Using the Main Configuration File


The main configuration file controls the characteristics of the TIBCO Enterprise Message Service server. This file is usually named tibemsd.conf, but you can specify another file name when starting the server. You can find more information about starting the server in the section Running the Server.

An example of the tibemsd.conf file is included in the bin directory of TIBCO Enterprise Message Service. You can edit this configuration file with a text editor. There are a few configuration items in this file that can be altered using the administration tool, but most configuration parameters must be set by editing the file (that is, the server does not write out changes to those parameters). See Chapter 8, Using the Administration Tool for more information about using the administration tool.

Several parameters accept boolean values. In the description of the parameter, one specific set of values is given (for example, enable and disable), but all parameters that accept booleans can have the following values:

Table 18 describes the parameters in tibemsd.conf. This table is meant to give a brief description of each parameter.

Table 18 Configuration parameters (Sheet 1 of 28)
Parameter Name
Description
Server Information
server
Name of server.
Server names are limited to at most 64 characters.
password
Password used to log in to other routed server
Initialization
startup_abort_list
This comma-separated list of tokens specifies conditions that cause the server to exit during its initialization sequence. When omitted, the default is the empty list—that is, the server ignores these conditions. You may specify any subset of these tokens:
  • SSL—If SSL initialization fails, then exit.
  • TRANSPORTS—If any of the transports cannot be created as specified in the configuration files, then exit.
  • CONFIG_FILES—If any configuration file listed in tibemsd.conf does not exist, then exit.
  • CONFIG_ERRORS—If the server detects any errors while reading the config files, then exit.
  • DB_FILES—If the server cannot find its store files, then exit.
Storage Files
store
The server stores data in files in this directory.

Example

store = /usr/tmp 
store_crc
Specifies whether the EMS server validates CRC checksum data when reading the store files.
store_minimum
store_minimum_sync
store_minimum_async
This set of parameters preallocates disk space for EMS store files. Preallocation occurs when the server first creates a store file.
You can specify units of KB, MB, or GB.
Zero is a special value, which specifies no minimum preallocation. Otherwise, the value you specify must be greater than or equal to 8MB.
If store_minimum_sync or store_minimum_async are absent, they default to store_minimum.
If store_truncate is enabled, these parameters limit truncation to minimum values.

Example

store_minimum_sync = 32MB 
store_truncate
Specifies whether the EMS server occasionally attempts to truncate the storage files, relinquishing unused disk space.
When enabled, the storage files may be truncated, but not below the size specified in the store_minimum parameters.
Flow Control
flow_control
Specifies whether flow control for destinations is enabled or disabled. By default, flow control is disabled.
When flow control is enabled, the flowControl property on each destination specifies the target maximum storage for pending messages on the destination.
See Flow Control for more information about flow control.
Connections and Memory
max_connections
Maximum number of simultaneous client connections.
Set to 0 to allow unlimited simultaneous connections.
max_msg_memory
Maximum memory the server can use for messages.
This parameter lets you limit the memory that the server uses for messages, so server memory usage cannot grow beyond the system’s memory capacity.
When msg_swapping is enabled, and messages overflow this limit, the server begins to swap messages from process memory to disk. Swapping allows the server to free process memory for incoming messages, and to process message volume in excess of this limit.
When the server swaps a message to disk, a small record of the swapped message remains in memory. If all messages are swapped out to disk, and their remains still exceed this memory limit, then the server has no room for new incoming messages. The server stops accepting new messages, and send calls in message producers result in an error. (This situation probably indicates either a very low value for this parameter, or a very high message volume.)
Specify units as KB, MB or GB. The minimum value is 8MB. Zero is a special value, indicating no limit.
Example
max_msg_memory = 512MB 
msg_swapping
This parameter enables and disables the message swapping feature (described above at max_msg_memory).
The default value is enabled, unless you explicitly set it to disabled.
reserve_memory = size
When non-zero, the daemon allocates a block of memory for use in emergency situations. When the daemon process exhausts storage resources, it disables clients from producing new messages, and frees this block of memory to allow consumers to continue operation (which tends to free memory).
Specify size in units of MB or GB. When non-zero, the minimum block is 16MB. When absent, the default is zero.
msg_pool_block_size size
msg_pool_size size
To lessen the overhead costs associated with malloc and free, the server pre-allocates pools of storage for messages. These parameters determine the behavior of these pools. Performance varies depending on operating system platform and usage patterns.
The size argument determines the approximate number of internal message structs that a block or pool can accommodate (not the number of bytes).
msg_pool_block_size instructs the server to allocate an expandable pool. Each time the server exhausts the pool, the server increases the pool by this size, as long as additional storage is available. The value may be in the range 32 to 64K.
msg_pool_size instructs the server to allocate a fixed pool. After the server exhausts this pool, the server calls malloc each time it requires additional storage. The value may be in the range 16K to 1024M.
When neither parameter is present, the default is msg_pool_block_size 128 (an expandable pool).
These two parameters represent two different and mutually exclusive modes for allocating storage pools. You may specify at most one of these two parameters; it is illegal to set both parameters explicitly.
Detecting Network Connection Failure

This feature lets servers and clients detect network connection failures quickly. This feature is new in release 4.0; it is disabled when either entity is from an earlier release.

