-text-body><![CDATA[

replicaId

0

false

The directory instance replication ID (must be an integer in [0,999]

]]></ac:plain-text-body></ac:structured-macro>

systemPartition

N/A

yes

The System partition

testEntries

N/A

no

A list of LDIF entries to inject at startup

workingDirectory

"server-work"

no

The server working directory

Journal

Manage the Journaling system. It can be enabled or disabled, and is associated with a Store. Here is an example of configuration :

Code Block

<journal enabled="true">
  <journalStore fileName="journal.log" workingDirectory="/var/log">
</journal>
ExtendedOperationHandlers configuration

...