In lockdown mode, only users with the lockdown-mode privilege can perform operations Users who do not have the privilege are rejected. By default, root users have this privilege. You can give other administrators this privilege. Users with this privilege can configure lockdown mode as a recurring task.

Some configuration problems can lead to inadvertent exposure of sensitive information, such as an access control rule that cannot be properly parsed, and cause the server to place itself in lockdown mode. This ensures that an administrator can manually correct the problem. Lockdown mode does not persist across restarts.

  • To perform some administrative operations and ensure that other client requests are not allowed to access any data in the server, manually place the Directory Server into lockdown mode.

    Any client request to the Directory Server in lockdown mode receives an Unavailable response.

  • To take the directory server out of lockdown mode, use either of the following options:
    • Use the leave-lockdown-mode command.
    • Restart the server.
  • To start a server in lockdown mode, use the start-server --lockdownMode option.