The server-config.dtd defines the structure for serverconfig.xml. It is located in /FederationManager-base/XXXXXXXX.
<?xml version="1.0" encoding="ISO-8859-1"?> <-- Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. --> <!-- The root.--> <!ELEMENT iPlanetDataAccessLayer (ServerGroup+) > <!ELEMENT ServerGroup Server+ User+ BaseDN MiscConfig*> <!ATTLIST ServerGroup name ID #REQUIRED minConnPool NMTOKEN "1" maxConnPool NMTOKEN "10" > <!ELEMENT BaseDN (#PCDATA) > <!-- An Server contains an id, host name and port. --> <!ELEMENT Server> <!ATTLIST Server name ID #REQUIRED host CDATA #REQUIRED port NMTOKEN "389" type (SIMPLE|SSL) "SIMPLE" > <!--An User contains an ID, the type of privileges the DN and Password provides. The type of connection of a DirInstance is realized from the type of User it is associated with or it contains.--> <!ELEMENT User (DirDN, DirPassword)> <!ATTLIST User name ID #REQUIRED type (auth|proxy|rebind|admin) "auth" > <!ELEMENT DirDN (#PCDATA)> <!ELEMENT DirPassword (#PCDATA)> <!ELEMENT MiscConfig EMPTY> <!ATTLIST MiscConfig name CDATA #REQUIRED value CDATA #IMPLIED > |
This section defines the main elements of the DTD.
iPlanetDataAccessLayer is the root element. It allows for the definition of multiple server groups per XML file. Its immediate sub-element is the ServerGroup. It contains no attributes.
ServerGroup defines a pointer to one or more LDAPv3–compliant directories. They can be master or replica servers. The sub-elements that qualify ServerGroup include:
Server
User
BaseDN
MiscConfig
The ServerGroup attributes are the name of the server group, and values for minConnPool and maxConnPool which define the minimum (1) and maximum (10) connections that can be opened for the LDAP connection pool respectively. More than one defined ServerGroup element is not supported.
Federation Manager uses a connection pool to access the LDAPv3–compliant directory. All connections are opened when Federation Manager starts and are not closed. They are reused.
Server defines a specific LDAPv3–compliant directory instance. It contains no sub-elements. The required XML attributes are a user-friendly name for the server, the host name, the port number on which the LDAPv3–compliant directory runs, and the type of LDAP connection that must be opened (either simple or SSL).
User contains sub-elements that define the user configured for the instance of the LDAPv3–compliant directory. The User sub-elements are DirDN and DirPassword. It's required XML attributes are the name of the user, and the type of user. The values for type identify the user's privileges and the type of connection that will be opened to the directory instance. Options include:
auth defines a user authenticated to the LDAPv3–compliant directory.
proxy defines a proxy user for the LDAPv3–compliant directory. See Proxy User.
rebind defines a user with credentials that can be used to rebind to the LDAPv3–compliant directory.
admin defines a user with administrative privileges for the LDAPv3–compliant directory. See Admin User.
DirDN contains the LDAP Distinguished Name (DN) of the defined user.
DirPassword contains the defined user's encrypted password.
It is important that passwords and encryption keys are kept consistent throughout the deployment. For example, the passwords defined in this element are stored in the LDAPv3–compliant directory. If the password is changed in one place, it must be updated in all places where it is defined. Additionally, this password is encrypted. If the encryption key defined in the am.encryption.pwd property is changed, all passwords in serverconfig.xml must be re-encrypted using ampassword.
BaseDN defines the base DN for the server group. It contains no sub-elements and no XML attributes.
MiscConfig is a placeholder for defining any LDAP JDK features like cache size. It contains no sub-elements. It's required XML attributes are the name of the feature and its defined value.