Intro_3DSconf

introduction to Directory Server configuration properties

Description

This section describes Directory Server configuration properties. You set these properties with the dsconf command.

This section also describes legacy Directory Server configuration attributes. You set the attributes by using the ldapmodify command on entries under cn=config.

LIST OF CONFIGURATION ELEMENTS

This reference manual section includes the following pages. Many Directory Server properties exist. The properties that do not appear here are however also covered in the following pages.

all-ids-threshold(5DSCONF): Maximum number of values per index key in an index list
controls(5DSCONF): LDAP controls handled by Directory Server
desc(5DSCONF): Optional description of configuration element
ds-hdsml-clientauthmethod(5DSCONF): DSML SSL client authentication
ds-hdsml-dsmlschemalocation(5DSCONF): DSMLv2 schema location
ds-hdsml-iobuffersize(5DSCONF): buffer size for DSML requests
ds-hdsml-poolmaxsize(5DSCONF): maximum number of DSML parsers
ds-hdsml-poolsize(5DSCONF): default number of DSML parsers
ds-hdsml-port(5DSCONF): DSML port number
ds-hdsml-requestmaxsize(5DSCONF): maximum DSML request size
ds-hdsml-responsemsgsize(5DSCONF): maximum size of DSML response
ds-hdsml-rooturl(5DSCONF): root URL for DSML
ds-hdsml-secureport(5DSCONF): DSML SSL port number
ds-hdsml-soapschemalocation(5DSCONF): SOAP schema location for DSML
ds-maxheaphigh(5DSCONF): Specify soft and hard thresholds for heap memory use
ds-maxheaplow(5DSCONF): Specify soft and hard thresholds for heap memory use
ds5AgreementEnable(5DSCONF): Whether replication is enabled
ds5BeginReplicaAcceptUpdates(5DSCONF): Accept, rather than refer, update operations
ds5LastInitTimeStamp(5DSCONF): Time stamp for last initialization
ds5ReferralDelayAfterInit(5DSCONF): Accept update operations after the specified delay
ds5ReplicaAutomaticInit(5DSCONF): Automatically initialize dedicated consumer
ds5ReplicaConsumerTimeout(5DSCONF): Timeout for replication operations
ds5ReplicaTransportCompressionLevel(5DSCONF): Compression used for replication
ds5ReplicaTransportConcurrencyLevel(5DSCONF): Throttle replication concurrency
ds5ReplicaTransportGroupSize(5DSCONF): Grouping size for replication updates
ds5ReplicaTransportGrpPktSize(5DSCONF): Effective group packet size
ds5ReplicaTransportWindowSize(5DSCONF): Window size for replication updates
ds6ruv(5DSCONF): Replication update vector, version 6
dsChangelogMaxAge(5DSCONF): Maximum age of change log entries
dsChangelogMaxentries(5DSCONF): Maximum number of change log records
dsFilterSPConfigchecksum(5DSCONF): Checksum for partial replication
dsReplFractionalExclude(5DSCONF): Attribute types to exclude from replication
dsReplFractionalInclude(5DSCONF): Attribute types to include in replication
enabled(5DSCONF): Whether the configuration element is operational
encryption(5DSCONF): DS attribute encryption (ETA) properties
extended-operations(5DSCONF): LDAP extended operations handled by Directory Server
heapmaxhighhits(5DSCONF): Counts the number of times ds-maxheaphigh or ds-maxheaplow has been exceeded
heapmaxlowhits(5DSCONF): Counts the number of times ds-maxheaphigh or ds-maxheaplow has been exceeded
index(5DSCONF): DS attribute indexing (IDX) properties
log(5DSCONF): DS logging configuration (LOG) properties
moddn-enabled(5DSCONF): Whether the server accepts mod DN operations
nsAbandonedSearchCheckInterval(5DSCONF): interval between checks for abandoned chaining operations
nsActiveChainingComponents(5DSCONF): components using chaining
nsBindConnectionsLimit(5DSCONF): maximum TCP connections for chaining
nsBindRetryLimit(5DSCONF): maximum bind attemps for chaining suffix
