IBM Verify Directory: Web Administration Tool

This page documents the YAML schema which can be used to configure a Verify Directory Web Administration Tool container.

The value of each YAML key entry can be provided in the YAML file as either plain text, base-64 encoded text (prefix: 'B64:'), retrieved from an environment variable (prefix: '$'), loaded from a local file (prefix: '@'), retrieved from a Kubernetes secret (format: secret:{name}/{field}), or retrieved from a Kubernetes ConfigMap (format: configmap:{name}/{field}).

In addition to this, each of the YAML keys can also be provided as an environment variable, using a normalized value of the key name as the environment variable name. For example, to set the server port the following environment variable can be set: 'general.ports.https'.

ℹ️ Click on section headers below to expand and view configuration details.

Configuration

debug object

The configuration entries which can be used to enable debugging within the container.

⚙️ Properties
startup boolean

A boolean which is used to indicate whether debugging should be
enabled while bootstrapping the container.

Default: False

general object

The general configuration elements of the container.

⚙️ Properties
license object required
⚙️ Properties
key string required

The license key, required to run the container.

accept string required

Which license agreement has been accepted, either 'limited' or 'standard' or 'enterprise'. To display a license agreement start the container with the 'license' command, for example: 'docker run --rm icr.io/isvd/verify-directory-webadmin:latest license standard'

Allowed values:
limited standard enterprise
ports object

The ports on which the server will listen for requests.

⚙️ Properties
http integer

The port on which the server will listen for HTTP requests. A value of '0' is used to indicate that the server should not listen for HTTP requests. Please note that the server can listen on ports lower than 1024, but in order to do so the container infrastructure must grant the container the necessary permissions.

Default: 0
https integer

The port on which the server will listen for HTTPS requests. A value of '0' is used to indicate that the server should not listen for HTTPS requests. Please note that the server can listen on ports lower than 1024, but in order to do so the container infrastructure must grant the container the necessary permissions.

Default: 9443
ssl object

SSL configuration details for the server.

⚙️ Properties
cert-label string

The label that identifies the servers Personal Certificate in the key database file. If the field is not specified the default certificate from the key file will be used by the server for SSL connections.

protocols array

The TLS protocol versions to enable for the connection. The options include:

  • TLS10: Transport Layer Security version 1.0.
  • TLS11: Transport Layer Security version 1.1.
  • TLS12: Transport Layer Security version 1.2.
  • TLS13: Transport Layer Security version 1.3.
Please note that the value is case sensitive.

Default: TLS12, TLS13
📋 Array Items
Type: string
validate-hostname boolean

This boolean value controls whether the hostname contained within the certificate which is received from a remote LDAP server is validated against the name of the host which is used to connect to the remote LDAP server. If validation is enabled, a connection will not be established with a server if the server hostname does not match the hostname (SANS or CN) found in the certificate.

Default: True
json-logging boolean

Whether the logging and auditing messages should be formatted in JSON or not.

Default: True
Examples:
Example 1
general:
  license:
    accept: standard
    key: VGVzd...
  ports:
    http: 0
    https: 9443

keyfile object

The configuration elements associated with the SSL key file. This will include any keys used by the server, along with any trusted certificates. A self-signed certificate will be created as the default certificate in the key file, with the label: 'self-signed-server'.

⚙️ Properties
keys array

Any private keys used by the server. The private key and associated certificate should be combined into a single configuration entry in PEM format, and the private key should not be protected by a password. By way of example, to create a private key using OpenSSL the following command can be executed:
'openssl req -nodes -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365`

The key and certificate can then be concatenated into a single file.

If this key is to be used as the main certificate served by the server the general.ssl.cert-label configuration entry must be set to the name of the label for the key.

📋 Array Items
key string required

The PEM encoded private key and public certificate.

label string required

The label which will be associated with this key.

trusted-certificates array

Any certificates which should be trusted by the server, in PEM format.

📋 Array Items
Type: string

A certificate which is to be trusted by the server, in PEM format.

Examples:
Example 1
keyfile:
  keys:
  - label: server-key
    key: '@/var/data/key.pem'
  trusted-certificates:
  - '@/var/data/ca_cert.pem'

webadmin object

The configuration entries associated with the Web Administration Tool container.

⚙️ Properties

servers array

The configuration entries associated with the servers which are being managed by the Web Administration Tool container.

📋 Array Items
label string

A label which is given to the server. If the label is missing the host field will be used as the label.

host string required

The hostname or IP address of the server.

port integer

The port on which the server is listening for requests.

Default: 636
secure boolean

Whether LDAPS will be used to communicate with the server.

Default: True
admin-port integer

The port on which the server is listening for administrative requests. If a value of 0 is specified the server is not considered to be running the administrative service.

Default: 3538
Examples:
Example 1
webadmin:
  servers:
  - label: test-ldap
    host: test-ldap.ibm.com
    port: 9389
    secure: false
    admin-port: 3538
searches object

Search configuration details for the application.

⚙️ Properties
max-attrs integer

The maximum number of attributes to be returned for an entry. A value of 0 indicates that an unlimited number of attributes will be returned.

Default: 0
max-attr-values integer

The maximum number of values to be returned for an attribute. A value of 0 indicates that an unlimited number of values will be returned.

Default: 0
session-lifetime integer

The lifetime of an authenticated session, in minutes.

Default: 60
expected-host string

This entry is used to indicate the HTTP 'host' header which is expected for all requests. The server will return an error if a HTTP request is received containing a different HTTP 'host' header. If this configuration entry is blank the server will accept all HTTP 'host' headers.

security-protocol string

The SSL or TLS protocol version to be used when contacting an LDAP server. Please note that the value is case sensitive.

Default: TLS12
Allowed values:
SSL_TLS SSLV3 TLS10 TLS11 TLS12 TLS13
components array

The components which have been enabled in the application. Please note that the value is case sensitive.

Default: all components
📋 Array Items
Type: string
Examples:
Example 1
webadmin:
  servers:
  - label: test-ldap
    host: test-ldap.ibm.com
    port: 9389
    secure: false
    admin-port: 3538
  session-lifetime: 60

Examples

Example 1
general:
  license:
    accept: standard
    key: VGVzd...
  ports:
    http: 0
    https: 9443
webadmin:
  servers:
  - label: test-ldap
    name: test-ldap.ibm.com
    port: 9389
    secure: false
    admin-port: 3538
  session-lifetime: 60
Copyright IBM Corp. 2026