dsconfig set-backend-prop — Modifies Backend properties
dsconfig set-backend-prop
{options}
The dsconfig set-backend-prop command takes the following options:
--backend-name {name}
The name of the Backend.
Backend properties depend on the Backend type, which depends on the {name} you provide.
By default, OpenDJ directory server supports the following Backend types:
Default {name}: Backup Backend
Enabled by default: true
See the section called “Backup Backend” for the properties of this Backend type.
Default {name}: CAS Backend
Enabled by default: true
See the section called “CAS Backend” for the properties of this Backend type.
Default {name}: JE Backend
Enabled by default: true
See the section called “JE Backend” for the properties of this Backend type.
Default {name}: LDIF Backend
Enabled by default: true
See the section called “LDIF Backend” for the properties of this Backend type.
Default {name}: Memory Backend
Enabled by default: true
See the section called “Memory Backend” for the properties of this Backend type.
Default {name}: Monitor Backend
Enabled by default: true
See the section called “Monitor Backend” for the properties of this Backend type.
Default {name}: Null Backend
Enabled by default: true
See the section called “Null Backend” for the properties of this Backend type.
Default {name}: PDB Backend
Enabled by default: true
See the section called “PDB Backend” for the properties of this Backend type.
Default {name}: Schema Backend
Enabled by default: true
See the section called “Schema Backend” for the properties of this Backend type.
Default {name}: Task Backend
Enabled by default: true
See the section called “Task Backend” for the properties of this Backend type.
Default {name}: Trust Store Backend
Enabled by default: true
See the section called “Trust Store Backend” for the properties of this Backend type.
--set {PROP:VALUE}
Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Backend properties depend on the Backend type, which depends on the --backend-name {name}
option.
--reset {property}
Resets a property back to its default values where PROP is the name of the property to be reset.
Backend properties depend on the Backend type, which depends on the --backend-name {name}
option.
--add {PROP:VALUE}
Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.
Backend properties depend on the Backend type, which depends on the --backend-name {name}
option.
--remove {PROP:VALUE}
Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.
Backend properties depend on the Backend type, which depends on the --backend-name {name}
option.
Backends of type backup-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the path to a backup directory containing one or more backups for a particular backend. This is a multivalued property. Each value may specify a different backup directory if desired (one for each backend for which backups are taken). Values may be either absolute paths or paths that are relative to the base of the OpenDJ directory server installation.
None
A String
Yes
Yes
None
No
No
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.BackupBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
disabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
Yes (Use --advanced in interactive mode.)
No
Backends of type cas-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Specifies the key length in bits for the preferred cipher.
128
An integer value. Lower value is 0.
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
AES/CBC/PKCS5Padding
A String
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data.
true
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
No
No
Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true.
false
true
false
No
No
None
No
No
Specifies the keyspace name The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents.
ldap_opendj
A String
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry.
false
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
Yes (Use --advanced in interactive mode.)
No
Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index).
Use only heap memory.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit.
4000
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit.
No
No
Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result.
false
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted.
25
An integer value. Lower value is 1.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.cassandra.Backend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load.
0s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type je-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Specifies the key length in bits for the preferred cipher.
128
An integer value. Lower value is 0.
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
AES/CBC/PKCS5Padding
A String
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data.
true
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
No
No
Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true.
false
true
false
No
No
None
No
No
Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration.
50
An integer value. Lower value is 1. Upper value is 90.
No
No
None
No
No
The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size.
0 MB
No
No
None
No
No
Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint. This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero.
500mb
Upper value is 9223372036854775807.
No
No
Restart the server
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum length of time that may pass between checkpoints. Note that this is only used if the value of the checkpointer bytes interval is zero.
30s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 1 seconds.Upper limit is 4294 seconds.
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the occupancy percentage for "live" data in this backend's database. When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database.
50
An integer value. Lower value is 0. Upper value is 90.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents.
db
A String
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
No
No
Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files.
700
Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory).
No
No
Restart the server
Yes (Use --advanced in interactive mode.)
No
Specifies the core number of threads in the eviction thread pool. Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.
1
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
Yes (Use --advanced in interactive mode.)
No
The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.
