Name

dsconfig list-connection-handlers — Lists existing Connection Handlers

Synopsis

dsconfig list-connection-handlers {options}

Options

The dsconfig list-connection-handlers command takes the following options:

--property {property}

The name of a property to be displayed.

Connection Handler properties depend on the Connection Handler type, which depends on the {property} you provide.

By default, OpenDJ directory server supports the following Connection Handler types:

http-connection-handler

Default {property}: HTTP Connection Handler

Enabled by default: true

See the section called “HTTP Connection Handler” for the properties of this Connection Handler type.

jmx-connection-handler

Default {property}: JMX Connection Handler

Enabled by default: true

See the section called “JMX Connection Handler” for the properties of this Connection Handler type.

ldap-connection-handler

Default {property}: LDAP Connection Handler

Enabled by default: true

See the section called “LDAP Connection Handler” for the properties of this Connection Handler type.

ldif-connection-handler

Default {property}: LDIF Connection Handler

Enabled by default: true

See the section called “LDIF Connection Handler” for the properties of this Connection Handler type.

snmp-connection-handler

Default {property}: SNMP Connection Handler

Enabled by default: true

See the section called “SNMP Connection Handler” for the properties of this Connection Handler type.

-z | --unit-size {unit}

Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).

Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following Connection Handler types:

http-connection-handler

Default {unit}: HTTP Connection Handler

Enabled by default: true

See the section called “HTTP Connection Handler” for the properties of this Connection Handler type.

jmx-connection-handler

Default {unit}: JMX Connection Handler

Enabled by default: true

See the section called “JMX Connection Handler” for the properties of this Connection Handler type.

ldap-connection-handler

Default {unit}: LDAP Connection Handler

Enabled by default: true

See the section called “LDAP Connection Handler” for the properties of this Connection Handler type.

ldif-connection-handler

Default {unit}: LDIF Connection Handler

Enabled by default: true

See the section called “LDIF Connection Handler” for the properties of this Connection Handler type.

snmp-connection-handler

Default {unit}: SNMP Connection Handler

Enabled by default: true

See the section called “SNMP Connection Handler” for the properties of this Connection Handler type.

-m | --unit-time {unit}

Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).

Connection Handler properties depend on the Connection Handler type, which depends on the {unit} you provide.

By default, OpenDJ directory server supports the following Connection Handler types:

http-connection-handler

Default {unit}: HTTP Connection Handler

Enabled by default: true

See the section called “HTTP Connection Handler” for the properties of this Connection Handler type.

jmx-connection-handler

Default {unit}: JMX Connection Handler

Enabled by default: true

See the section called “JMX Connection Handler” for the properties of this Connection Handler type.

ldap-connection-handler

Default {unit}: LDAP Connection Handler

Enabled by default: true

See the section called “LDAP Connection Handler” for the properties of this Connection Handler type.

ldif-connection-handler

Default {unit}: LDIF Connection Handler

Enabled by default: true

See the section called “LDIF Connection Handler” for the properties of this Connection Handler type.

snmp-connection-handler

Default {unit}: SNMP Connection Handler

Enabled by default: true

See the section called “SNMP Connection Handler” for the properties of this Connection Handler type.

HTTP Connection Handler

Connection Handlers of type http-connection-handler have the following properties:

accept-backlog
Description

Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established.

Default Value

128

Allowed Values

An integer value. Lower value is 1.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

allow-tcp-reuse-address
Description

Indicates whether the HTTP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

allowed-client
Description

Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

buffer-size
Description

Specifies the size in bytes of the HTTP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer HTTP response messages data when writing.

Default Value

4096 bytes

Allowed Values

Lower value is 1.Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

denied-client
Description

Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

Default Value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Connection Handler is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the HTTP Connection Handler implementation.

Default Value

org.opends.server.protocols.http.HTTPConnectionHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

keep-stats
Description

Indicates whether the HTTP Connection Handler should keep statistics. If enabled, the HTTP Connection Handler maintains statistics about the number and types of operations requested over HTTP and the amount of data sent and received.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

key-manager-provider
Description

Specifies the name of the key manager that should be used with this HTTP Connection Handler .

Default Value

None

Allowed Values

The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

Advanced Property

No

Read-only

No

listen-address
Description

Specifies the address or set of addresses on which this HTTP Connection Handler should listen for connections from HTTP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the HTTP Connection Handler listens on all interfaces.

Default Value

0.0.0.0

Allowed Values

An IP address

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

listen-port
Description

Specifies the port number on which the HTTP Connection Handler will listen for connections from clients. Only a single port number may be provided.

Default Value

None

Allowed Values

An integer value. Lower value is 1. Upper value is 65535.

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

max-blocked-write-time-limit
Description

Specifies the maximum length of time that attempts to write data to HTTP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated.

Default Value

2 minutes

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 milliseconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

max-concurrent-ops-per-connection
Description

Specifies the maximum number of internal operations that each HTTP client connection can execute concurrently. This property allow to limit the impact that each HTTP request can have on the whole server by limiting the number of internal operations that each HTTP request can execute concurrently. A value of 0 means that no limit is enforced.

Default Value

Let the server decide.

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

max-request-size
Description

Specifies the size in bytes of the largest HTTP request message that will be allowed by the HTTP Connection Handler. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory.

Default Value

5 megabytes

Allowed Values

Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

num-request-handlers
Description

Specifies the number of request handlers that are used to read requests from clients. The HTTP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time.

Default Value

Let the server decide.

Allowed Values

An integer value. Lower value is 1.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

ssl-cert-nickname
Description

Specifies the nicknames (also called the aliases) of the keys or key pairs that the HTTP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the HTTP Connection Handler is configured to use SSL.

Default Value

Let the server decide.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-cipher-suite
Description

Specifies the names of the SSL cipher suites that are allowed for use in SSL communication.

Default Value

Uses the default set of SSL cipher suites provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

ssl-client-auth-policy
Description

Specifies the policy that the HTTP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL.

Default Value

optional

Allowed Values
disabled

Clients must not provide their own certificates when performing SSL negotiation.

optional

Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate.

required

Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-protocol
Description

Specifies the names of the SSL protocols that are allowed for use in SSL communication.

Default Value

Uses the default set of SSL protocols provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

trust-manager-provider
Description

Specifies the name of the trust manager that should be used with the HTTP Connection Handler .

Default Value

Use the trust manager provided by the JVM.

Allowed Values

The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the HTTP Connection Handler is enabled and configured to use SSL.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections.

Advanced Property

No

Read-only

No

use-ssl
Description

Indicates whether the HTTP Connection Handler should use SSL. If enabled, the HTTP Connection Handler will use SSL to encrypt communication with the clients.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

use-tcp-keep-alive
Description

Indicates whether the HTTP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

use-tcp-no-delay
Description

Indicates whether the HTTP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

JMX Connection Handler

Connection Handlers of type jmx-connection-handler have the following properties:

allowed-client
Description

Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

denied-client
Description

Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

Default Value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Connection Handler is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation.

Default Value

org.opends.server.protocols.jmx.JmxConnectionHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-manager-provider
Description

Specifies the name of the key manager that should be used with this JMX Connection Handler .

Default Value

None

Allowed Values

The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

Advanced Property

No

Read-only

No

listen-address
Description

Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients. If no value is provided, then the JMX Connection Handler listens on all interfaces.

Default Value

0.0.0.0

Allowed Values

An IP address

Multi-valued

No

Required

No

Admin Action Required

Restart the server

Advanced Property

No

Read-only

No

listen-port
Description

Specifies the port number on which the JMX Connection Handler will listen for connections from clients. Only a single port number may be provided.

Default Value

None

Allowed Values

An integer value. Lower value is 1. Upper value is 65535.

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

rmi-port
Description

Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own. If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own.

Default Value

0

Allowed Values

An integer value. Lower value is 0. Upper value is 65535.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-cert-nickname
Description

Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL.

Default Value

Let the server decide.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

use-ssl
Description

Indicates whether the JMX Connection Handler should use SSL. If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

LDAP Connection Handler

Connection Handlers of type ldap-connection-handler have the following properties:

accept-backlog
Description

Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts. This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established.

Default Value

128

Allowed Values

An integer value. Lower value is 1.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

allow-ldap-v2
Description

Indicates whether connections from LDAPv2 clients are allowed. If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

allow-start-tls
Description

Indicates whether clients are allowed to use StartTLS. If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

allow-tcp-reuse-address
Description

Indicates whether the LDAP Connection Handler should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

allowed-client
Description

Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

buffer-size
Description

Specifies the size in bytes of the LDAP response message write buffer. This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing.

Default Value

4096 bytes

Allowed Values

Lower value is 1.Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

denied-client
Description

Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

Default Value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Connection Handler is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation.

Default Value

org.opends.server.protocols.ldap.LDAPConnectionHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

keep-stats
Description

Indicates whether the LDAP Connection Handler should keep statistics. If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

key-manager-provider
Description

Specifies the name of the key manager that should be used with this LDAP Connection Handler .

Default Value

None

Allowed Values

The DN of any Key Manager Provider. The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

Advanced Property

No

Read-only

No

listen-address
Description

Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces.

Default Value

0.0.0.0

Allowed Values

An IP address

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

listen-port
Description

Specifies the port number on which the LDAP Connection Handler will listen for connections from clients. Only a single port number may be provided.

Default Value

None

Allowed Values

An integer value. Lower value is 1. Upper value is 65535.

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

max-blocked-write-time-limit
Description

Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block. If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated.

Default Value

2 minutes

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 0 milliseconds.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

max-request-size
Description

Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler. This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory.

Default Value

5 megabytes

Allowed Values

Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

num-request-handlers
Description

Specifies the number of request handlers that are used to read requests from clients. The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time.

Default Value

Let the server decide.

Allowed Values

An integer value. Lower value is 1.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

send-rejection-notice
Description

Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason. The extended response message may provide an explanation indicating the reason that the connection was rejected.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

ssl-cert-nickname
Description

Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL.

