Use writability mode to indicate whether the server allows clients to update the data in the server.
This can be configured through the writability-mode
property
in the global configuration, or through the writability-mode
property
for each backend. In either case, the property offers the following values:
enabled
- Indicates that writes are enabled.
disabled
-
Indicates that all write attempts are rejected, regardless of their origin.
internal-only
-
Indicates that write attempts from external clients are rejected, but writes received from replication or initiated internally within the server (for example, as a result of password policy state processing).
The writability mode defined in the global configuration applies only to user data backends. It will not apply to private backends, like the server configuration or schema.
If the writability-mode
values differ between the global
configuration and the backend configuration, then the server uses whichever property
is more restrictive. That is, if either one is set to disabled, then all write
attempts in that backend are rejected. If one is enabled and the other is set to
internal-only
, then the internal-only
mode is
used for that backend.
If you want to configure a PingDirectory server instance to be
a read-only replica, then you should use the internal-only
writability mode so that replication changes are still accepted but writes from
external clients are rejected. If you would prefer that the server generate a
referral for external each write attempt rather than rejecting it outright, then you
should create an instance of the “Referral on Update” plugin and specify the base
referral URLs that the server should use.