--- title: Administration Connector description: The Administration Connector is used to interact with administration tools using LDAP. component: pingds version: 8.1 page_id: pingds:configref:objects-administration-connector canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-administration-connector.html section_ids: dependencies: Dependencies administration_connector_properties: Administration Connector properties basic_properties: Basic properties advertised-listen-address: advertised-listen-address allowed-client: allowed-client denied-client: denied-client key-manager-provider: key-manager-provider listen-address: listen-address listen-port: listen-port proxy-protocol-allowed-client: proxy-protocol-allowed-client proxy-protocol-enabled: proxy-protocol-enabled restricted-client: restricted-client restricted-client-connection-limit: restricted-client-connection-limit ssl-cert-nickname: ssl-cert-nickname ssl-cipher-suite: ssl-cipher-suite ssl-protocol: ssl-protocol trust-manager-provider: trust-manager-provider --- # Administration Connector The Administration Connector is used to interact with administration tools using LDAP. It is a dedicated entry point for administration. ## Dependencies Administration Connectors depend on the following objects: * [Key Manager Provider](objects-key-manager-provider.html) * [Trust Manager Provider](objects-trust-manager-provider.html) ## Administration Connector properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [advertised-listen-address](#advertised-listen-address) [allowed-client](#allowed-client) [denied-client](#denied-client) [key-manager-provider](#key-manager-provider) [listen-address](#listen-address) [listen-port](#listen-port) [proxy-protocol-allowed-client](#proxy-protocol-allowed-client) [proxy-protocol-enabled](#proxy-protocol-enabled) [restricted-client](#restricted-client) [restricted-client-connection-limit](#restricted-client-connection-limit) [ssl-cert-nickname](#ssl-cert-nickname) [ssl-cipher-suite](#ssl-cipher-suite) [ssl-protocol](#ssl-protocol) [trust-manager-provider](#trust-manager-provider) | ### Basic properties Use the `--advanced` option to access advanced properties. ### advertised-listen-address | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The advertised address(es) which clients should use for connecting to this Administration Connector. | | *Description* | Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted. | | *Default value* | None | | *Allowed values* | A hostname or an IP address. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### allowed-client | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | A set of clients who will be allowed to establish connections to this Administration Connector. | | *Description* | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. | | *Default value* | All clients with addresses that do not match an address on the deny list are allowed. If there is no deny list, then all clients are allowed. | | *Allowed values* | An IP address mask. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately and do not interfere with established connections. | | *Advanced* | No | | *Read-only* | No | ### denied-client | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | A set of clients who are not allowed to establish connections to this Administration Connector. | | *Description* | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration. | | *Default value* | If an allow list is specified, then only clients with addresses on the allow list are allowed. Otherwise, all clients are allowed. | | *Allowed values* | An IP address mask. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately and do not interfere with established connections. | | *Advanced* | No | | *Read-only* | No | ### key-manager-provider | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the name of the key manager that is used with the Administration Connector . | | *Default value* | None | | *Allowed values* | The name of an existing [key-manager-provider](objects-key-manager-provider.html).The referenced key manager provider must be enabled. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### listen-address | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The network interface(s) on which this Administration Connector should listen for incoming client connections. | | *Description* | Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces. | | *Default value* | 0.0.0.0 | | *Allowed values* | A hostname or an IP address. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### listen-port | | | | ----------------------- | --------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the port number on which the Administration Connector will listen for connections from clients. | | *Description* | Only a single port number may be provided. | | *Default value* | None | | *Allowed values* | An integer.Lower limit: 1.Upper limit: 65535. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### proxy-protocol-allowed-client | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | When the proxy protocol is enabled, this property represents the set of clients who will be allowed to establish connections to this Administration Connector and will be required to use proxy protocol. | | *Description* | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. | | *Default value* | If the proxy protocol is enabled then only clients with addresses matching an address on the proxy-protocol-allowed-client list and using proxy protocol are allowed. | | *Allowed values* | An IP address mask. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately and do not interfere with established connections. | | *Advanced* | No | | *Read-only* | No | ### proxy-protocol-enabled | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | Indicates whether the proxy protocol is enabled. | | *Description* | If enabled, the Administration Connector makes the server use proxy protocol for connections with a source IP address matching an address in the proxy-protocol-allowed-client list. | | *Default value* | false | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### restricted-client | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property. | | *Description* | Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration. | | *Default value* | No restrictions are imposed on the number of connections a client can open. | | *Allowed values* | An IP address mask. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately and do not interfere with established connections. | | *Advanced* | No | | *Read-only* | No | ### restricted-client-connection-limit | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the maximum number of connections a restricted client can open at the same time to this Administration Connector. | | *Description* | Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration. | | *Default value* | 100 | | *Allowed values* | An integer.Lower limit: 0. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately and do not interfere with established connections. | | *Advanced* | No | | *Read-only* | No | ### ssl-cert-nickname | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication. | | *Description* | The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Administration Connector is configured to use SSL. | | *Default value* | Let the server decide. | | *Allowed values* | A string. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### ssl-cipher-suite | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | Specifies the names of the SSL cipher suites that are allowed for use in SSL communication. | | *Default value* | Uses the default set of SSL cipher suites provided by the server's JVM. | | *Allowed values* | A string. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately but will only impact new SSL/TLS-based sessions created after the change. | | *Advanced* | No | | *Read-only* | No | ### ssl-protocol | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication. | | *Default value* | Uses the default set of SSL protocols provided by the server's JVM. | | *Allowed values* | A string. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | NoneChanges to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. | | *Advanced* | No | | *Read-only* | No | ### trust-manager-provider | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies the name(s) of the trust manager(s) that is used with the Administration Connector . | | *Default value* | None | | *Allowed values* | The name of an existing [trust-manager-provider](objects-trust-manager-provider.html).The referenced trust manager provider must be enabled. | | *Multi-valued* | Yes | | *Required* | Yes | | *Admin action required* | Restart the server for changes to take effect. | | *Advanced* | No | | *Read-only* | No |