Directory Services 7.3.5

Static Service Discovery Mechanism

A Static Service Discovery Mechanism returns a fixed list of LDAP directory servers.

A change in configuration to any of the specified directory servers must be manually applied on all Static Service Discovery Mechanisms that reference it.

Parent

The Static Service Discovery Mechanism object inherits from Service Discovery Mechanism.

Dependencies

Static Service Discovery Mechanisms depend on the following objects:

Static Service Discovery Mechanism properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

discovery-interval
key-manager-provider
primary-server
secondary-server
ssl-cert-nickname
ssl-cipher-suite
ssl-protocol
trust-manager-provider
use-sasl-external
use-ssl
use-start-tls

java-class

Basic properties

Use the --advanced option to access advanced properties.

discovery-interval

Synopsis

Interval between two server configuration discovery executions.

Description

Specifies how frequently to read the configuration of the servers in order to discover their new information.

Default value

60s

Allowed values

Lower limit: 1 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

key-manager-provider

Synopsis

Specifies the name of the key manager that should be used with this Static Service Discovery Mechanism.

Default value

None

Allowed values

The name of an existing key-manager-provider.

The referenced key manager provider must be enabled when the Static Service Discovery Mechanism is enabled and configured to use SASL/External certificate authentication.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

Advanced

No

Read-only

No

primary-server

Synopsis

Specifies a list of servers that will be used in preference to secondary servers when available.

Description

When using an IPv6 address as the hostname, put brackets around the address as in "[IPv6Address]:port".

Default value

None

Allowed values

A host name or an IP address followed by a ":" and a port number.

Port number must be greater than 1 and less than 65535.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

secondary-server

Synopsis

Specifies a list of servers that will be used in place of primary servers when all primary servers are unavailable.

Description

When using an IPv6 address as the hostname, put brackets around the address as in "[IPv6Address]:port".

Default value

None

Allowed values

A host name or an IP address followed by a ":" and a port number.

Port number must be greater than 1 and less than 65535.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

ssl-cert-nickname

Synopsis

Specifies the nicknames (also called the aliases) of the keys or key pairs that the Static Service Discovery Mechanism should use when performing SSL communication.

Description

The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Static Service Discovery Mechanism is configured to use SSL.

Default value

Let the server decide.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

ssl-cipher-suite

Synopsis

Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.

Default value

Uses the default set of SSL cipher suites provided by the server’s JVM.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced

No

Read-only

No

ssl-protocol

Synopsis

Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.

Default value

Uses the default set of SSL protocols provided by the server’s JVM.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced

No

Read-only

No

trust-manager-provider

Synopsis

Specifies the name of the trust manager that should be used with the Static Service Discovery Mechanism.

Default value

None

Allowed values

The name of an existing trust-manager-provider.

The referenced trust manager provider must be enabled when this Static Service Discovery Mechanism is configured to use SSL or StartTLS.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections.

Advanced

No

Read-only

No

use-sasl-external

Synopsis

Indicates whether the Static Service Discovery Mechanism should use certificate based authentication when communicating with backend servers.

Description

If enabled, the Static Service Discovery Mechanism will use mutual TLS when connecting to backend servers. Once the TLS handshake has completed, a SASL/External LDAP bind request will be sent in order to associate the TLS client certificate with an LDAP account on the remote backend server. A key manager provider containing the client certificate must be configured in order to use this feature.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

use-ssl

Synopsis

Indicates whether the Static Service Discovery Mechanism should use SSL.

Description

If enabled, the Static Service Discovery Mechanism will use SSL to encrypt communication with the clients.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

use-start-tls

Synopsis

Indicates whether the Static Service Discovery Mechanism should use Start TLS.

Description

If enabled, the Static Service Discovery Mechanism will use Start TLS to encrypt communication with remote servers.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the Static Service Discovery Mechanism implementation.

Default value

org.opends.server.discovery.StaticServiceDiscoveryMechanism

Allowed values

A Java class that extends or implements:

  • org.opends.server.discovery.ServiceDiscoveryMechanism

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.