When these parameters are absent, or this feature is disabled, tibemsd closes a connection only upon the operating system notification.

client_heartbeat interval
In a server-to-client connection, clients send heartbeats at this interval (in seconds).
When omitted or zero, the default is 5 seconds.
client_connection_timeout limit
In a server-to-client connection, if the server does not receive a heartbeat for a period exceeding this limit (in seconds), it closes the connection.
We recommend setting this value to approximately 3.5 times the heartbeat interval.
Zero is a special value, which disables heartbeat detection in the server (although clients still send heartbeats).
server_heartbeat interval
In a server-to-server connection, this server sends heartbeats at this interval (in seconds).
The two servers can be connected either by a route, or as a fault-tolerant pair.
server_connection_timeout limit
In a server-to-server connection, if this server does not receive a heartbeat for a period exceeding this limit (in seconds), it closes the connection.
We recommend setting this value to approximately 3.5 times the heartbeat interval of the other server. When the other server or the network are heavily loaded, or when client programs send very large messages, we recommend a larger multiple.
Listen Ports
listen
Format is protocol://servername:port

Example

listen=tcp://localhost:7222 

You can use multiple entries for listen if you have computers with multiple interfaces

If you are enabling SSL, for example:

listen=ssl://localhost:7222 
Authorization
See Chapter 9, Authentication and Permissions for more information about these parameters.
authorization
Authorization is disabled by default. If you require that the server verify user credentials and permissions on secure destinations, you must enable this parameter.

Example

authorization= enabled 
user_auth
When a user attempts to authenticate to the EMS server, this parameter specifies the source of authentication information. This parameter can have one or more of the following values (separated by comma characters):
  • local—obtain user authentication information from the local EMS server user configuration.
  • ldap—obtain user authentication information from an LDAP directory server (see the LDAP-specific configuration parameters).
Each time a user attempts to authenticate, the server seeks corresponding authentication information from each of the specified locations in the order that this parameter specifies. The EMS server accepts successful authentication using any of the specified sources.
Routing
See Chapter 14, Working With Routes for more information about routing.
routing
Route configuration is in the routes configuration file. This parameter enables or disables routing functionality for this server.

Example

routing = enabled 
Fault Tolerance Parameters
See Chapter 13, Fault Tolerance for more information about these parameters.
ft_active 
Name of the active server. If this server can connect to the active server, it will act as a backup server. If this server cannot connect to the active server, it will become the active server.
ft_heartbeat 
Heartbeat signal for the active server, in seconds. Default is 3.
ft_activation 
Activation interval (maximum length of time between heartbeat signals) which indicates that active server has failed. Set in seconds: default is 10. This interval should be set to at least twice the heartbeat interval.

