...
Parameter | Default | Mandatory | Description | ||
---|---|---|---|---|---|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="83181381f529fed5-726e442e-49dd45bb-a6589c4f-3a1191e84b2e64e90f6b15f8"><ac:plain-text-body><![CDATA[ | attributeId | NA | yes | The attributeType to index (see below, [1]) | ]]></ac:plain-text-body></ac:structured-macro> |
cacheSize | 100 | no | The number of objects stored into the cache | ||
numDupLimit | 512 | no | WARNING : this is a technical parameter, do not | ]]></ac:plain-text-body></ac:structured-macro> | |
wkDirPath | NA | no | WARNING : this is a technical parameter, do not |
...
We have define two indexes for the ou and uid attributeType, on top of the technical attributeTypes (all the OIDs), and the ObjectClass, obviously. The cache size is small (from 10 objects to 100 objects).
DefaultDirectoryService
This is the directory service managing all the stored information for many protocols, including LDAP, KDC, DNS and ChangePassword.
Protocols
All the supported protocols (except DHCP) are derived from the AbstractProtocolService, and all of those protocols but NTP inherit from the DirectoryBackedService.
...
Parameter | Default | Mandatory | Description | ||
---|---|---|---|---|---|
allowableClockSkew | 5 minutes | no | The allowable clock skew. | ||
emptyAddressesAllowed | true | no | Whether tickets issued with empty Host Addresses are allowed. | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e87579fe5cf4f45a-abdbbeb9-4b3141c3-b0f889bc-1550ba97069543f951c35a73"><ac:plain-text-body><![CDATA[ | encryptionTypes | des-cbc-md5 | no | A list of possible encryption types. See [1] for the possible values | ]]></ac:plain-text-body></ac:structured-macro> |
policyCategoryCount | 3 | no | The policy for number of character categories required (A - Z), (a - z), (0 - 9), | ||
policyPasswordLength | 6 | no | The policy for minimum password length. | ||
policyTokenSize | 3 | no | The policy for minimum token size. Passwords must not contain tokens smaller | ||
primaryRealm | EXAMPLE.COM | no | The primary realm. | ||
servicePrincipal | kadmin/changepw@EXAMPLE.COM | no | The service principal name. |
...
Code Block |
---|
<ldapService> ... <!-- The realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI. --> <saslRealms> <s:value>example.com</s:value> <s:value>apache.org</s:value> </saslRealms> ... |
DirectoryService configuration
This is the directory service managing all the stored information for many protocols, including LDAP, KDC, DNS and ChangePassword.
It has many parameters which can be tunned. Here is the list of all the available parameters :
Parameter | Default | Mandatory | Description | ||
---|---|---|---|---|---|
accessControlEnabled | false | no | Sets whether to enable basic access control checks or not | ||
allowAnonymousAccess | true | no | Sets whether to allow anonymous access to entries other than the RootDSE | ||
changeLog | N/A | no | Sets the ChangeLog service for this DirectoryService used for tracking changes | ||
denormalizeOpAttrsEnabled | false | no | Sets whether the operational attributes are denormalized when returned | ||
exitVmOnShutdown | true | no | A flag used to shutdown the VM when stopping the server. Useful | ||
interceptors | N/A | yes | Manage the list of available interceptors. See Interceptors | ||
journal | N/A | no | Manage the Journaling system. See Journal | ||
maxPDUSize | Integer.MAX | no | The maximum size for an incoming PDU | ||
partitions | N/A | yes | The set of all declared partitions | ||
passwordHidden | false | no | A flag to tell if the userPassword attribute's value must be hidden (NYI) | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="90e20ae9-bc87-443a-b91e-c15fa22e992d"><ac:plain-text-body><![CDATA[ | replicaId | 0 | false | The directory instance replication ID (must be an integer in [0,999] | ]]></ac:plain-text-body></ac:structured-macro> |
systemPartition | N/A | yes | The System partition | ||
testEntries | N/A | no | A list of LDIF entries to inject at startup | ||
workingDirectory | "server-work" | no | The server working directory |
Journal
Manage the Journaling system. It can be enabled or disabled, and is associated with a Store. Here is an example of configuration :
Code Block |
---|
<journal enabled="true">
<journalStore fileName="journal.log" workingDirectory="/var/log">
</journal>
|
ExtendedOperationHandlers configuration
...