Lockdown mode provides a way for the server to be online so that administrators can investigate a problem or perform some disruptive administrative action, but in a manner that causes it to be unavailable to most clients.

The PingDirectory Server can automatically place itself in lockdown mode under certain circumstances. Some of these include:

  • If the access control handler encounters a malformed access control rule on startup. The server does its best to prevent invalid access control rules from being created, but if one does make it through, the server enters lockdown mode rather than running with a potentially incomplete access control policy.
  • If an unrecoverable error occurs while interacting with a backend database based on the unrecoverable-database-error-mode global configuration property.
  • If the server is missing replication changes that are no longer available in the replication database based on the lockdown-on-missed-replication-changes global configuration properly.
  • If available disk space gets too low, as determined by the disk space usage monitor provider’s low-space-error-size-threshold and low-space-error-percent-threshold properties.
  • If an error occurs while attempting to log a message based on the logging-error-behavior property in the log publisher configuration.

The server can also be placed in lockdown mode at any time using the enter-lockdown-mode command-line tool, or the enter lockdown mode administrative task that the tool uses behind the scenes. The start-server command also provides a --lockdownMode argument that can be used to make the server enter lockdown mode before startup completes.

Once the server enters lockdown mode, that mode stays in effect until the server is restarted or until the leave-lockdown-mode command or the underlying administrative task is used. Lockdown mode does not persist across server restarts unless it is automatically triggered by a condition that still exists after the restart.