|
|
|
The server_jcs.xml file contains the following configuration settings:
Specifies the authentication methods. Only simple is currently supported.
Specifies the authentication principal. This is hardwired to uid=admin,ou=system by ApacheDS, but an optional java.naming.security.principal.alias= can be specified to ease integration. When this alias is received for authentication, it is treated exactly as uid=admin,ou=system.
Specifies the authentication credentials for the configured principal. The authentication credentials can be stored in the file as plain text or as a SHA one-way hash.
We recommend that you store them as a SHA one-way hash, rather than as plain text.
We recommend that you do not change this password except through the installer, as the value specified in this file must match the value inside ApacheDS persistent store.
Specifies the maximum number of requests that can be processed concurrently for all activated connectors hosted by a Java CS. It defaults to 200 to match the Provisioning Servers configuration. When increasing it be sure to consider also increasing other configuration settings like heap-space for the Java Virtual Machine or “ulimit –n” setting for open files on Solaris.
Note: The manual settings in the server_jcs.properties file can potentially override this setting.
Note: For more information, see Solaris Considerations.
Specifies the port which the Java CS listens on for insecure connections. Set the port to one of the recommended ports unless multiple C++ Connector Servers or Java CSs run on the same computer. Where a secure port is configured, use the secure port instead.
The insecure port can be useful for debugging purposes. By default, the Java CS installer mandates the use of the ldapsPort exclusively. Set the port to one of the following port numbers:
Specifies the port which the Java CS listens on for secure connections. The ldapsPort, with associated properties enableLdaps, ldapsCertificateFileldapsCertificateFile, and ldapsCertificatePassword, must be a different port from the one chosen for ldapPort. Traffic on this port is secured using the configured certificate and the Transport Layer Security (TLS) protocol. The ldapsPort can also be useful for debugging by setting the logging level in the Java CS log4j.properties file to trace LDAP requests as they are delivered to the Java CS.
Set the port to one of the following port numbers:
The ldapsCertificateFile is configured to reference a Java keystore containing the standard IM Provisioning Server certificate. The Java CS installer sets the default ldapsCertificatePassword.
Specifies which LDAP schemas the Java CS knows. This property incorporates schemas which have been converted to Java objects by the ApacheDS build process. Additional OpenLDAP formatted .schema files (see http://www.openldap.org/doc/admin23/schema.html) can be loaded by placing them in the Java CS conf/ directory (like eta_dyn_openldap.schema) or ideally contributed from the conf/ directory within a specific connector's JCS-connector-*.jar file (refer to SDK connector's conf/etaeta_sdk_openldap.schema _nds_openldap.schema registered through its conf/connector.xml descriptor in the jcs-connector-sdk.jar sample connector).
Configures the service that detects LDAP traffic and determines when it is Java CS related. This service handles lazy activation of connectors as they are mentioned in LDAP ADD requests.
Specifies any other standard ApacheDS interceptor services. Interceptor services not required by the Java CS have been deactivated.
Specifies the Persister for connector and connector levels of the DIT. The Persister is not required when the Java CS is accessed through the Provisioning Manager, but can be of interest in other deployment situations.
Users can configure the crypto service users who want to activate encryption convertors on specific fields according to their metadata properties, most importantly the isEncrypted boolean metadata setting.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |