Core directory server administrative components. Specifies the port number on which the will listen for connections from clients. Only a single port number may be provided. ds-cfg-listen-port Indicates whether the should use SSL. If enabled, the will use SSL to encrypt communication with the clients. false ds-cfg-use-ssl Need a better default description. Specifies the nickname (also called the alias) of the certificate that the should use when performing SSL communication. This is only applicable when the is configured to use SSL. Let the server decide. ds-cfg-ssl-cert-nickname Specifies the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-key-store-pin Better syntax for property name? Specifies the name of the Java property that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* STRING The name of a defined Java property. ds-cfg-key-store-pin-property Specifies the name of the environment variable that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* STRING The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. ds-cfg-key-store-pin-environment-variable Should use a file-based property definition? Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* FILE A path to an existing file that is readable by the server. ds-cfg-key-store-pin-file Specifies the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin Better syntax for property name? Specifies the name of the Java property that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-property Specifies the name of the environment variable that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-environment-variable Should use a file-based property definition? Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-file The set of filters that define the entries that should be included in the cache. ds-cfg-include-filter The set of filters that define the entries that should be excluded from the cache. ds-cfg-exclude-filter Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this . Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Changes to this property take effect immediately and do not interfere with connections that may have already been established. All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. ds-cfg-allowed-client Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this . Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Changes to this property take effect immediately and do not interfere with connections that may have already been established. If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. ds-cfg-denied-client