Administrative and unified access

The administration port and unified connection handler ports accept both LDAP and HTTP requests.

The administration port

DS servers require you specify an administration port when setting up the server. This documentation shows the default administration port as 4444.

Use this port to manage the server configuration and run server tasks. You can use the same port for administrative HTTPS requests, such as Prometheus queries and Kubernetes probes.

The setup process creates an administration connector for the port. The administration connector accepts both LDAPS and HTTPS requests.

DS uses the keys generated at setup time to protect administrative connections. Client applications should trust the generated DS CA certificate to establish secure connections.

Additional unified connection handlers

You can configure a unified connection handler to listen for LDAP and HTTP on the same port. A unified connection handler accepts either cleartext (LDAP and HTTP) or TLS (LDAPS and HTTPS) requests, not both.

The following command creates a unified connection handler to listen on port 2389 for LDAP and HTTP:

$ dsconfig \
 create-connection-handler \
 --handler-name "LDAP-HTTP" \
 --type unified \
 --set enabled:true \
 --set listen-port:2389 \
 --hostname localhost \
 --port 4444 \
 --bindDN uid=admin \
 --bindPassword password \
 --trustStorePath /path/to/opendj/config/keystore \
 --trustStoreType PKCS12 \
 --trustStorePassword:file /path/to/opendj/config/keystore.pin \
 --no-prompt

The new connection handler accepts requests as soon as you create it.

PingDS

Administrative and unified access

The administration port

Additional unified connection handlers