PingAuthorize Server Documentation Index
Configuration Reference Home

Task Backend

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.

The Task Backend provides a mechanism for scheduling tasks in the PingAuthorize Server. Tasks are intended to provide access to certain types of administrative functions in the server that may not be convenient to perform remotely.

The PingAuthorize Server supports tasks to backup and restore backends, to import and export LDIF files, and to stop and restart the server. The details of a task are in an entry that is below the root of the Task Backend. The Task Backend is responsible for decoding that task entry and ensuring that it is processed as requested. Tasks may be invoked immediately, but they may also be scheduled for execution at some future time.

Parent Component
Properties
dsconfig Usage

Parent Component

The Task Backend component inherits from the Backend

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description ↓ backend-id
↓ enabled ↓ base-dn
↓ writability-mode ↓ set-degraded-alert-when-disabled
↓ return-unavailable-when-disabled
↓ backup-file-permissions
Task Configuration Basic Properties: Advanced Properties:
↓ task-backing-file  None
↓ maximum-initial-task-log-messages-to-retain
↓ maximum-final-task-log-messages-to-retain
↓ task-retention-time
↓ notification-sender-address

Basic Properties

description

Property Group
General Configuration
Description
A description for this Backend
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

writability-mode

Property Group
General Configuration
Description
Specifies the behavior that the backend should use when processing write operations.
Default Value
enabled
Allowed Values
enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).

disabled - Causes all write attempts to fail.

internal-only - Causes external write attempts to fail but allows writes by replication and internal operations.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

task-backing-file

Property Group
Task Configuration
Description
Specifies the path to the backing file for storing information about the tasks configured in the server. It may be either an absolute path or a relative path to the base of the PingAuthorize Server instance.
Default Value
None
Allowed Values
A filesystem path
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

maximum-initial-task-log-messages-to-retain

Property Group
Task Configuration
Description
The maximum number of log messages to retain in each task entry from the beginning of the processing for that task. If too many messages are logged during task processing, then retaining only a limited number of messages from the beginning and/or end of task processing can reduce the amount of memory that the server consumes by caching information about currently-active and recently-completed tasks. The server will use the following logic in determining which log messages to retain in the entry for a task:
  1. If either maximum-initial-task-log-messages-to-retain or maximum-final-task-log-messages-to-retain is undefined, then the task entry will include all messages logged by that task.
  2. If the total number of messages logged during task processing is less than or equal to the sum of the maximum-initial-task-log-messages-to-retain and the maximum-final-task-log-messages-to-retain properties, then the task entry will include all messages logged by that task.
  3. If both maximum-initial-task-log-messages-to-retain and maximum-final-task-log-messages-to-retain are set to zero, then the task entry will not include any messages logged by that task.
  4. If the total number of messages logged during task processing is greater than the sum of the maximum-initial-task-messages-to-retain and maximum-final-task-messages-to-retain property values, then the task entry will omit a subset of the messages logged by that task. If maximum-initial-task-messages-to-retain is zero, then the entry will exclude messages logged at the beginning of task processing. If maximum-final-task-messages-to-retain is zero, then the entry will exclude messages logged at the end of task processing. If both maximum-initial-task-messages-to-retain and maximum-final-task-messages-to-retain are nonzero, then the entry will exclude messages logged in the middle of task processing. The set of log messages contained in the task entry will include a placeholder message that indicates the number of messages that were omitted.

Note that even if some messages logged during task processing are omitted from the task entry, all messages will still be properly recorded in the server error log.
Default Value
None
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

maximum-final-task-log-messages-to-retain

Property Group
Task Configuration
Description
The maximum number of log messages to retain in each task entry from the end of the processing for that task. If too many messages are logged during task processing, then retaining only a limited number of messages from the beginning and/or end of task processing can reduce the amount of memory that the server consumes by caching information about currently-active and recently-completed tasks. The server will use the following logic in determining which log messages to retain in the entry for a task:
  1. If either maximum-initial-task-log-messages-to-retain or maximum-final-task-log-messages-to-retain is undefined, then the task entry will include all messages logged by that task.
  2. If the total number of messages logged during task processing is less than or equal to the sum of the maximum-initial-task-log-messages-to-retain and the maximum-final-task-log-messages-to-retain properties, then the task entry will include all messages logged by that task.
  3. If both maximum-initial-task-log-messages-to-retain and maximum-final-task-log-messages-to-retain are set to zero, then the task entry will not include any messages logged by that task.
  4. If the total number of messages logged during task processing is greater than the sum of the maximum-initial-task-messages-to-retain and maximum-final-task-messages-to-retain property values, then the task entry will omit a subset of the messages logged by that task. If maximum-initial-task-messages-to-retain is zero, then the entry will exclude messages logged at the beginning of task processing. If maximum-final-task-messages-to-retain is zero, then the entry will exclude messages logged at the end of task processing. If both maximum-initial-task-messages-to-retain and maximum-final-task-messages-to-retain are nonzero, then the entry will exclude messages logged in the middle of task processing. The set of log messages contained in the task entry will include a placeholder message that indicates the number of messages that were omitted.

Note that even if some messages logged during task processing are omitted from the task entry, all messages will still be properly recorded in the server error log.
Default Value
None
Allowed Values
An integer value. Lower limit is 0.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

task-retention-time

Property Group
Task Configuration
Description
Specifies the length of time that task entries should be retained after processing on the associated task has been completed.
Default Value
24 hours
Allowed Values
A duration. Lower limit is 0 seconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

notification-sender-address

Property Group
Task Configuration
Description
Specifies the email address to use as the sender address (that is, the "From:" address) for notification mail messages generated when a task completes execution.
Default Value
The default sender address used is "PingAuthorize-task-notification@" followed by the canonical address of the system on which the server is running.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

backend-id (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
Default Value
tasks
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

base-dn (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
Default Value
cn=tasks
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
Yes
Admin Action Required
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration

set-degraded-alert-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether the PingAuthorize Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

return-unavailable-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

backup-file-permissions (Advanced Property)

Property Group
General Configuration
Description
Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX.
Default Value
700
Allowed Values
Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions).

Example values
Value Synopsis
700 Grant the owner read, write and execute permissions. Deny all other users permissions.
750 Grant the owner read, write and execute permissions. Grant the group read and execute permissions. Deny all other users permissions.

Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Backends:

dsconfig list-backends
     [--property {propertyName}] ...

To view the configuration for an existing Backend:

dsconfig get-backend-prop
     --backend-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Backend:

dsconfig set-backend-prop
     --backend-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...