Core directory server administrative components. Specifies the port number on which the will listen for connections from clients. Only a single port number may be provided. ds-cfg-listen-port Indicates whether the should use SSL. If enabled, the will use SSL to encrypt communication with the clients. false ds-cfg-use-ssl Need a better default description. Specifies the nicknames (also called the aliases) of the keys or key pairs that the should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the is configured to use SSL. Let the server decide. ds-cfg-ssl-cert-nickname Specifies the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-key-store-pin Better syntax for property name? Specifies the name of the Java property that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* STRING The name of a defined Java property. ds-cfg-key-store-pin-property Specifies the name of the environment variable that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* STRING The name of a defined environment variable that contains the clear-text PIN required to access the contents of the key store. ds-cfg-key-store-pin-environment-variable Should use a file-based property definition? Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. .* FILE A path to an existing file that is readable by the server. ds-cfg-key-store-pin-file Specifies the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin Better syntax for property name? Specifies the name of the Java property that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-property Specifies the name of the environment variable that contains the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-environment-variable Should use a file-based property definition? Specifies the path to the text file whose only contents should be a single line containing the clear-text PIN needed to access the . Changes to this property will take effect the next time that the is accessed. ds-cfg-trust-store-pin-file The set of filters that define the entries that should be included in the cache. ds-cfg-include-filter The set of filters that define the entries that should be excluded from the cache. ds-cfg-exclude-filter Specifies a set of host names or address masks that determine the clients that are allowed to establish connections to this . Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Changes to this property take effect immediately and do not interfere with connections that may have already been established. All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. ds-cfg-allowed-client Specifies a set of host names or address masks that determine the clients that are not allowed to establish connections to this . Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Changes to this property take effect immediately and do not interfere with connections that may have already been established. If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. ds-cfg-denied-client Indicates whether the should use TCP keep-alive. If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware. true ds-cfg-use-tcp-keep-alive Indicates whether the should use TCP no-delay. If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request. true ds-cfg-use-tcp-no-delay Indicates whether the should reuse socket descriptors. If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system. true ds-cfg-allow-tcp-reuse-address