Default Value

Let the server decide.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-cipher-suite
Description

Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication.

Default Value

Uses the default set of SSL cipher suites provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

ssl-client-auth-policy
Description

Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required". This is only applicable if clients are allowed to use SSL.

Default Value

optional

Allowed Values
disabled

Clients must not provide their own certificates when performing SSL negotiation.

optional

Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate.

required

Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-protocol
Description

Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

Default Value

Uses the default set of SSL protocols provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

trust-manager-provider
Description

Specifies the name of the trust manager that should be used with the LDAP Connection Handler .

Default Value

Use the trust manager provided by the JVM.

Allowed Values

The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections.

Advanced Property

No

Read-only

No

use-ssl
Description

Indicates whether the LDAP Connection Handler should use SSL. If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

use-tcp-keep-alive
Description

Indicates whether the LDAP Connection Handler should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

use-tcp-no-delay
Description

Indicates whether the LDAP Connection Handler should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

LDIF Connection Handler

Connection Handlers of type ldif-connection-handler have the following properties:

allowed-client
Description

Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

denied-client
Description

Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

Default Value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Connection Handler is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the LDIF Connection Handler implementation.

Default Value

org.opends.server.protocols.LDIFConnectionHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

ldif-directory
Description

Specifies the path to the directory in which the LDIF files should be placed.

Default Value

config/auto-process-ldif

Allowed Values

A String

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

poll-interval
Description

Specifies how frequently the LDIF connection handler should check the LDIF directory to determine whether a new LDIF file has been added.

Default Value

5 seconds

Allowed Values

Some property values take a time duration. Durations are expressed as numbers followed by units. For example 1 s means one second, and 2 w means two weeks. Some durations have minimum granularity or maximum units, so you cannot necessary specify every duration in milliseconds or weeks for example. Some durations allow you to use a special value to mean unlimited. Units are specified as follows.

  • ms: milliseconds

  • s: seconds

  • m: minutes

  • h: hours

  • d: days

  • w: weeks

Lower limit is 1 milliseconds.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

SNMP Connection Handler

Connection Handlers of type snmp-connection-handler have the following properties:

allowed-client
Description

Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

Default Value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

allowed-manager
Description

Specifies the hosts of the managers to be granted the access rights. This property is required for SNMP v1 and v2 security configuration. An asterisk (*) opens access to all managers.

Default Value

*

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

allowed-user
Description

Specifies the users to be granted the access rights. This property is required for SNMP v3 security configuration. An asterisk (*) opens access to all users.

Default Value

*

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

community
Description

Specifies the v1,v2 community or the v3 context name allowed to access the MIB 2605 monitoring information or the USM MIB. The mapping between "community" and "context name" is set.

Default Value

OpenDJ

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

denied-client
Description

Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this Connection Handler. Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

Default Value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed Values

An IP address mask

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately and do not interfere with connections that may have already been established.

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Connection Handler is enabled.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the SNMP Connection Handler implementation.

Default Value

org.opends.server.snmp.SNMPConnectionHandler

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

listen-address
Description

Specifies the address or set of addresses on which this SNMP Connection Handler should listen for connections from SNMP clients. Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the SNMP Connection Handler listens on all interfaces.

Default Value

0.0.0.0

Allowed Values

An IP address

Multi-valued

Yes

Required

No

Admin Action Required

Restart the server

Advanced Property

No

Read-only

Yes

listen-port
Description

Specifies the port number on which the SNMP Connection Handler will listen for connections from clients. Only a single port number may be provided.

Default Value

None

Allowed Values

An integer value. Lower value is 1. Upper value is 65535.

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

opendmk-jarfile
Description

Indicates the OpenDMK runtime jar file location

Default Value

None

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

registered-mbean
Description

Indicates whether the SNMP objects have to be registered in the directory server MBeanServer or not allowing to access SNMP Objects with RMI connector if enabled.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

security-agent-file
Description

Specifies the USM security configuration to receive authenticated only SNMP requests.

Default Value

config/snmp/security/opendj-snmp.security

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

security-level
Description

Specifies the type of security level : NoAuthNoPriv : No security mechanisms activated, AuthNoPriv : Authentication activated with no privacy, AuthPriv : Authentication with privacy activated. This property is required for SNMP V3 security configuration.

Default Value

authnopriv

Allowed Values
authnopriv

Authentication activated with no privacy.

authpriv

Authentication with privacy activated.

noauthnopriv

No security mechanisms activated.

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

trap-port
Description

Specifies the port to use to send SNMP Traps.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

Yes

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

traps-community
Description

Specifies the community string that must be included in the traps sent to define managers (trap-destinations). This property is used in the context of SNMP v1, v2 and v3.

Default Value

OpenDJ

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

traps-destination
Description

Specifies the hosts to which V1 traps will be sent. V1 Traps are sent to every host listed. If this list is empty, V1 traps are sent to "localhost". Each host in the list must be identifed by its name or complete IP Addess.

Default Value

If the list is empty, V1 traps are sent to "localhost".

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Connection Handler must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No