Administration Connector
The Administration Connector is used to interact with administration tools using LDAP.
It is a dedicated entry point for administration.
Administration Connector Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
advertised-listen-address
Synopsis |
The advertised address(es) which clients should use for connecting to this Administration Connector. |
Description |
Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted. |
Default Value |
None |
Allowed Values |
A hostname or an IP address. |
Multi-valued |
Yes |
Required |
Yes |
Admin Action Required |
None |
Advanced |
No |
Read-Only |
No |
allowed-client
Synopsis |
A set of clients who will be allowed to establish connections to this Administration Connector. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default Value |
All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. |
Allowed Values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-Only |
No |
denied-client
Synopsis |
A set of clients who are not allowed to establish connections to this Administration Connector. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default Value |
If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. |
Allowed Values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-Only |
No |
key-manager-provider
Synopsis |
Specifies the name of the key manager that is used with the Administration Connector . |
Default Value |
None |
Allowed Values |
The name of an existing key-manager-provider. The referenced key manager provider must be enabled. |
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
Restart the server for changes to take effect. |
Advanced |
No |
Read-Only |
No |
listen-address
Synopsis |
The network interface(s) on which this Administration Connector should listen for incoming client connections. |
Description |
Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces. |
Default Value |
0.0.0.0 |
Allowed Values |
A hostname or an IP address. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
Restart the server for changes to take effect. |
Advanced |
No |
Read-Only |
No |
listen-port
Synopsis |
Specifies the port number on which the Administration Connector will listen for connections from clients. |
Description |
Only a single port number may be provided. |
Default Value |
None |
Allowed Values |
An integer. Lower limit: 1. Upper limit: 65535. |
Multi-valued |
No |
Required |
Yes |
Admin Action Required |
The object must be disabled and re-enabled for changes to take effect. |
Advanced |
No |
Read-Only |
No |
restricted-client
Synopsis |
A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property. |
Description |
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default Value |
No restrictions are imposed on the number of connections a client can open. |
Allowed Values |
An IP address mask. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-Only |
No |
restricted-client-connection-limit
Synopsis |
Specifies the maximum number of connections a restricted client can open at the same time to this Administration Connector. |
Description |
Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
Default Value |
100 |
Allowed Values |
An integer. Lower limit: 0. |
Multi-valued |
No |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately and do not interfere with established connections. |
Advanced |
No |
Read-Only |
No |
ssl-cert-nickname
Synopsis |
Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication. |
Description |
The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Administration Connector is configured to use SSL. |
Default Value |
Let the server decide. |
Allowed Values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
Restart the server for changes to take effect. |
Advanced |
No |
Read-Only |
No |
ssl-cipher-suite
Synopsis |
Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. |
Default Value |
Uses the default set of SSL cipher suites provided by the server’s JVM. |
Allowed Values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. |
Advanced |
No |
Read-Only |
No |
ssl-protocol
Synopsis |
Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. |
Default Value |
Uses the default set of SSL protocols provided by the server’s JVM. |
Allowed Values |
A string. |
Multi-valued |
Yes |
Required |
No |
Admin Action Required |
None Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
Advanced |
No |
Read-Only |
No |
trust-manager-provider
Synopsis |
Specifies the name(s) of the trust manager(s) that is used with the Administration Connector . |
Default Value |
None |
Allowed Values |
The name of an existing trust-manager-provider. The referenced trust manager provider must be enabled. |
Multi-valued |
Yes |
Required |
Yes |
Admin Action Required |
Restart the server for changes to take effect. |
Advanced |
No |
Read-Only |
No |