Configuration Parameters Reference
| Note | ||
|---|---|---|
| ||
This page lists all configuration parameters which can be used in conf/server.xml in Version 1.5.1. For a more detailed description look at the corresponding section in the Advanced User's Guide.
| Table of Contents |
|---|
Environment parameters
Those parameters are loaded in the org.apache.directory.server.Service.java class, when the server is started, in the init method :
...
| Note |
|---|
The admin password should be changed when the server is started. A good thing would be that the server cannot start if this password is kept as is. |
Protocol providers
Parameters common to all protocol providers
Since all protocol provider Configuration beans inherit from the same ServiceConfiguration, they share many of the same configuration parameters.
...
| Warning |
|---|
It would be good to have more insight about catalogs. |
LDAP-Specific Configuration Parameters
| Note |
|---|
We have had a lot of modification in this part. Some of them are really going in the right direction, some other needs to be tuned. |
...
Parameter | Default value | Description | Comments |
|---|---|---|---|
saslHost | ldap.example.com | The name of this host, validated during SASL negotiation. | The host name must be selected with great caution |
saslPrincipal | ldap/ldap.example.com@EXAMPLE.COM | The service principal, used by GSSAPI. | |
saslQop | auth, auth-int, auth-conf | The quality of protection (QoP), used by DIGEST-MD5 and GSSAPI. | |
saslRealms | example.com | The list of realms serviced by this host. | |
maxSizeLimit | 100 | The maximum size limit. | |
maxTimeLimit | 10000 | The maximum time limit. | |
enableLdaps | false | Whether LDAPS is enabled. | |
ldapsCertificateFile | server-work/certificates/server.cert | The path to the certificate file. | |
ldapsCertificatePassword | changeit | The certificate password. | |
extendedOperationHandlers | No default. | The extended operation handlers. |
Kerberos-Specific Configuration Parameters
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="kdcConfiguration" class="org.apache.directory.server.kerberos.kdc.KdcConfiguration">
<!-- Whether to enable the Kerberos protocol. -->
<property name="enabled" value="false" />
<!-- The port to run the Kerberos protocol on. -->
<property name="ipPort" value="88" />
</bean>
|
Parameter | Default value | Description |
|---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | krbtgt/EXAMPLE.COM@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
paEncTimestampRequired | true | Whether pre-authentication by encrypted timestamp is required. |
maximumTicketLifetime | 1440 (24 hours) | The maximum ticket lifetime. |
maximumRenewableLifetime | 10080 (1 week) | The maximum renewable lifetime. |
emptyAddressesAllowed | true | Whether ticket issuance for empty Host Addresses is allowed. |
forwardableAllowed | true | Whether forwardable tickets are allowed. |
proxiableAllowed | true | Whether proxiable tickets are allowed. |
postdateAllowed | true | Whether postdated tickets are allowed. |
renewableAllowed | true | Whether renewable tickets are allowed. |
Change Password-Specific Configuration Parameters
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean id="changePasswordConfiguration" class="org.apache.directory.server.changepw.ChangePasswordConfiguration">
<!-- Whether to enable the Change Password protocol. -->
<property name="enabled" value="false" />
<!-- The port to run the Change Password protocol on. -->
<property name="ipPort" value="464" />
</bean>
|
Parameter | Default value | Description |
|---|---|---|
encryptionTypes | des-cbc-md5 | The encryption types. |
primaryRealm | EXAMPLE.COM | The primary realm. |
servicePrincipal | kadmin/changepw@EXAMPLE.COM | The service principal name. |
allowableClockSkew | 5 minutes | The allowable clock skew. |
emptyAddressesAllowed | true | Whether tickets issued with empty Host Addresses are allowed. |
policyPasswordLength | 6 characters | The policy for minimum password length. |
policyCategoryCount | 3 (out of 4) | The policy for number of character categories required (A - Z), (a - z), (0 - 9), non-alphanumeric (!, $, #, %, ... ). |
policyTokenSize | 3 characters | The policy for minimum token size. Passwords must not contain tokens larger than 'policyTokenSize' that occur in the user's principal name. |
NTP-Specific configuration parameters
The NTP parameters are very limited :
...
| Note |
|---|
Just wanted to know if the UDP and TCP should be enabled or if the server just accept TCP ? |
DHCP-Specific configuration parameters
There is no description about DHCP parameters atm.
Server Startup Configuration
Replication
| Code Block | ||||
|---|---|---|---|---|
| ||||
<bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
<property name="name" value="replicationService" />
<property name="interceptor">
<bean class="org.apache.directory.mitosis.service.ReplicationService">
<property name="configuration">
<bean class="org.apache.directory.mitosis.configuration.ReplicationConfiguration">
<property name="replicaId">
<bean class="org.apache.directory.mitosis.common.ReplicaId">
<constructor-arg>
<value>instance_a</value>
</constructor-arg>
</bean>
</property>
<property name="serverPort" value="10390" />
<property name="peerReplicas" value="instance_b@localhost:10392" />
</bean>
</property>
</bean>
</property>
</bean>
|
Parameter | Default value | Description |
|---|