Directory Services 7.4.3

JE Backend

A JE Backend stores application data in a Berkeley DB Java Edition database.

It is the traditional "directory server" backend and is similar to the backends provided by the Sun Java System Directory Server. The JE Backend stores the entries in an encoded form and also provides indexes that can be used to quickly locate target entries based on different kinds of criteria.

Parent

The JE Backend object inherits from Pluggable Backend.

JE Backend properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

backend-id
base-dn
compact-encoding
confidentiality-enabled
db-cache-percent
db-cache-size
db-directory
enabled
writability-mode

cipher-key-length
cipher-transformation
db-cache-mode
db-checkpointer-bytes-interval
db-checkpointer-wakeup-interval
db-cleaner-min-utilization
db-directory-permissions
db-durability
db-evictor-core-threads
db-evictor-keep-alive
db-evictor-max-threads
db-log-file-max
db-log-filecache-size
db-log-verifier-schedule
db-logging-file-handler-on
db-logging-level
db-num-cleaner-threads
db-num-lock-tables
db-run-cleaner
db-run-log-verifier
disk-full-threshold
disk-low-threshold
entries-compressed
import-offheap-memory-size
index-entry-limit
index-filter-analyzer-enabled
index-filter-analyzer-max-filters
java-class
je-property

Basic properties

Use the --advanced option to access advanced properties.

backend-id

Synopsis

Specifies a name to identify the associated backend.

Description

The name must be unique among all backends in the server. The backend ID may not be altered after the backend is created in the server.

Default value

None

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

Yes

base-dn

Synopsis

Specifies the base DN(s) for the data that the backend handles.

Description

A single backend may be responsible for one or more base DNs. Note that no two backends may have the same base DN although one backend may have a base DN that is below a base DN provided by another backend (similar to the use of sub-suffixes in the Sun Java System Directory Server). If any of the base DNs is subordinate to a base DN for another backend, then all base DNs for that backend must be subordinate to that same base DN.

Default value

None

Allowed values

A valid DN.

Multi-valued

Yes

Required

Yes

Admin action required

None

No administrative action is required by default although some action may be required on a per-backend basis before the new base DN may be used.

Advanced

No

Read-only

No

compact-encoding

Synopsis

Indicates whether the backend should use a compact form when encoding entries by compressing the attribute descriptions and object class sets.

Description

Note that this property applies only to the entries themselves and does not impact the index data. It will also replace the attribute descriptions used in add and modify operations with normalized ones from the schema.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.

Advanced

No

Read-only

No

confidentiality-enabled

Synopsis

Indicates whether the backend should make entries in database files readable only by Directory Server.

Description

Confidentiality is achieved by encrypting entries before writing them to the underlying storage. Entry encryption will protect data on disk from unauthorised parties reading the files; for complete protection, also set confidentiality for sensitive attributes indexes. The property cannot be set to false if some of the indexes have confidentiality set to true.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

db-cache-percent

Synopsis

Specifies the percentage of JVM memory to allocate to the database cache.

Description

Specifies the percentage of memory available to the JVM that should be used for caching database contents. Note that this is only used if the value of the db-cache-size property is set to "0 MB". Otherwise, the value of that property is used instead to control the cache size configuration. Note also that this option is ignored if the global option je-backend-shared-cache-enabled is true.

Default value

50

Allowed values

An integer.

Lower limit: 1.

Upper limit: 90.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

db-cache-size

Synopsis

The amount of JVM memory to allocate to the database cache.

Description

Specifies the amount of memory that should be used for caching database contents. A value of "0 MB" indicates that the db-cache-percent property should be used instead to specify the cache size. Note also that this option is ignored if the global option je-backend-shared-cache-enabled is true.

Default value

0 MB

Allowed values

Uses size syntax.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

db-directory

Synopsis

Specifies the path to the filesystem directory that is used to hold the Berkeley DB Java Edition database files containing the data for this backend.