nsBindTimeout(5DSCONF): timeout for chaining binds
nsCheckLocalACI: evaluate access control on chained suffix
nsConcurrentBindLimit(5DSCONF): maximum concurrent binds on TCP connection for chaining
nsConcurrentOperationsLimit(5DSCONF): maximum concurrent operations for chaining
nsConnectionLife(5DSCONF): connection lifetime for chaining
nsds50ruv(5DSCONF): Replication update vector, version 5
nsds5BeginReplicaRefresh(5DSCONF): Force initialization of the consumer
nsDS5Flags(5DSCONF): Change logging and referral flags
nsDS5ReplicaAutoReferral(5DSCONF): Reserved for internal use
nsDS5ReplicaBindDN(5DSCONF): Bind DN for replication operations
nsDS5ReplicaBindMethod(5DSCONF): Bind protocol used for replication
nsDS5ReplicaChangeCount(5DSCONF): Number of entries in the change log
nsds5replicaChangesSentSinceStartup(5DSCONF): Number of updates since startup
nsDS5ReplicaCredentials(5DSCONF): Credentials for replication operations
nsDS5ReplicaHost(5DSCONF): Host name of consumer
nsDS5ReplicaId(5DSCONF): Replica identification number
nsds5replicaLastInitEnd(5DSCONF): Time of last initialization
nsds5replicaLastInitStart(5DSCONF): Time of last initialization
nsds5replicaLastInitStatus(5DSCONF): Replica initialization status
nsds5replicaLastUpdateEnd(5DSCONF): Time of last update
nsds5replicaLastUpdateStart(5DSCONF): Time of last update
nsds5replicaLastUpdateStatus(5DSCONF): Replica update status
nsDS5ReplicaName(5DSCONF): Unique replica identifier
nsDS5ReplicaPort(5DSCONF): Port number on which consumer listens
nsDS5ReplicaPurgeDelay(5DSCONF): Maximum time to keep tombstones
nsDS5ReplicaReferral(5DSCONF): Referrals for a replica
nsDS5ReplicaRoot(5DSCONF): Base DN for replication
nsDS5ReplicatedAttributeList(5DSCONF): Attributes not to replicate
nsds5ReplicaTimeout(5DSCONF): Timeout for replication operations
nsDS5ReplicaTombstonePurgeInterval(5DSCONF): Time interval between tombstone purge operations
nsDS5ReplicaTransportInfo(5DSCONF): Transport used for replication
nsDS5ReplicaType(5DSCONF): Role of the replica
nsds5replicaUpdateInProgress(5DSCONF): Indicate whether or not a replication schedule update is in progress
nsDS5ReplicaUpdateSchedule(5DSCONF): When replication is scheduled
nsDS5Task(5DSCONF): Internal replication tasks
nsFarmServerURL(5DSCONF): LDAP URL for chaining farm server
nshoplimit(5DSCONF): maximum hops for chaining
nsIndexType(5DSCONF): type of index
nsLookthroughLimit_5dsconf(5DSCONF): maximum number of entries checked during search
nsMatchingRule(5DSCONF): collation order OID for international index
nsMaxResponseDelay(5DSCONF): maximum delay for chained response
nsMaxTestResponseDelay(5DSCONF): maximum delay to test chaining response
nsMultiplexorBindDN(5DSCONF): bind DN for chaining multiplexor
nsMultiplexorCredentials(5DSCONF): bind password for chaining multiplexor
nsOperationConnectionsLimit(5DSCONF): maximum number of LDAP connections for chaining
nsProxiedAuthorization(5DSCONF): disable proxy authorization for chaining
nsReferralOnScopedSearch(5DSCONF): referrals for chained searches
nsslapd-accesscontrol(5DSCONF): Turn access control on and off
nsslapd-accesslog(5DSCONF): Specify the path and filename of the access|audit|error log
nsslapd-accesslog-list(5DSCONF): Provide a list of log files used in access, audit, or error log rotation.
nsslapd-accesslog-logbuffering(5DSCONF): Determines whether the server writes access log entries directly to disk
nsslapd-accesslog-logexpirationtime(5DSCONF): Specify the maximum age that an access, audit, or error log file is allowed to reach before it is deleted
nsslapd-accesslog-logexpirationtimeunit(5DSCONF): Determines the unit of the log expiration time
