Directory Services 7.4.3

Pluggable Backend

This is an abstract object type that cannot be instantiated.

A Pluggable Backend stores application data in a pluggable database.

Pluggable Backends

The following Pluggable Backends are available:

These Pluggable Backends inherit the properties described below.

Parent

The Pluggable Backend object inherits from Local Backend.

Dependencies

Pluggable Backends depend on the following objects:

Pluggable Backend properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

backend-id
base-dn
compact-encoding
confidentiality-enabled
enabled
java-class
writability-mode

cipher-key-length
cipher-transformation
entries-compressed
import-offheap-memory-size
index-entry-limit
index-filter-analyzer-enabled
index-filter-analyzer-max-filters

Basic properties

Use the --advanced option to access advanced properties.

backend-id

Synopsis

Specifies a name to identify the associated backend.

Description

The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

Yes

base-dn

Synopsis

Specifies the base DN(s) for the data that the backend handles.

Description

A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.

Default value

None

Allowed values

A valid DN.

Multi-valued

Yes

Required

Yes

Admin action required

None

No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.

Advanced

No

Read-only

No

compact-encoding

Synopsis

Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets.

Description

Note that this property applies only to the entries themselves and does not impact the index data. It will also replace the attribute descriptions used in add and modify operations with normalized ones from the schema.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.

Advanced

No

Read-only

No

confidentiality-enabled

Synopsis

Indicates whether the backend should make entries in database files readable only by Directory Server.

Description

Confidentiality is achieved by encrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the backend is enabled in the server.

Description

If a backend is not enabled, then its contents are not accessible when processing operations.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the backend implementation.

Default value

None

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.Backend

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

writability-mode

Synopsis

Specifies the behavior that the backend should use when processing write operations.

Default value

enabled

Allowed values

  • disabled: Causes all write attempts to fail.

  • enabled: Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).

  • internal-only: Causes external write attempts to fail but allows writes by replication and internal operations.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

cipher-key-length

Synopsis

Specifies the key length in bits for the preferred cipher.

Default value

128

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-only

No

cipher-transformation

Synopsis

Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

Description

The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

Default value

AES/GCM/NoPadding

Allowed values

The cipher transformation.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-only

No

entries-compressed

Synopsis

Indicates whether the backend should attempt to compress entries before storing them in the database.

Description

Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.

Advanced

Yes

Read-only

No

import-offheap-memory-size

Synopsis

Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index).

Default value

Use only heap memory.

Allowed values

Uses size syntax.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

index-entry-limit

Synopsis

Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained.

Description

This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis. A value of 0 means there is no limit. Changing the index entry limit significantly can result in serious performance degradation. Please read the documentation before changing this setting.

Default value

4000

Allowed values

An integer.

Lower limit: 0.

Upper limit: 2147483647.

Multi-valued

No

Required

No

Admin action required

None

If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit.

Advanced

Yes

Read-only

No

index-filter-analyzer-enabled

Synopsis

Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes.

Description

Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

index-filter-analyzer-max-filters

Synopsis

The maximum number of search filter statistics to keep.

Description

When the maximum number of search filter is reached, the least used one will be deleted.

Default value

25

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.