Proxy Backend
A Proxy Backend forwards LDAP requests to other servers.
A Proxy Backend uses the proxied authorization control to forward LDAP requests on behalf of the proxy users. As a consequence, the remote servers must support the proxied authorization control and the proxy user must have appropriate privileges and permissions allowing them to use the control.
Parent
The Proxy Backend object inherits from
Backend.
Dependencies
Proxy Backends depend on the following objects:
Properties
Use the --advanced
option to access advanced properties.
Basic Properties
Advanced Properties
Basic Properties
backend-id
Synopsis | Specifies a name to identify the associated backend. |
Description | The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | Yes |
base-dn
Synopsis | Specifies the base DN(s) for the data that the backend handles. |
Description | A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. When the "route-all" property is set to "true" then the "base-dn" property is ignored. |
Default Value | Unless route-all is enabled, a proxy with empty base DNs does not handle any requests. This helps incrementally building a proxy's configuration. |
Allowed Values | A valid DN. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None No administrative action is required. |
Advanced | No |
Read-Only | No |
connection-pool-idle-timeout
Synopsis | The time out period after which unused non-core connections will be closed and removed from the connection pool. |
Default Value | 10s
|
Allowed Values | A duration. Lower limit: 1 milliseconds. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
connection-pool-max-size
Synopsis | Maximum size of the connection pool for each remote server |
Default Value | 32
|
Allowed Values | An integer. Use "-1" or "unlimited" to indicate no limit. Lower limit: 0. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
connection-pool-min-size
Synopsis | Minimum size of the connection pool for each remote server |
Default Value | 4
|
Allowed Values | An integer. Use "-1" or "unlimited" to indicate no limit. Lower limit: 0. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
connection-timeout
Synopsis | Specifies the timeout used when connecting to servers, performing SSL negotiation, and for individual search and bind requests. |
Description | If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available. |
Default Value | 3s
|
Allowed Values | A duration. Lower limit: 10 milliseconds. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
discovery-interval
Synopsis | Interval between two server configuration discovery executions. |
Description | Specifies how frequently to read the configuration of the servers in order to discover any configuration change. |
Default Value | 60s
|
Allowed Values | A duration. Lower limit: 1 seconds. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
enabled
Synopsis | Indicates whether the backend is enabled in the server. |
Description | If a backend is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
heartbeat-interval
Synopsis | Specifies the heartbeat interval that the Proxy Backend will use when communicating with the remote servers. |
Description | The Proxy Backend sends a heartbeat request to the servers every heartbeat interval. The heartbeat serves 3 purposes: keepalive, heartbeat and recovery. The hearbeat requests are small requests sent to prevent the connection from appearing idle and being forcefully closed (keepalive). The heartbeat responses inform the Proxy Backend the server is available (heartbeat). If a heartbeat answer is not received within the interval, the Proxy Backend closes the unresponsive connection and connects to another server. After an unresponsive connection is closed, the server is contacted each heartbeat interval to determine whether it is available again (recovery). |
Default Value | 10s
|
Allowed Values | A duration. Lower limit: 10 milliseconds. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
load-balancing-algorithm
Synopsis | How to load balance between servers |
Default Value | affinity
|
Allowed Values | affinity: Always route requests with the same target DN to the same server least-requests: Use the server with the least requests being currently serviced |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
partition-base-dn
Synopsis | Specifies the base DN(s) which will be used for partitioning entries when using the "affinity" load-balancing algorithm. |
Description | This settings only applies for "affinity" load-balancing algorithm and provides consistency for add/delete operations targeting entries within the same sub-tree. Entries immediately subordinate to the base DNs will be considered to be the root of a sub-tree whose entries belong to the same partition. For example, a partition base DN of "ou=people,dc=example,dc=com" would mean that "uid=bjensen,ou=people,dc=example,dc=com" and "deviceid=12345,uid=bjensen,ou=people,dc=example,dc=com" both belong to the same partition, and all operations targeting them would be routed to the same remote server. |
Default Value | No consistency for add/delete operations. |
Allowed Values | A valid DN. |
Multi-valued | Yes |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
proxy-user-dn
Synopsis | The bind DN that is used to forward LDAP requests to remote servers. |
Description | The proxy connects to the remote server using this bind DN and uses the proxied authorization control to forward requests on behalf of the proxy users. This bind DN must exist on all the remote servers. |
Default Value | None |
Allowed Values | A valid DN. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
proxy-user-password
Synopsis | Clear-text password associated with the proxy bind DN. |
Description | The proxy password must be the same on all the remote servers. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property will take effect the next time that the Proxy Backend is accessed. |
Advanced | No |
Read-Only | No |
proxy-user-password-environment-variable
Synopsis | Specifies the name of the environment variable that contains the clear-text password associated with the proxy bind DN. |
Description | The proxy password must be the same on all the remote servers. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property will take effect the next time that the Proxy Backend is accessed. |
Advanced | No |
Read-Only | No |
proxy-user-password-file
Synopsis | Specifies the path to the text file whose only contents should be a single line containing the clear-text password associated with the proxy bind DN. |
Description | The proxy password must be the same on all the remote servers. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property will take effect the next time that the Proxy Backend is accessed. |
Advanced | No |
Read-Only | No |
proxy-user-password-property
Synopsis | Specifies the name of the Java property that contains the clear-text password associated with the proxy bind DN. |
Description | The proxy password must be the same on all the remote servers. |
Default Value | None |
Allowed Values | A string. |
Multi-valued | No |
Required | No |
Admin Action Required | None Changes to this property will take effect the next time that the Proxy Backend is accessed. |
Advanced | No |
Read-Only | No |
route-all
Synopsis | Route requests to all discovered public naming contexts. |
Description | When the "route-all" property is set to "true" then the "base-dn" property is ignored. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
service-discovery-mechanism
Synopsis | Mechanism for finding remote servers to forward LDAP requests to |
Default Value | None |
Allowed Values | The name of an existing Service Discovery Mechanism. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Advanced Properties
java-class
Synopsis | Specifies the fully-qualified name of the Java class that provides the backend implementation. |
Default Value | org.opends.server.backends.ProxyBackend
|
Allowed Values | A Java class that extends or implements: org.opends.server.api.Backend |
Multi-valued | No |
Required | Yes |
Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
Advanced | Yes |
Read-Only | No |