Administration Connector
The Administration Connector is used to interact with administration tools using LDAP.
It is a dedicated entry point for administration.
Dependencies
Administration Connectors depend on the following objects:
Administration Connector Properties
You can use configuration expressions to set property values at startup time. For details, see Property Value Substitution.
Basic Properties
advertised-listen-address
| Synopsis | The advertised address(es) which clients should use for connecting to this Administration Connector. |
| Description | Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted. |
| Default Value | None |
| Allowed Values | A hostname or an IP address. |
| Multi-valued | Yes |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
allowed-client
| Synopsis | A set of clients who will be allowed to establish connections to this Administration Connector. |
| Description | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
| Default Value | All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. |
| Allowed Values | An IP address mask. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately and do not interfere with established connections. |
| Advanced | No |
| Read-Only | No |
denied-client
| Synopsis | A set of clients who are not allowed to establish connections to this Administration Connector. |
| Description | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
| Default Value | If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. |
| Allowed Values | An IP address mask. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately and do not interfere with established connections. |
| Advanced | No |
| Read-Only | No |
key-manager-provider
| Synopsis | Specifies the name of the key manager that is used with the Administration Connector . |
| Default Value | None |
| Allowed Values | The name of an existing Key Manager Provider . The referenced key manager provider must be enabled. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | Restart the server for changes to take effect. |
| Advanced | No |
| Read-Only | No |
listen-address
| Synopsis | The network interface(s) on which this Administration Connector should listen for incoming client connections. |
| Description | Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces. |
| Default Value | 0.0.0.0 |
| Allowed Values | A hostname or an IP address. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | Restart the server for changes to take effect. |
| Advanced | No |
| Read-Only | No |
listen-port
| Synopsis | Specifies the port number on which the Administration Connector will listen for connections from clients. |
| Description | Only a single port number may be provided. |
| Default Value | None |
| Allowed Values | An integer. Lower limit: 1. Upper limit: 65535. |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
| Advanced | No |
| Read-Only | No |
restricted-client
| Synopsis | A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property. |
| Description | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
| Default Value | No restrictions are imposed on the number of connections a client can open. |
| Allowed Values | An IP address mask. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately and do not interfere with established connections. |
| Advanced | No |
| Read-Only | No |
restricted-client-connection-limit
| Synopsis | Specifies the maximum number of connections a restricted client can open at the same time to this Administration Connector. |
| Description | Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration. |
| Default Value | 100 |
| Allowed Values | An integer. Lower limit: 0. |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately and do not interfere with established connections. |
| Advanced | No |
| Read-Only | No |
ssl-cert-nickname
| Synopsis | Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication. |
| Description | The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Administration Connector is configured to use SSL. |
| Default Value | Let the server decide. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | Restart the server for changes to take effect. |
| Advanced | No |
| Read-Only | No |
ssl-cipher-suite
| Synopsis | Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. |
| Default Value | Uses the default set of SSL cipher suites provided by the server's JVM. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. |
| Advanced | No |
| Read-Only | No |
ssl-protocol
| Synopsis | Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. |
| Default Value | Uses the default set of SSL protocols provided by the server's JVM. |
| Allowed Values | A string. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. |
| Advanced | No |
| Read-Only | No |
trust-manager-provider
| Synopsis | Specifies the name(s) of the trust manager(s) that is used with the Administration Connector . |
| Default Value | None |
| Allowed Values | The name of an existing Trust Manager Provider . The referenced trust manager provider must be enabled. |
| Multi-valued | Yes |
| Required | Yes |
| Admin Action Required | Restart the server for changes to take effect. |
| Advanced | No |
| Read-Only | No |