debug object
The configuration entries which can be used to enable debugging within the container.
A boolean which is used to indicate whether debugging should be
enabled while bootstrapping the container.
FalseSpecifies the debug level to assign to the runtime. The value is a bit mask that controls which output is generated, with values from 1 to 65535.
0general object
The general configuration elements of the container.
admin object
The credential information of the server. This object is only used when the seed container is performing a migration of data and is ignored if the seed container is copying replica data.
The distinguished name of the user for the created LDAP instance.
cn=rootThe password of the user for the created LDAP instance. This field is only required when using the seed container to migrate data.
The contents of the key stash file (.ksf) which is used to protect data. This file should be provided if the seed container is being used to migrate data and cryptographic synchronisation is required. The key stash can either be obtained from a software based directory server installation, or a new one can be generated by starting this image with the 'keystash' argument. For example: 'docker run --rm icr.io/isvd/verify-directory-seed:latest keystash'. Please note that this will send a base-64 encoded version of the key stash to the console of the container.
license object required
The license key, required to run the container.
Which license agreement has been accepted, either 'limited' or 'standard' or 'enterprise'. To display a license agreement start the container with the 'license' command, for example: 'docker run --rm icr.io/isvd/verify-directory-seed:latest license standard'
Whether the logging and auditing messages should be formatted in JSON or not. Note that debug messages will not be formatted in JSON.
Falsepwd-policy object
The configuration entries associated with the password policy which is enforced by the server.
Indicates if the IBM Administrative Password Policy is ON.
TrueSpecifies the number of seconds after which the password failures are purged from the failure counter, even though no successful authentication occurred.
0Enables replication of security attributes between master and read-only replica so that password policy for account lockout can be strongly enforced in replication topologies.
TrueSpecifies the number of seconds that the password cannot be used to authenticate due to too many failed bind attempts.
300Specifies the maximum number of consecutive repeated characters in the password field.
2Specifies the number of consecutive failed bind attempts after which the password may not be used to authenticate.
10Specifies the maximum number of repeated characters allowed.
2Specifies the minimum number of characters required for a users password.
2Specifies the minimum number of different (unique) characters required for a users password.
2Specifies the minimum number of characters that must be used in a password.
8Specifies the minimum number of other characters required.
2advanced object
The configuration entries associated with rules for advanced password syntax checking.
Specifies whether the password can contain spaces.
Specifies that the password cannot be the same, or contain the value of the configured login attribute. The login attribute is configured by using the login-attribute configuration entry. It is set to the name of the LDAP attribute, such as UID that is used as the user ID attribute for users. Note: Enabling this rule might have a performance impact on the user password update operation. To process this rule, an internal search is done on the user to obtain the value of the login attribute. It then checks whether the specified password is the same, or contains the value of the login attribute.
The name of the attribute which contains the user identity. This is used by the no-user-id rule.
Specifies the minimum number of special characters that a password must contain.
Specifies the minimum number of numeric characters that a password must contain.
Specifies the minimum number of lowercase characters that a password must contain.
Specifies the minimum number of uppercase characters that a password must contain.
Specifies the maximum number of ascending characters that a password can contain. The characters can be alphabetic or numeric.
Specifies the maximum number of descending characters that a password can contain. The characters can be alphabetic or numeric.
Specifies a custom password policy written in the Lua scripting language.
general:
pwd-policy:
enabled: true
lockout: false
lock-duration: 1800
max-failures: 5
min-length: 5
failure-count-interval: 0
max-consecutive-repeated-chars: 2
max-repeated-chars: 2
min-alpha-chars: 2
min-diff-chars: 2
min-other-chars: 2
schemas array
Any additional schema files (.ot or .at) which will be added to the server. The schema files specified here can also be used to replace the IBM Verify Directory standard schema files. Please note however that if you supply a schema file in the YAML this schema should not be subsequently modified using an LDAP modify operation, otherwise the updates will be lost when the container next starts.
stringThe name of a schema file (.ot or .at). The file must exist within the container file system.
general: schemas: - /volume/data/custom.at - /volume/data/custom.oc - /volume/data/V3.ibm.at
general:
license:
key: VGVzdDotMTowOjCCAaQG...
accept: standard
key-stash: B64:GAAAAHM1Q2lqMC...
admin:
pwd: passw0rd1
seed object
The configuration entries associated with the seed container, used to seed a container environment with data.
migrate object
The configuration entries associated with the seed container when performing a migration.
suffixes array
An array of strings, used to designate the custom suffixes which are being migrated.
stringA custom suffix which is to be migrated.
The version of the directory server from which the seed data was obtained. If no version information is supplied it is assumed that the seed data has been obtained from the current version of the directory server.
Specifies whether to process the ACL information that is contained in the LDIF file. If set to false the default ACL is used.
TrueControls whether the index should be created or not.
FalseControls whether the existing index is dropped before the load operation starts.
FalseControls whether trailing spaces are stripped in attribute values.
TrueControls whether members are added to existing static groups. This must not be set to true if a value has been supplied for the parse-load-cycle-size entry.
FalseSpecifies the number of entries to process in one parse-load cycle. If a value is not supplied all of the entries will be loaded in a single cycle. This must not be set if the add-group-members entry has been set to true.
Specifies the string delimiting character that is used for importing.
|Specifies whether to translate entry data to database code page. Note: This parameter is necessary only when you use a database other than UTF-8.
FalseVerifies whether the directory entries are valid based on the object class definitions and attribute type definitions in the configuration files. Schema checking verifies that all object classes and attributes are defined. It also checks whether the attributes that are specified for each entry comply with the list of required and allowed attributes in the object class definition. Also verifies whether the binary attribute values are in the correct 64-bit encoded form.
Falseseed:
migrate:
suffixes:
- dc=com
replica object
The configuration entries associated with the seed container when initialising a new replica.
Specifies whether to attempt to clean out any existing data from the '/var/isvd/data' directory prior to setting up the replica.
Falseseed:
replica:
clean: true
Specifies whether to migrate ibmslapd.conf file to YAML.
Falseseed:
migrate:
suffixes:
- dc=com
seed:
replica:
clean: true
seed: conf-to-yaml: true