Description

The path may be either an absolute path or a path relative to the directory containing the base of the OpenDJ directory server installation. The path may be any valid directory path in which the server has appropriate permissions to read and write files and has sufficient space to hold the database contents.

Default value

db

Allowed values

A string.

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the backend is enabled in the server.

Description

If a backend is not enabled, then its contents are not accessible when processing operations.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

writability-mode

Synopsis

Specifies the behavior that the backend should use when processing write operations.

Default value

enabled

Allowed values

  • disabled: Causes all write attempts to fail.

  • enabled: Allows write operations to be performed in that backend (if the requested operation is valid, the user has permission to perform the operation, the backend supports that type of write operation, and the global writability-mode property is also enabled).

  • internal-only: Causes external write attempts to fail but allows writes by replication and internal operations.

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

cipher-key-length

Synopsis

Specifies the key length in bits for the preferred cipher.

Default value

128

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-only

No

cipher-transformation

Synopsis

Specifies the cipher for the directory server using the syntax algorithm/mode/padding.

Description

The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms do not have a mode or padding, hence the fields must be specified using NONE as mode and NoPadding as padding. For example, ChaCha20/NONE/NoPadding.

Default value

AES/GCM/NoPadding

Allowed values

The cipher transformation.

Multi-valued

No

Required

No

Admin action required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced

Yes

Read-only

No

db-cache-mode

Synopsis

The strategy that will be used for caching database content in memory.

Description

Specifies whether the database heap cache should keep only internal nodes or both internal and leaf nodes.

Default value

cache-ln

Allowed values

  • adaptive: Regularly check the database and cache metrics and set the best cache mode accordingly.

  • cache-ln: Keep both internal and leaf nodes in the database heap cache. This can improve performance when the database is relatively small and when the database fits entirely into the database cache. This mode requires the cache to be rebuilt after each restart.

  • evict-ln: Keep only internal nodes in the database heap cache. Leaf nodes will only be cached by the file system. This mode improves performance most when the database is too big to fit entirely into the database cache, or when the cache size would require an overly large JVM heap. This mode has the advantage of keeping the cache hot between restarts.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-checkpointer-bytes-interval

Synopsis

Specifies the maximum number of bytes that may be written to the database before it is forced to perform a checkpoint.

Description

This can be used to bound the recovery time that may be required if the database environment is opened without having been properly closed. If this property is set to a non-zero value, the checkpointer wakeup interval is not used. To use time-based checkpointing, set this property to zero.

Default value

500mb

Allowed values

Uses size syntax.

Upper limit: 9223372036854775807.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-checkpointer-wakeup-interval

Synopsis

Specifies the maximum length of time that may pass between checkpoints, when there are updates to the database.

Description

Note that this is only used if the value of the checkpointer bytes interval is zero.

Default value

30s

Allowed values

Lower limit: 1 seconds.

Upper limit: 4500 seconds.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-cleaner-min-utilization

Synopsis

Specifies the occupancy percentage for "live" data in this backend’s database.

Description

When the amount of "live" data in the database drops below this value, cleaners will act to increase the occupancy percentage by compacting the database.

Default value

50

Allowed values

An integer.

Lower limit: 0.

Upper limit: 90.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-directory-permissions

Synopsis

Specifies the permissions that should be applied to the directory containing the server database files.

Description

They should be expressed as three-digit octal values, which is the traditional representation for UNIX file permissions. The three digits represent the permissions that are available for the directory’s owner, group members, and other users (in that order), and each digit is the octal representation of the read, write, and execute bits. Note that this only impacts permissions on the database directory and not on the files written into that directory. On UNIX systems, the user’s umask controls permissions given to the database files.

Default value

700

Allowed values

Any octal value between 700 and 777 (the owner must always have read, write, and execute permissions on the directory).

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-durability

Synopsis

Configures the durability level that will be used when committing a transaction.

Description

High levels of durability offer a greater guarantee that the transaction is persisted to disk, but trade that off for lower performance.

