Data Governance Server Documentation Index
Configuration Reference Home

Config File Handler Backend

Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact support for assistance if you believe that you have a need to create or modify this type of object.

The Config File Handler Backend allows clients to access the server configuration over protocol, and allow both read and write operations. Note: Modify DN operations are not supported for entries in the server configuration.

Parent Component
Properties
dsconfig Usage

Parent Component

The Config File Handler Backend component inherits from the Backend

Properties

The properties supported by this managed object are as follows:


General Configuration Basic Properties: Advanced Properties:
↓ description ↓ backend-id
↓ enabled ↓ base-dn
↓ insignificant-config-archive-attribute ↓ writability-mode
↓ set-degraded-alert-when-disabled
↓ return-unavailable-when-disabled
↓ backup-file-permissions
Mirroring Configuration Basic Properties: Advanced Properties:
 None ↓ mirrored-subtree-peer-polling-interval
↓ mirrored-subtree-entry-update-timeout
↓ mirrored-subtree-search-timeout

Basic Properties

description

Property Group
General Configuration
Description
A description for this Backend
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Property Group
General Configuration
Description
Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

insignificant-config-archive-attribute

Property Group
General Configuration
Description
The name or OID of an attribute type that is considered insignificant for the purpose of maintaining the configuration archive. If an existing configuration entry is updated, but the only changes are to one or more of these insignificant attributes, then the updated configuration will be added to the configuration archive, but that archived configuration file may be removed after the next configuration change. This can help polluting the configuration archive with changes that affect attributes in the configuration but do not actually affect the configuration itself.
For example, if last login time tracking is enabled, then each time a root user authenticates, the configuration will be updated to include a new value for the ds-pwp-last-login-time attribute, and this could result in a large number of files added to the configuration archive in which the only update over the previous version of the configuration is a new value for ds-pwp-last-login-time. By declaring that attribute insignificant for the purpose of the configuration archive, the server will not retain archived files in which the only change over the previous archived configuration was to that attribute.
It is generally recommended that this property only be used to name operational attributes, and more specifically, only operational attributes that are managed by the server (typically declared with the NO-USER-MODIFICATION constraint) rather than those that can be directly updated by a server administrator or the user represented by the entry.
Default Value
None
Allowed Values
The name or OID of an attribute type defined in the server schema.
Multi-Valued
Yes
Required
No
Admin Action Required
None. Modification requires no further action


Advanced Properties

backend-id (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.
Default Value
config
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

base-dn (Advanced Property, Read-Only)

Property Group
General Configuration
Description
Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.
Default Value
cn=config
Allowed Values
A valid DN.
Multi-Valued
Yes
Required
Yes
Admin Action Required
No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration

writability-mode (Advanced Property)

Property Group
General Configuration
Description
Specifies the behavior that the backend should use when processing write operations.
Default Value
enabled
Allowed Values
enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).

disabled - Causes all write attempts to fail.

internal-only - Causes external write attempts to fail but allows writes by replication and internal operations.
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

set-degraded-alert-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether the Data Governance Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

return-unavailable-when-disabled (Advanced Property)

Property Group
General Configuration
Description
Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled.
Default Value
true
Allowed Values
true
false
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

backup-file-permissions (Advanced Property)

Property Group
General Configuration
Description
Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX.
Default Value
700
Allowed Values
Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions).

Example values
Value Synopsis
700 Grant the owner read, write and execute permissions. Deny all other users permissions.
750 Grant the owner read, write and execute permissions. Grant the group read and execute permissions. Deny all other users permissions.

Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

mirrored-subtree-peer-polling-interval (Advanced Property)

Property Group
Mirroring Configuration
Description
Tells the server component that is responsible for mirroring configuration data across a topology of servers the maximum amount of time to wait before polling the peer servers in the topology to determine if there are any changes in the topology. Mirrored data includes meta-data about the servers in the topology as well as cluster-wide configuration data. The server uses a master/slave architecture for mirroring the shared data across the servers in the topology, where there can be a single master at any one time. Reads may be served by any node, whereas all updates are forwarded to the master, which will forward them to all the slaves. It provides support for failover when a master node goes down or becomes unreachable. A lower value will make for a quicker failover in the event of a failure, but it will also cause more frequent traffic among the peers.
Default Value
5 seconds
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

mirrored-subtree-entry-update-timeout (Advanced Property)

Property Group
Mirroring Configuration
Description
Tells the server component that is responsible for mirroring configuration data across a topology of servers the maximum amount of time to wait for an update operation (add, delete, modify and modify-dn) on an entry to be applied on all servers in the topology. Mirrored data includes meta-data about the servers in the topology as well as cluster-wide configuration data. A value of zero seconds indicates that no timeout should be enforced. The network stack of the underlying operating system may enforce a limit.
Default Value
10 seconds
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

mirrored-subtree-search-timeout (Advanced Property)

Property Group
Mirroring Configuration
Description
Tells the server component that is responsible for mirroring configuration data across a topology of servers the maximum amount of time to wait for a search operation to complete. Mirrored data includes meta-data about the servers in the topology as well as cluster-wide configuration data. Search requests that take longer than this timeout will be canceled and considered failures. A value of zero seconds indicates that no timeout should be enforced.
Default Value
10 seconds
Allowed Values
A duration. Lower limit is 0 milliseconds.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Backends:

dsconfig list-backends
     [--property {propertyName}] ...

To view the configuration for an existing Backend:

dsconfig get-backend-prop
     --backend-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Backend:

dsconfig set-backend-prop
     --backend-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...