DSML Configuration File Elements
The following describes the elements found in the DSML configuration file.
All the element tags inside the virtualDirectory element are optional. To omit an element tag, omit the entire line, including the surrounding XML elements. For example, to omit serverName, omit <server>serverName</server>.
The elements contained in the virtualDirectory element of the DSML configuration file are listed in the following list.
-
serverName
-
Specifies the DNS name of the Active Directory server or domain against which to perform LDAP operations. If serverName is omitted, DSML Services for Windows connects to a domain controller for the domain to which the web server computer account belongs. If a domain name is specified, it connects to a DC for that domain. If a server name is specified, it connects to that specific server.
-
portNumber
-
Specifies the port number on the Active Directory server to which to connect. The default is port 389.
-
enableSSL
-
Specifies whether SSL encryption will be used when connecting to the Active Directory server. The default value is false.
-
enableLDAPSigning
-
Specifies whether the LDAP connection between a server running DSML Services for Windows and the Active Directory server will use certificate signing. This option does not affect the connection between the client application and a server running DSML Services for Windows. The default value is false, meaning digital signing is not used.
-
enableLDAPSealing
-
Specifies whether the LDAP connection between a server running DSML Services for Windows and the Active Directory server will use data encryption. This option does not affect the connection between the client application and a server running DSML Services for Windows. The default value is false, meaning encryption not used.
-
enableReadOnlyMode
-
Specifies whether read-only mode is enabled. If enabled, a server running DSML Services for Windows will only process searchRequest and compareRequest operations. Other requests, for example, requests to add to, delete from, or modify the directory, will fail. The default value is false.
-
connTime
-
Specifies the time, in seconds, to wait when trying to establish a LDAP connection to the Active Directory server. The default setting is no timeout period. It is recommended that you specify a timeout period.
-
operTime
-
Specifies the time, in seconds, to wait for an individual LDAP operation to complete. The default is no timeout period. It is recommended that you specify a timeout period.
-
numberOfConnections
-
Specifies the maximum number of simultaneous LDAP connections to keep open to the Active Directory server. The default number is five. The higher this number, the greater the number of incoming DSML requests that can be simultaneously processed.
-
maxReqsPerBatch
-
Specifies the maximum number of operations that a server running DSML Services for Windows will accept in a single DSML batchRequest. Requests which contain more than that number of operations will not be processed, and an error will be returned. The default value is 1000. For optimal performance, it is recommended not to set this option to a value greater than 4000.
-
chaseReferralsType
-
Specifies the type of referral chasing used by the Active Directory server when a referral is generated. The allowable values are never, always, subordinate, and external. The default value is never, meaning referral chasing is not used.
-
totalSessions
-
Specifies the total number of outstanding active sessions allowed. If the total number reaches the maximum, and a client requests a new session, the server will reject all subsequent new session requests until the number of outstanding active sessions is less than the maximum number specified. The default value is 100 sessions.
-
sessionsPerIP
-
Specifies the number of sessions allowed for a given IP address. The default value is five sessions.
-
useIPMatching
-
Specifies whether the server should verify that the IP address matches that of the original creator of the session when the client requests a session ID. The default value is true.
-
useCredentialMatching
-
Specifies whether the server should verify that the user credentials match those of the original creator of the session when the client requests a session ID. The default value is true.
-
timeToLive
-
Specifies the time, in seconds, that the session should live before it is declared to be expired. Each client request with the session ID revitalizes the TTL. If there is no activity beyond the TTL, the session will end. The default value is 600 seconds.
Related topics