600s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 1 seconds.Upper limit is 86400 seconds.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the database should evict existing data from the cache based on an LRU policy (where the least recently used information will be evicted first). If set to "false", then the eviction keeps internal nodes of the underlying Btree in the cache over leaf nodes, even if the leaf nodes have been accessed more recently. This may be a better configuration for databases in which only a very small portion of the data is cached.
false
true
false
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of threads in the eviction thread pool. Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.
10
An integer value. Lower value is 1. Upper value is 2147483647.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the number of Btree nodes that should be evicted from the cache in a single pass if it is determined that it is necessary to free existing data in order to make room for new information. Changes to this property do not take effect until the backend is restarted. It is recommended that you also change this property when you set db-evictor-lru-only to false. This setting controls the number of Btree nodes that are considered, or sampled, each time a node is evicted. A setting of 10 often produces good results, but this may vary from application to application. The larger the nodes per scan, the more accurate the algorithm. However, don't set it too high. When considering larger numbers of nodes for each eviction, the evictor may delay the completion of a given database operation, which impacts the response time of the application thread. In JE 4.1 and later, setting this value too high in an application that is largely CPU bound can reduce the effectiveness of cache eviction. It's best to start with the default value, and increase it gradually to see if it is beneficial for your application.
10
An integer value. Lower value is 1. Upper value is 1000.
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum size for a database log file.
100mb
Lower value is 1000000.Upper value is 4294967296.
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the size of the file handle cache. The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately.
100
An integer value. Lower value is 3. Upper value is 2147483647.
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Indicates whether the database should maintain a je.info file in the same directory as the database log directory. This file contains information about the internal processing performed by the underlying database.
true
true
false
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the log level that should be used by the database when it is writing information into the je.info file. The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL.
CONFIG
A String
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization. In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization.
Let the server decide.
An integer value. Lower value is 1.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the number of lock tables that are used by the underlying database. This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server.
Let the server decide.
An integer value. Lower value is 1. Upper value is 32767.
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Indicates whether the cleaner threads should be enabled to compact the database. The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log.
true
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server).
false
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the database should synchronously flush data as it is written to disk. If this value is set to "false", then all data written to disk is synchronously flushed to persistent storage and thereby providing full durability. If it is set to "true", then data may be cached for a period of time by the underlying operating system before actually being written to disk. This may improve performance, but could cause the most recent changes to be lost in the event of an underlying OS or hardware failure (but not in the case that the OpenDJ directory server or the JVM exits abnormally).
true
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold.
100 megabytes
No
No
None
Yes (Use --advanced in interactive mode.)
No
Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege.
200 megabytes
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry.
false
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
Yes (Use --advanced in interactive mode.)
No
Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index).
Use only heap memory.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit.
4000
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit.
No
No
Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result.
false
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted.
25
An integer value. Lower value is 1.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.jeb.JEBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend. Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution.
None
A String
Yes
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load.
0s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type ldif-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Indicates whether the backend should be considered a private backend, which indicates that it is used for storing operational data rather than user-defined information.
false
true
false
No
No
The Backend must be disabled and re-enabled for changes to this setting to take effect
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.LDIFBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the path to the LDIF file containing the data for this backend.
None
A String
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
No
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type memory-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.MemoryBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type monitor-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.MonitorBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
disabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type null-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.NullBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type pdb-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Specifies the key length in bits for the preferred cipher.
128
An integer value. Lower value is 0.
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Specifies the cipher for the directory server. The syntax is "algorithm/mode/padding". The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.
AES/CBC/PKCS5Padding
A String
No
No
None
Changes to this property take effect immediately but only affect cryptographic operations performed after the change.
No
No
Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets. Note that this property applies only to the entries themselves and does not impact the index data.
true
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
No
No
Indicates whether the backend should make entries in database files readable only by Directory Server. Confidentiality is achieved by enrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true.
false
true
false
No
No
None
No
No
Specifies the percentage of JVM memory to allocate to the database cache. Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration.
50
An integer value. Lower value is 1. Upper value is 90.
No
No
None
No
No
The amount of JVM memory to allocate to the database cache. Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size.
0 MB
No
No
None
No
No
Specifies the maximum length of time that may pass between checkpoints. This setting controls the elapsed time between attempts to write a checkpoint to the journal. A longer interval allows more updates to accumulate in buffers before they are required to be written to disk, but also potentially causes recovery from an abrupt termination (crash) to take more time.