nsslapd-accesslog-logging-enabled(5DSCONF): Enable or disable access, audit, or error logging
nsslapd-accesslog-logmaxdiskspace(5DSCONF): Specify the maximum amount of disk space in megabytes that the access, audit or error logs are allowed to consume
nsslapd-accesslog-logminfreediskspace(5DSCONF): Specify the minimum amount of free disk space in megabytes that is allowed before an access, audit, or error log is deleted
nsslapd-accesslog-logrotationtime(5DSCONF): Specify the time interval, the time of the day, and the minimum file size for rotation of the access log, audit log, or error log
nsslapd-accesslog-logrotationtimeunit(5DSCONF): Specify the unit for the time-interval part of the nsslapd-access|audit|errorlog-logrotationtime attribute
nsslapd-accesslog-maxlogsize(5DSCONF): Specify the maximum size of the access, audit, or error log in megabytes
nsslapd-accesslog-maxlogsperdir(5DSCONF): Specify the total number of access, audit, or error logs that can be contained in the access, audit, or error logs directory
nsslapd-accesslog-permissions(5DSCONF): Specify the permissions for the log files
nsslapd-allidsthreshold(5DSCONF): Maximum number of values per index key in an index list
nsslapd-attribute-name-exceptions(5DSCONF): allow non-standard characters in attribute names
nsslapd-backend(5DSCONF): suffix used to process requests
nsslapd-berbufsize(5DSCONF): initial BER buffer size
nsslapd-cachememsize(5DSCONF): cache memory size
nsslapd-cachesize(5DSCONF): cache size
nsslapd-certmap-basedn(5DSCONF): certificate map search base
nsslapd-changelogdir(5DSCONF): changelog path
nsslapd-changelogmaxage(5DSCONF): maximum changelog age
nsslapd-changelogmaxentries(5DSCONF): maximum number of changelog records
nsslapd-config(5DSCONF): DN of the server configuration
nsslapd-db-checkpoint-interval(5DSCONF): database checkpoint interval
nsslapd-db-circular-logging(5DSCONF): circulate through transaction logs
nsslapd-db-durable-transactions(5DSCONF): when to write transactions to disk
nsslapd-db-home-directory(5DSCONF): database file location
nsslapd-db-idl-divisor(5DSCONF): number of blocks per database page
nsslapd-db-locks(5DSCONF): number of database locks used
nsslapd-db-logbuf-size(5DSCONF): database log buffer size
nsslapd-db-logdirectory(5DSCONF): database transaction log directory
nsslapd-db-logfile-size(5DSCONF): maximum size of single database log file
nsslapd-db-page-size(5DSCONF): size of database pages in bytes
nsslapd-db-transaction-batch-val(5DSCONF): number of database transactions to batch before commit
nsslapd-db-tx-max(5DSCONF): maximum concurrent database transactions
nsslapd-dbcachesize(5DSCONF): database cache size
nsslapd-dbncache(5DSCONF): split database cache
nsslapd-directory(5DSCONF): absolute path to database instance
nsslapd-disk-full-threshold(5DSCONF): full disk threshold to limit database updates
nsslapd-disk-low-threshold(5DSCONF): low disk threshold to limit database updates
nsslapd-distribution-funct(5DSCONF): distribution plug-in function
nsslapd-distribution-plugin(5DSCONF): distribution plug-in library
nsslapd-dn-cachememsize(5DSCONF): DN cache memory size
nsslapd-dn-cachesize(5DSCONF): DN cache size
nsslapd-ds4-compatible-schema(5DSCONF): allow 4.x style schema definitions
nsslapd-enquote-sup-oc(5DSCONF): enable superior object class enquoting
nsslapd-exclude-from-export(5DSCONF): attributes excluded during database export
nsslapd-groupevalnestlevel(5DSCONF): level of access control nesting for group evaluations
nsslapd-groupevalsizelimit(5DSCONF): Maximum number of members in the static group used for ACI evaluation.
nsslapd-idletimeout(5DSCONF): idle timeout
nsslapd-import-cachesize(5DSCONF): database cache size for import
