Directory Services 7.2.5

JMX Connection Handler

The JMX Connection Handler is used to interact with clients using the Java Management Extensions (JMX) protocol.

Parent

The JMX Connection Handler object inherits from Connection Handler.

Dependencies

JMX Connection Handlers depend on the following objects:

JMX Connection Handler properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

allowed-client
denied-client
enabled
key-manager-provider
listen-address
listen-port
restricted-client
restricted-client-connection-limit
rmi-port
ssl-cert-nickname
use-ssl

java-class

Basic properties

Use the --advanced option to access advanced properties.

allowed-client

Synopsis

A set of clients who will be allowed to establish connections to this Connection Handler.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

denied-client

Synopsis

A set of clients who are not allowed to establish connections to this Connection Handler.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the Connection Handler is enabled.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

key-manager-provider

Synopsis

Specifies the name of the key manager that should be used with this JMX Connection Handler .

Default value

None

Allowed values

The name of an existing key-manager-provider.

The referenced key manager provider must be enabled when the JMX Connection Handler is enabled and configured to use SSL.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

Advanced

No

Read-only

No

listen-address

Synopsis

Specifies the address on which this JMX Connection Handler should listen for connections from JMX clients.

Description

If no value is provided, then the JMX Connection Handler listens on all interfaces.

Default value

0.0.0.0

Allowed values

A hostname or an IP address.

Multi-valued

No

Required

No

Admin action required

Restart the server for changes to take effect.

Advanced

No

Read-only

No

listen-port

Synopsis

Specifies the port number on which the JMX Connection Handler will listen for connections from clients.

Description

Only a single port number may be provided.

Default value

None

Allowed values

An integer.

Lower limit: 1.

Upper limit: 65535.

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

restricted-client

Synopsis

A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property.

Description

Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

No restrictions are imposed on the number of connections a client can open.

Allowed values

An IP address mask.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

restricted-client-connection-limit

Synopsis

Specifies the maximum number of connections a restricted client can open at the same time to this Connection Handler.

Description

Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration.

Default value

100

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately and do not interfere with established connections.

Advanced

No

Read-only

No

rmi-port

Synopsis

Specifies the port number on which the JMX RMI service will listen for connections from clients. A value of 0 indicates the service to choose a port of its own.

Description

If the value provided is different than 0, the value will be used as the RMI port. Otherwise, the RMI service will choose a port of its own.

Default value

0

Allowed values

An integer.

Lower limit: 0.

Upper limit: 65535.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

ssl-cert-nickname

Synopsis

Specifies the nicknames (also called the aliases) of the keys or key pairs that the JMX Connection Handler should use when performing SSL communication.

Description

The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the JMX Connection Handler is configured to use SSL.

Default value

Let the server decide.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

use-ssl

Synopsis

Indicates whether the JMX Connection Handler should use SSL.

Description

If enabled, the JMX Connection Handler will use SSL to encrypt communication with the clients.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the JMX Connection Handler implementation.

Default value

org.opends.server.protocols.jmx.JmxConnectionHandler

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.ConnectionHandler

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.