Configuration Parameters Reference
Note | ||
---|---|---|
| ||
This page lists all configuration parameters which can be used in conf/server.xml in Version 1.5.1. For a more detailed description look at the corresponding section in the Advanced User's Guide.
Table of Contents |
---|
Environment parameters
Those parameters are loaded in the org.apache.directory.server.Service.java class, when the server is started, in the init method :
...
Note |
---|
The admin password should be changed when the server is started. A good thing would be that the server cannot start if this password is kept as is. |
Protocol providers
Parameters common to all protocol providers
Since all protocol provider Configuration beans inherit from the same ServiceConfiguration, they share many of the same configuration parameters.
...
Warning |
---|
It would be good to have more insight about catalogs. |
LDAP-Specific Configuration Parameters
Note |
---|
We have had a lot of modification in this part. Some of them are really going in the right direction, some other needs to be tuned. |
...
Parameter | Default value | Description | Comments |
---|---|---|---|
saslHost | ldap.example.com | The name of this host, validated during SASL negotiation. | The host name must be selected with great caution |
saslPrincipal | ldap/ldap.example.com@EXAMPLE.COM | The service principal, used by GSSAPI. | |
saslQop | auth, auth-int, auth-conf | The quality of protection (QoP), used by DIGEST-MD5 and GSSAPI. | |
saslRealms | example.com | The list of realms serviced by this host. | |
maxSizeLimit | 100 | The maximum size limit. | |
maxTimeLimit | 10000 | The maximum time limit. | |
enableLdaps | false | Whether LDAPS is enabled. | |
ldapsCertificateFile | server-work/certificates/server.cert | The path to the certificate file. | |
ldapsCertificatePassword | changeit | The certificate password. | |
extendedOperationHandlers | No default. | The extended operation handlers. |
Kerberos-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="kdcConfiguration" class="org.apache.directory.server.kerberos.kdc.KdcConfiguration"> <!-- Whether to enable the Kerberos protocol. --> <property name="enabled" value="false" /> <!-- The port to run the Kerberos protocol on. --> <property name="ipPort" value="88" /> </bean> |
Parameter | Default value | Description |
---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | krbtgt/EXAMPLE.COM@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
paEncTimestampRequired | true | Whether pre-authentication by encrypted timestamp is required. |
maximumTicketLifetime | 1440 (24 hours) | The maximum ticket lifetime. |
maximumRenewableLifetime | 10080 (1 week) | The maximum renewable lifetime. |
emptyAddressesAllowed | true | Whether ticket issuance for empty Host Addresses is allowed. |
forwardableAllowed | true | Whether forwardable tickets are allowed. |
proxiableAllowed | true | Whether proxiable tickets are allowed. |
postdateAllowed | true | Whether postdated tickets are allowed. |
renewableAllowed | true | Whether renewable tickets are allowed. |
Change Password-Specific Configuration Parameters
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration"> <!-- Whether to enable the Change Password protocol. --> <property name="enabled" value="false" /> <!-- The port to run the Change Password protocol on. --> <property name="ipPort" value="464" /> </bean> |
Parameter | Default value | Description |
---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | kadmin/changepw@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
emptyAddressesAllowed | true | Whether tickets issued with empty Host Addresses are allowed. |
policyPasswordLength | 6 characters | The policy for minimum password length. |
policyCategoryCount | 3 (out of 4) | The policy for number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ). |
policyTokenSize | 3 characters | The policy for minimum token size. Passwords must not contain tokens larger than 'policyTokenSize' that occur in the user's principal name. |
NTP-Specific configuration parameters
The NTP parameters are very limited :
...
Note |
---|
Just wanted to know if the UDP and TCP should be enabled or if the server just accept TCP ? |
DHCP-Specific configuration parameters
There is no description about DHCP parameters atm.
Server Startup Configuration
Replication
Code Block | ||||
---|---|---|---|---|
| ||||
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration"> <property name="name" value="replicationService" /> <property name="interceptor"> <bean class="org.apache.directory.mitosis.service.ReplicationService"> <property name="configuration"> <bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration"> <property name="replicaId"> <bean class="org.apache.directory.mitosis.common.ReplicaId"> <constructor-arg> <value>instance_a</value> </constructor-arg> </bean> </property> <property name="serverPort" value="10390" /> <property name="peerReplicas" value="instance_b@localhost:10392" /> </bean> </property> </bean> </property> </bean> |
Parameter | Default value | Description |
---|