Default value

medium

Allowed values

  • high: Write and synchronously flush the log on transaction commit. Transactions exhibit full durability and will not be lost if the application or operating system fails.

  • low: Do not write or synchronously flush the log on transaction commit. Database integrity will be maintained, but if the application or system fails, it is possible some number of the most recently committed transactions may be undone (lost) during recovery.

  • medium: Write but do not synchronously flush the log on transaction commit. Database integrity will be maintained, but if the operating system fails, it is possible some number of the most recently committed transactions may be undone (lost) during recovery.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-evictor-core-threads

Synopsis

Specifies the core number of threads in the eviction thread pool.

Description

Specifies the core number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.

Default value

1

Allowed values

An integer.

Lower limit: 0.

Upper limit: 2147483647.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-evictor-keep-alive

Synopsis

The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate.

Description

The duration that excess threads in the eviction thread pool will stay idle. After this period, idle threads will terminate. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.

Default value

600s

Allowed values

Lower limit: 1 seconds.

Upper limit: 86400 seconds.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-evictor-max-threads

Synopsis

Specifies the maximum number of threads in the eviction thread pool.

Description

Specifies the maximum number of threads in the eviction thread pool. These threads help keep memory usage within cache bounds, offloading work from application threads. db-evictor-core-threads, db-evictor-max-threads and db-evictor-keep-alive are used to configure the core, max and keepalive attributes for the eviction thread pool.

Default value

10

Allowed values

An integer.

Lower limit: 1.

Upper limit: 2147483647.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-log-file-max

Synopsis

Specifies the maximum size of each individual database log file.

Default value

1gb

Allowed values

Uses size syntax.

Lower limit: 1000000.

Upper limit: 2147483648.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-log-filecache-size

Synopsis

Specifies the size of the file handle cache.

Description

The file handle cache is used to keep as much opened log files as possible. When the cache is smaller than the number of logs, the database needs to close some handles and open log files it needs, resulting in less optimal performances. Ideally, the size of the cache should be higher than the number of files contained in the database. Make sure the OS number of open files per process is also tuned appropriately.

Default value

200

Allowed values

An integer.

Lower limit: 3.

Upper limit: 2147483647.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-log-verifier-schedule

Synopsis

Specifies when the background log verifier should run if enabled. By default, verification is performed every day at midnight, local time.

Description

The schedule is specified using a Crontab style format string as defined in https://en.wikipedia.org/wiki/Cron#Configuration_file. Note that times and dates are specified in local time, not UTC time. If the verifier is already running at the scheduled time, the scheduled run is skipped.

Default value

0 0 * * *

Allowed values

A crontab format string (minute hour day month dayofweek).

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-logging-file-handler-on

Synopsis

Indicates whether the database should maintain a je.info file in the same directory as the database log directory.

Description

This file contains information about the internal processing performed by the underlying database.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-logging-level

Synopsis

Specifies the log level that should be used by the database when it is writing information into the je.info file.

Description

The database trace logging level is (in increasing order of verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE, FINER, FINEST, ALL.

Default value

CONFIG

Allowed values

A string.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-num-cleaner-threads

Synopsis

Specifies the number of threads that the backend should maintain to keep the database log files at or near the desired utilization.

Description

In environments with high write throughput, multiple cleaner threads may be required to maintain the desired utilization.

Default value

Let the server decide.

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-num-lock-tables

Synopsis

Specifies the number of lock tables that are used by the underlying database.

Description

This can be particularly important to help improve scalability by avoiding contention on systems with large numbers of CPUs. The value of this configuration property should be set to a prime number that is less than or equal to the number of worker threads configured for use in the server.

Default value

Let the server decide.

Allowed values

An integer.

Lower limit: 1.

Upper limit: 32767.

Multi-valued

No

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

db-run-cleaner

Synopsis

Indicates whether the cleaner threads should be enabled to compact the database.