15s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 10 seconds.Upper limit is 3600 seconds.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the path to the filesystem directory that is used to hold the Persistit database files containing the data for this backend. The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents.
db
A String
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
No
No
Specifies the permissions that should be applied to the directory containing the server database files. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user's umask controls permissions given to the database files.
700
Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory).
No
No
Restart the server
Yes (Use --advanced in interactive mode.)
No
Indicates whether database writes should be primarily written to an internal buffer but not immediately written to disk. Setting the value of this configuration attribute to "true" may improve write performance but could cause the most recent changes to be lost if the OpenDJ directory server or the underlying JVM exits abnormally, or if an OS or hardware failure occurs (a behavior similar to running with transaction durability disabled in the Sun Java System Directory Server).
true
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
Full disk threshold to limit database updates When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold.
100 megabytes
No
No
None
Yes (Use --advanced in interactive mode.)
No
Low disk threshold to limit database updates Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege.
200 megabytes
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Indicates whether the backend should attempt to compress entries before storing them in the database. Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry.
false
true
false
No
No
None
Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.
Yes (Use --advanced in interactive mode.)
No
Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index).
Use only heap memory.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained. This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis.A value of 0 means there is no limit.
4000
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit.
No
No
Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes. Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result.
false
true
false
No
No
None
Yes (Use --advanced in interactive mode.)
No
The maximum number of search filter statistics to keep. When the maximum number of search filter is reached, the least used one will be deleted.
25
An integer value. Lower value is 1.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.pdb.PDBBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the length of time that the backend is allowed to spend "pre-loading" data when it is initialized. The pre-load process is used to pre-populate the database cache, so that it can be more quickly available when the server is processing requests. A duration of zero means there is no pre-load.
0s
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 milliseconds.Upper limit is 2147483647 milliseconds.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type schema-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.SchemaBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location.
cn=schema
A valid DN.
Yes
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol.
None
true
false
No
Yes
None
No
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type task-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.task.TaskBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the email address to use as the sender (that is, the "From:" address) address for notification mail messages generated when a task completes execution.
The default sender address used is "opendj-task-notification@" followed by the canonical address of the system on which the server is running.
A String
No
No
None
No
No
Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the OpenDJ directory server instance.
None
A String
No
Yes
None
No
No
Specifies the length of time that task entries should be retained after processing on the associated task has been completed.
24 hours
Some property values take a time duration.
Durations are expressed as numbers followed by units.
For example 1 s
means one second,
and 2 w
means two weeks.
Some durations have minimum granularity or maximum units,
so you cannot necessary specify every duration
in milliseconds or weeks for example.
Some durations allow you to use a special value to mean unlimited.
Units are specified as follows.
ms
: milliseconds
s
: seconds
m
: minutes
h
: hours
d
: days
w
: weeks
Lower limit is 0 seconds.
No
No
None
No
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No
Backends of type trust-store-backend have the following properties:
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
None
A String
No
Yes
None
No
Yes
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
None
A valid DN.
Yes
Yes
None
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
No
No
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the backend implementation.
org.opends.server.backends.TrustStoreBackend
A Java class that implements or extends the class(es): org.opends.server.api.Backend
No
Yes
The Backend must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the OpenDJ instance root.
config/ads-truststore
A String
No
Yes
None
No
No
Specifies the clear-text PIN needed to access the Trust Store Backend .
None
A String
No
No
None
Changes to this property will take effect the next time that the Trust Store Backend is accessed.
No
No
Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend .
None
A String
No
No
None
Changes to this property will take effect the next time that the Trust Store Backend is accessed.
No
No
Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend .
None
A String
No
No
None
Changes to this property will take effect the next time that the Trust Store Backend is accessed.
No
No
Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend .
None
A String
No
No
None
Changes to this property will take effect the next time that the Trust Store Backend is accessed.
No
No
Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well.
The JVM default value is used.
A String
No
No
None
Changes to this property take effect the next time that the key manager is accessed.
No
No
Specifies the behavior that the backend should use when processing write operations.
enabled
Causes all write attempts to fail.
Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).
Causes external write attempts to fail but allows writes by replication and internal operations.
No
Yes
None
No
No