Lockdown mode
The PingDirectory server offers a lockdown mode in which it reports itself as unavailable and only allows requests from clients with the lockdown-mode
privilege.
Lockdown mode provides a way for the server to be online so that administrators can investigate a problem or perform some disruptive administrative action, but in a manner that causes it to be unavailable to most clients.
The PingDirectory server can automatically place itself in lockdown mode under certain circumstances. Some of these include:
-
If the access control handler encounters a malformed access control rule on startup. The server does its best to prevent invalid access control rules from being created, but if one does make it through, the server enters lockdown mode rather than running with a potentially incomplete access control policy.
-
If an unrecoverable error occurs while interacting with a backend database based on the
unrecoverable-database-error-mode
global configuration property. -
If available disk space gets too low, as determined by the disk space usage monitor provider’s low-space-error-size-threshold and low-space-error-percent-threshold properties.
-
If an error occurs while attempting to log a message based on the
logging-error-behavior
property in the log publisher configuration.
The server can also be placed in lockdown mode at any time using the enter-lockdown-mode
command-line tool, or the enter lockdown mode administrative task that the tool uses behind the scenes. The start-server command also provides a --lockdownMode
argument that can be used to make the server enter lockdown mode before startup completes.
After the server enters lockdown mode, that mode stays in effect until the server is restarted or until the leave-lockdown-mode
command or the underlying administrative task is used. Lockdown mode does not persist across server restarts unless it is automatically triggered by a condition that still exists after the restart.