Description

The cleaner threads are used to periodically compact the database when it reaches a percentage of occupancy lower than the amount specified by the db-cleaner-min-utilization property. They identify database files with a low percentage of live data, and relocate their remaining live data to the end of the log.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

db-run-log-verifier

Synopsis

Indicates whether the background verifier should verify checksums in the database log.

Description

If enabled, the entire log is periodically read sequentially and verified. The schedule can be controlled using the db-log-verifier-schedule property. If the verification process detects backend database corruption then the server logs an error message and the backend is taken offline. The corrupted backend should be restored from backup before it can be used again.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

disk-full-threshold

Synopsis

Full disk threshold to limit database updates

Description

When the available free space on the disk used by this database instance falls below the value specified, no updates are permitted and the server returns an UNWILLING_TO_PERFORM error. Updates are allowed again as soon as free space rises above the threshold.

Default value

5% of the filesystem size, plus 1 GB

Allowed values

Uses size syntax.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

disk-low-threshold

Synopsis

Low disk threshold to limit database updates

Description

Specifies the "low" free space on the disk. When the available free space on the disk used by this database instance falls below the value specified, protocol updates on this database are permitted only by a user with the BYPASS_LOCKDOWN privilege.

Default value

5% of the filesystem size, plus 5 GB

Allowed values

Uses size syntax.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

entries-compressed

Synopsis

Indicates whether the backend should attempt to compress entries before storing them in the database.

Description

Note that this property applies only to the entries themselves and does not impact the index data. Further, the effectiveness of the compression is based on the type of data contained in the entry.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Changes to this setting take effect only for writes that occur after the change is made. It is not retroactively applied to existing data.

Advanced

Yes

Read-only

No

import-offheap-memory-size

Synopsis

Specifies the amount of off-heap memory dedicated to the online operation (import-ldif, rebuild-index).

Default value

Use only heap memory.

Allowed values

Uses size syntax.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

index-entry-limit

Synopsis

Specifies the maximum number of entries that is allowed to match a given index key before that particular index key is no longer maintained.

Description

This property is analogous to the ALL IDs threshold in the Sun Java System Directory Server. Note that this is the default limit for the backend, and it may be overridden on a per-attribute basis. A value of 0 means there is no limit. Changing the index entry limit significantly can result in serious performance degradation. Please read the documentation before changing this setting.

Default value

4000

Allowed values

An integer.

Lower limit: 0.

Upper limit: 2147483647.

Multi-valued

No

Required

No

Admin action required

None

If any index keys have already reached this limit, indexes need to be rebuilt before they are allowed to use the new limit.

Advanced

Yes

Read-only

No

index-filter-analyzer-enabled

Synopsis

Indicates whether to gather statistical information about the search filters processed by the directory server while evaluating the usage of indexes.

Description

Analyzing indexes requires gathering search filter usage patterns from user requests, especially for values as specified in the filters and subsequently looking the status of those values into the index files. When a search requests is processed, internal or user generated, a first phase uses indexes to find potential entries to be returned. Depending on the search filter, if the index of one of the specified attributes matches too many entries (exceeds the index entry limit), the search becomes non-indexed. In any case, all entries thus gathered (or the entire DIT) are matched against the filter for actually returning the search result.

Default value

false

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

index-filter-analyzer-max-filters

Synopsis

The maximum number of search filter statistics to keep.

Description

When the maximum number of search filter is reached, the least used one will be deleted.

Default value

25

Allowed values

An integer.

Lower limit: 1.

Multi-valued

No

Required

No

Admin action required

None

Advanced

Yes

Read-only

No

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the backend implementation.

Default value

org.opends.server.backends.jeb.JEBackend

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.Backend

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

je-property

Synopsis

Specifies the database and environment properties for the Berkeley DB Java Edition database serving the data for this backend.

Description

Any Berkeley DB Java Edition property can be specified using the following form: property-name=property-value. Refer to OpenDJ documentation for further information on related properties, their implications, and range values. The definitive identification of all the property parameters is available in the example.properties file of Berkeley DB Java Edition distribution.

Default value

None

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No