Note: this component has a complexity level of "expert", which means that objects of this type are not expected to be created or altered. Please contact UnboundID support for assistance if you believe that you have a need to create or modify this type of object.
The Trust Store Backend provides an LDAP view of a file-based trust store. It is used by the administrative cryptographic framework.
↓Parent Component
↓Properties
↓dsconfig Usage
The Trust Store Backend component inherits from the Backend
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| ↓ description | ↓ backend-id |
| ↓ enabled | ↓ base-dn |
| ↓ writability-mode | ↓ trust-store-file |
| ↓ set-degraded-alert-when-disabled | ↓ trust-store-type |
| ↓ return-unavailable-when-disabled | |
| ↓ trust-store-pin | |
| ↓ trust-store-pin-property | |
| ↓ trust-store-pin-environment-variable | |
| ↓ trust-store-pin-file |
| Description | A description for this Backend |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the behavior that the backend should use when processing write operations. |
| Default Value | enabled |
| Allowed Values | enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). disabled - Causes all write attempts to fail. internal-only - Causes external write attempts to fail but allows writes by replication and internal operations. |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
set-degraded-alert-when-disabled
| Description | Determines whether the Synchronization Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
return-unavailable-when-disabled
| Description | Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled. |
| Default Value | true |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the clear-text PIN needed to access the Trust Store Backend. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the Trust Store Backend is accessed. |
| Description | Specifies the name of the Java property that contains the clear-text PIN needed to access the Trust Store Backend. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the Trust Store Backend is accessed. |
trust-store-pin-environment-variable
| Description | Specifies the name of the environment variable that contains the clear-text PIN needed to access the Trust Store Backend. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the Trust Store Backend is accessed. |
| Description | Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the Trust Store Backend. |
| Default Value | None |
| Allowed Values | Unknown |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property will take effect the next time that the Trust Store Backend is accessed. |
backend-id (Advanced Property, Read-Only)
| Description | Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. |
| Default Value | ads-truststore |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
base-dn (Advanced Property, Read-Only)
| Description | Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. |
| Default Value | cn=ads-truststore |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used. |
trust-store-file (Advanced Property)
| Description | Specifies the path to the file that stores the trust information. It may be an absolute path, or a path that is relative to the Synchronization Server instance root. |
| Default Value | config/ads-truststore |
| Allowed Values | Unknown |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
trust-store-type (Advanced Property)
| Description | Specifies the format for the data in the key store file. Valid values should always include 'JKS' and 'PKCS12', but different implementations may allow other values as well. |
| Default Value | The JVM default value is used. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Changes to this property take effect the next time that the key manager is accessed. |
To list the configured Backends:
dsconfig list-backends
[--property {propertyName}] ...
To view the configuration for an existing Backend:
dsconfig get-backend-prop
--backend-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Backend:
dsconfig set-backend-prop
--backend-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Trust Store Backend:
dsconfig create-backend
--backend-name {name}
--type trust-store
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Backend:
dsconfig delete-backend
--backend-name {name}