a31148363f598def767ac48c5d82e1572e44b935Gerry Liuuser-friendly-name=LDAP Connection Handler

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuuser-friendly-plural-name=LDAP Connection Handlers

a31148363f598def767ac48c5d82e1572e44b935Gerry Liusynopsis=The LDAP Connection Handler is used to interact with clients using LDAP.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liudescription=It provides full support for LDAPv3 and limited support for LDAPv2.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuconstraint.1.synopsis=A Key Manager Provider must be specified when this LDAP Connection Handler is enabled and it is configured to use SSL or StartTLS.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuconstraint.2.synopsis=A Trust Manager Provider must be specified when this LDAP Connection Handler is enabled and it is configured to use SSL or StartTLS.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuconstraint.3.synopsis=A LDAP Connection Handler cannot be configured to support SSL and StartTLS at the same time. Either SSL or StartTLS must be disabled in order for this LDAP Connection Handler to be used.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.accept-backlog.synopsis=Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.accept-backlog.description=This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allowed-client.synopsis=Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this LDAP Connection Handler.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allowed-client.description=Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allowed-client.default-behavior.alias.synopsis=All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allowed-client.requires-admin-action.synopsis=Changes to this property take effect immediately and do not interfere with connections that may have already been established.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-ldap-v2.synopsis=Indicates whether connections from LDAPv2 clients are allowed.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-ldap-v2.description=If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-start-tls.synopsis=Indicates whether clients are allowed to use StartTLS.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-start-tls.description=If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-tcp-reuse-address.synopsis=Indicates whether the LDAP Connection Handler should reuse socket descriptors.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.allow-tcp-reuse-address.description=If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.buffer-size.synopsis=Specifies the size in bytes of the LDAP response message write buffer.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.buffer-size.description=This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.denied-client.synopsis=Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this LDAP Connection Handler.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.denied-client.description=Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.denied-client.default-behavior.alias.synopsis=If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.denied-client.requires-admin-action.synopsis=Changes to this property take effect immediately and do not interfere with connections that may have already been established.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.enabled.synopsis=Indicates whether the LDAP Connection Handler is enabled.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.java-class.synopsis=Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.keep-stats.synopsis=Indicates whether the LDAP Connection Handler should keep statistics.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.keep-stats.description=If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.key-manager-provider.synopsis=Specifies the name of the key manager that should be used with this LDAP Connection Handler .

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.key-manager-provider.requires-admin-action.synopsis=Changes to this property take effect immediately, but only for subsequent attempts to access the key manager provider for associated client connections.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.key-manager-provider.syntax.aggregation.constraint-synopsis=The referenced key manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.listen-address.synopsis=Specifies the address or set of addresses on which this LDAP Connection Handler should listen for connections from LDAP clients.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.listen-address.description=Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the LDAP Connection Handler listens on all interfaces.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.listen-port.synopsis=Specifies the port number on which the LDAP Connection Handler will listen for connections from clients.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.listen-port.description=Only a single port number may be provided.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.max-blocked-write-time-limit.synopsis=Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.max-blocked-write-time-limit.description=If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.max-request-size.synopsis=Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.max-request-size.description=This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.num-request-handlers.synopsis=Specifies the number of request handlers that are used to read requests from clients.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.num-request-handlers.description=The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.num-request-handlers.default-behavior.alias.synopsis=Let the server decide.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.send-rejection-notice.synopsis=Indicates whether the LDAP Connection Handler should send a notice of disconnection extended response message to the client if a new connection is rejected for some reason.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.send-rejection-notice.description=The extended response message may provide an explanation indicating the reason that the connection was rejected.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cert-nickname.synopsis=Specifies the nickname (also called the alias) of the certificate that the LDAP Connection Handler should use when performing SSL communication.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cert-nickname.description=This is only applicable when the LDAP Connection Handler is configured to use SSL.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cert-nickname.default-behavior.alias.synopsis=Let the server decide.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cipher-suite.synopsis=Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cipher-suite.default-behavior.alias.synopsis=Uses the default set of SSL cipher suites provided by the server's JVM.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-cipher-suite.requires-admin-action.synopsis=Changes to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-client-auth-policy.synopsis=Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required".

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.ssl-client-auth-policy.description=This is only applicable if clients are allowed to use SSL.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.ssl-client-auth-policy.syntax.enumeration.value.disabled.synopsis=Clients must not provide their own certificates when performing SSL negotiation.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-client-auth-policy.syntax.enumeration.value.optional.synopsis=Clients are requested to provide their own certificates when performing SSL negotiation. The connection is nevertheless accepted if the client does not provide a certificate.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-client-auth-policy.syntax.enumeration.value.required.synopsis=Clients are required to provide their own certificates when performing SSL negotiation and are refused access if they do not provide a certificate.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-protocol.synopsis=Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.ssl-protocol.default-behavior.alias.synopsis=Uses the default set of SSL protocols provided by the server's JVM.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.ssl-protocol.requires-admin-action.synopsis=Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.trust-manager-provider.synopsis=Specifies the name of the trust manager that should be used with the LDAP Connection Handler .

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.trust-manager-provider.requires-admin-action.synopsis=Changes to this property take effect immediately, but only for subsequent attempts to access the trust manager provider for associated client connections.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.trust-manager-provider.syntax.aggregation.constraint-synopsis=The referenced trust manager provider must be enabled when the LDAP Connection Handler is enabled and configured to use SSL or StartTLS.

5084e753b79a753c8b532c06eb3ad1d025e8e472Mark J. Nelsonproperty.use-ssl.synopsis=Indicates whether the LDAP Connection Handler should use SSL.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.use-ssl.description=If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.use-tcp-keep-alive.synopsis=Indicates whether the LDAP Connection Handler should use TCP keep-alive.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.use-tcp-keep-alive.description=If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.use-tcp-no-delay.synopsis=Indicates whether the LDAP Connection Handler should use TCP no-delay.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liuproperty.use-tcp-no-delay.description=If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

a31148363f598def767ac48c5d82e1572e44b935Gerry Liu