Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Schema Backend provides access to the Directory Proxy Server schema information, including the attribute types, object classes, attribute syntaxes, matching rules, matching rule uses, DIT content rules, and DIT structure rules that it contains.
The server allows "modify" operations in this backend to alter the server schema definitions. The configuration entry for this backend is based on the ds-cfg-schema-backend structural object class. Note that any attribute types included in this entry that are not included in this object class (or the parent ds-cfg-backend class) appears directly in the schema entry.
↓Parent Component
↓Properties
↓dsconfig Usage
The Schema Backend component inherits from the Backend
The properties supported by this managed object are as follows:
General Configuration Basic Properties: | Advanced Properties: |
---|---|
↓ description | ↓ backend-id |
↓ enabled | ↓ base-dn |
↓ writability-mode | ↓ set-degraded-alert-when-disabled |
↓ return-unavailable-when-disabled | |
↓ backup-file-permissions | |
Schema Configuration Basic Properties: | Advanced Properties: |
↓ show-all-attributes | ↓ schema-entry-dn |
↓ read-only-schema-file |
Property Group | General Configuration |
Description | A description for this Backend |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Indicates whether the backend is enabled in the server. If a backend is not enabled, then its contents are not accessible when processing operations. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | General Configuration |
Description | Specifies the behavior that the backend should use when processing write operations. |
Default Value | enabled |
Allowed Values | enabled - Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled). disabled - Causes all write attempts to fail. internal-only - Causes external write attempts to fail but allows writes by replication and internal operations. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Property Group | Schema Configuration |
Description | Indicates whether to treat all attributes in the schema entry as if they were user attributes regardless of their configuration. This may provide compatibility with some applications that expect schema attributes like attributeTypes and objectClasses to be included by default even if they are not requested. Note that the ldapSyntaxes attribute is always treated as operational in order to avoid problems with attempts to modify the schema over protocol. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
backend-id (Advanced Property, Read-Only)
Property Group | General Configuration |
Description | Specifies a name to identify the associated backend. The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server. |
Default Value | schema |
Allowed Values | A string |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
base-dn (Advanced Property, Read-Only)
Property Group | General Configuration |
Description | Specifies the base DN(s) for the data that the backend handles. A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN. |
Default Value | cn=schema |
Allowed Values | A valid DN. |
Multi-Valued | Yes |
Required | Yes |
Admin Action Required | No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.
Although it is currently supported, the use of multiple base DNs per backend is not recommended and this capability may be removed in the future. If you are considering the use of multiple base DNs in a backend, you should first contact Ping Identity support to discuss this configuration |
set-degraded-alert-when-disabled (Advanced Property)
Property Group | General Configuration |
Description | Determines whether the Directory Proxy Server enters a DEGRADED state (and sends a corresponding alert) when this Backend is disabled. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
return-unavailable-when-disabled (Advanced Property)
Property Group | General Configuration |
Description | Determines whether any LDAP operation that would use this Backend is to return UNAVAILABLE when this Backend is disabled. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
backup-file-permissions (Advanced Property)
Property Group | General Configuration | ||||||
Description | Specifies the permissions that should be applied to files and directories created by a backup of the backend. They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the file or directory's owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Execute permissions are only applied to directories. If the underlying platform does not allow the full level of granularity specified in the permissions, then an attempt will be made to set them as closely as possible to the provided permissions, erring on the side of security. Due to Java platform limitations, it may not be possible to set group member permissions independently of other user permissions, even on UNIX. | ||||||
Default Value | 700 | ||||||
Allowed Values | Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions). Example values
| ||||||
Multi-Valued | No | ||||||
Required | No | ||||||
Admin Action Required | None. Modification requires no further action |
schema-entry-dn (Advanced Property)
Property Group | Schema Configuration |
Description | Defines the base DNs of the subtrees in which the schema information is published in addition to the value included in the base-dn property. The value provided in the base-dn property is the only one that appears in the subschemaSubentry operational attribute of the server's root DSE (which is necessary because that is a single-valued attribute) and as a virtual attribute in other entries. The schema-entry-dn attribute may be used to make the schema information available in other locations to accommodate certain client applications that have been hard-coded to expect the schema to reside in a specific location. |
Default Value | cn=schema |
Allowed Values | A valid DN. |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
read-only-schema-file (Advanced Property)
Property Group | Schema Configuration |
Description | Specifies the name of a file (which must exist in the config/schema directory) containing schema elements that should be considered read-only. Any schema definitions contained in read-only files cannot be altered by external clients. |
Default Value | 00-core.ldif 01-pwpolicy.ldif 02-config.ldif 03-changelog.ldif 03-rfc2713.ldif 03-rfc2714.ldif 03-rfc2739.ldif 03-rfc2926.ldif 03-rfc2985.ldif 03-rfc3112.ldif 03-rfc3712.ldif 03-uddiv3.ldif 04-rfc2307bis.ldif 05-unboundid-config.ldif 06-unboundid-proxy-config.ldif 07-unboundid-sync-config.ldif 08-unboundid-governance-config.ldif 09-ping-one-for-customers-pass-through-authentication.ldif 10-unboundid-http-session.ldif 10-unboundid-reserved.ldif 20-unboundid-extended.ldif 30-ping-consent.ldif |
Allowed Values | A string |
Multi-Valued | Yes |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Backends:
dsconfig list-backends [--property {propertyName}] ...
To view the configuration for an existing Backend:
dsconfig get-backend-prop --backend-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Backend:
dsconfig set-backend-prop --backend-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...