nsslapd-infolog-area(5DSCONF): Specify the component for which logging information should be provided.
nsslapd-infolog-level(5DSCONF): Specify the level of logging information that should be returned for the server component defined by the nsslapd-infolog-area attribute
nsslapd-instancedir(5DSCONF): instance path
nsslapd-ioblocktimeout(5DSCONF): IO block time out
nsslapd-lastmod(5DSCONF): track modification time
nsslapd-listenBacklog(5DSCONF): maximum number of pending connections
nsslapd-listenhost(5DSCONF): listen to IP address
nsslapd-localhost(5DSCONF): local host system name
nsslapd-localuser(5DSCONF): local user name
nsslapd-maxbersize(5DSCONF): maximum message size
nsslapd-maxconnections(5DSCONF): maximum number of connections
nsslapd-maxdescriptors(5DSCONF): maximum file descriptors
nsslapd-maxpsearch(5DSCONF): maximum number of persistent searches
nsslapd-maxthreadsperconn(5DSCONF): maximum threads per connection
nsslapd-mode(5DSCONF): database index file permissions
nsslapd-nagle(5DSCONF): delay sending responses
nsslapd-plugin(5DSCONF): plug-in legacy configuration
nsslapd-port(5DSCONF): LDAP port number
nsslapd-privatenamespaces(5DSCONF): private naming contexts
nsslapd-pwdgeneratorpwdlen(5DSCONF): Generated password length
nsslapd-readonly(5DSCONF): read only mode
nsslapd-referral(5DSCONF): referral
nsslapd-referralmode(5DSCONF): referral mode
nsslapd-require-index(5DSCONF): allow only indexed searches
nsslapd-reservedescriptors(5DSCONF): reserve file descriptors
nsslapd-rootdn(5DSCONF): Directory Manager DN
nsslapd-rootpw(5DSCONF): Directory Manager password
nsslapd-rootpwstoragescheme(5DSCONF): root password storage scheme
nsslapd-schema-repl-useronly(5DSCONF): replicate only user-defined schema elements
nsslapd-schemacheck(5DSCONF): schema checking
nsslapd-search-tune(5DSCONF): Skip check for modifications during search before returning entries
nsslapd-securelistenhost(5DSCONF): listen to IP address for secure connections
nsslapd-securePort(5DSCONF): encrypted LDAP port number
nsslapd-security(5DSCONF): security
nsslapd-sizelimit(5DSCONF): size limit
nsslapd-state(5DSCONF): how a suffix handles operations
nsslapd-suffix(5DSCONF): chained suffix identifier
nsslapd-threadnumber(5DSCONF): thread number
nsslapd-timelimit(5DSCONF): time limit
nsslapd-versionstring(5DSCONF): version string
nsSSL2(5DSCONF): SSL v2 support
nsSSL3(5DSCONF): SSL v3 support
nsSSL3ciphers(5DSCONF): SSL encryption ciphers
nsSSLClientAuth(5DSCONF): use SSL client authentication
nsSSLServerAuth(5DSCONF): use SSL server authentication
nsSSLSessionTimeout(5DSCONF): SSL session time out
nsState(5DSCONF): Clock state for replication
nsSystemIndex(5DSCONF): identify index as system index
nsTransmittedControls(5DSCONF): chained LDAP controls
plugin(5DSCONF): DS plug-in configuration (PLG) properties
polling-thread-count(5DSCONF): Number of threads that are polling connections
referral-url(5DSCONF): Whether the server accepts mod DN operations
repl-agmt(5DSCONF): DS replication agreement configuration (RAG) properties
repl-priority(5DSCONF): DS prioritized replication configuration (RPR) properties
replication(5DSCONF): replication configuration
replPriorityAttribute(5DSCONF): Attribute to replicate with high priority
replPriorityBaseDN(5DSCONF): Replicate changes under this base with high priority
replPriorityBindDN(5DSCONF): Replicate changes performed by this user with high priority
replPriorityType(5DSCONF): Operation type to replicate with high priority
server(5DSCONF): DS server instance configuration (SER) properties
suffix(5DSCONF): DS suffix configuration (SUF) properties
useAuthzIdForAuditAttrs(5DSCONF): record proxied authorization information