Example

ft_activation = 60 
ft_reconnect_timeout 
The amount of time (in seconds) that a backup server waits for clients to reconnect (after it assumes the role of primary server in a failover situation). If a client does not reconnect within this time period, the server removes its state is removed from the shared state files.
The default value of this parameter is 60.
ft_ssl_identity 
The server’s digital certificate in PEM, DER, or PKCS#12 format. You can copy the digital certificate into the specification for this parameter, or you can specify the path to a file that contains the certificate in one of the supported formats.
See File Names for Certificates and Keys for more information on file types for digital certificates.
ft_ssl_issuer 
Certificate chain member for the server. Supply the entire chain, including the CA root certificate. The server reads the certificates in the chain in the order they are presented in this parameter.
The certificates must be in PEM, DER, PKCS#7, or PKCS#12 format.
See File Names for Certificates and Keys for more information on file types for digital certificates.
ft_ssl_private_key
The server’s private key. If it is included in the digital certificate in ft_ssl_identity, then this parameter is not needed.
This parameter supports private keys in the following formats: PEM, DER, PKCS#12.
You can specify the actual key in this parameter, or you can specify a path to a file that contains the key.
See File Names for Certificates and Keys for more information on file types for digital certificates.
ft_ssl_password  
Private key or password for private keys.
You can set passwords by way of the tibemsadmin tool. When passwords are set with this tool, the password is obfuscated in the configuration file. See Chapter 8, Using the Administration Tool for more information about using tibemsadmin to set passwords.
ft_ssl_trusted 
List of trusted certificates. This sets which Certificate Authority certificates should be trusted as issuers of the client certificates.
The certificates must be in PEM, DER, or PKCS#7 format. You can either provide the actual certificates, or you can specify a path to a file containing the certificate chain.
See File Names for Certificates and Keys for more information on file types for digital certificates.
ft_ssl_rand_egd 
The path for the installed entropy gathering daemon (EGD), if one is installed. This daemon is used to generate random numbers for the TIBCO Enterprise Message Service server.
ft_ssl_verify_host  
Specifies whether the fault-tolerant server should verify the other server’s certificate. The values for this parameter are enabled or disabled. By default, this parameter is enabled, signifying the server should verify the other server’s certificate.
When this parameter is set to disabled, the server establishes secure communication with the other fault-tolerant server, but does not verify the server’s identity.
ft_ssl_verify_hostname  
Specifies whether the fault-tolerant server should verify the name in the CN field of the other server’s certificate. The values for this parameter are enabled and disabled. By default, this parameter is enabled, signifying the fault-tolerant server should verify the name of the connected host or the name specified in the ft_ssl_expected_hostname parameter against the value in the server’s certificate. If the names do not match, the connection is rejected.
When this parameter is set to disabled, the fault-tolerant server establishes secure communication with the other server, but does not verify the server’s name.
ft_ssl_expected_hostname 
Specifies the name the server is expected to have in the CN field of the fault-tolerant server’s certificate. If this parameter is not set, the expected name is the hostname of the server.
This parameter is used when the ft_ssl_verify_hostname parameter is set to enabled.
ft_ssl_ciphers 
Specifies the cipher suites used by the server; each suite in the list is separated by a colon (:). This parameter can use the OpenSSL name for cipher suites or the longer, more descriptive names.
See Specifying Cipher Suites for more information about the cipher suites available in TIBCO Enterprise Message Service and the OpenSSL names and longer names for the cipher suites.
Message Tracking Information
track_message_ids
Tracks messages by message ID. Default is disabled.
Enabling this parameter allows you to display messages using the show message <messageID> command in the administration tool.
track_correlation_ids
Tracks messages by correlation ID. Disabled by default.
Enabling this parameter allows you to display messages using the show messages <correlationID> command in the administration tool.
TIBCO Rendezvous
tibrv_transports
Specifies whether TIBCO Rendezvous transports defined in transports.conf are enabled or disabled.
Unless you explicitly set this parameter to enabled, the default value is disabled—that is, all transports are disabled and will neither send messages to external systems nor receive message from them.
tibrv_xml_import_as_string
When importing messages from Rendezvous, tibemsd translates XML fields to byte arrays. Releases earlier than 4.0 erroneously translated them to strings. If your client programs process XML as strings, then enable this parameter to revert to the earlier behavior (strings).
When absent, the default value is disabled (byte arrays).
(When importing from SmartSockets, XML fields translate to strings. This behavior is correct for SmartSockets, even though it differs from the correct behavior for Rendezvous.)
TIBCO SmartSockets
tibss_transports
Specifies whether TIBCO SmartSockets transports defined in transports.conf are enabled or disabled.
Unless you explicitly set this parameter to enabled, the default value is disabled—that is, all transports are disabled and will neither send messages to external systems nor receive message from them.
tibss_config_dir
Specifies the directory for SmartSockets configuration files and message files:
  • tal_ss.cat is a required file of messages. If it is missing, tibemsd outputs a warning message.
  • tibems_ss.cm is an optional file of SmartSockets RTclient configuration options.
When this parameter is absent, tibemsd searches for these files in its current working directory.
For more information about these files, see TIBCO SmartSockets User’s Guide.
Tracing and Log File Parameters
See Chapter 10, Monitoring Server Activity for more information about these parameters.
logfile 
Name and location of the log file.
log_trace 
Sets the trace preference on the file defined by the logfile parameter. If logfile is not set, the values are stored but have no effect.
The value of this parameter is a comma-separated list of trace options. For a list of trace options and their meanings, see Table 35, Server tracing options (Sheet 1 of 2).
You may specify trace options in three forms:
  • plain  A trace option without a prefix character replaces any existing trace options.
  • +  A trace option preceded by + adds the option to the current set of trace options.
  • -  A trace option preceded by - removes the option from the current set of trace options.
Examples

The following example sets the trace log to only show messages about access control violations.

log_trace=ACL 
  
The next example sets the trace log to show all default trace messages, in addition to SSL messages, but ADMIN messages are not shown.
log_trace=DEFAULT,-ADMIN,+SSL 
logfile_max_size 
Specifies the recommended maximum log file size before the log file is rotated. Set to 0 to specify no limit. Use KB, MB, or GB for units (if no units are specified, the file size is assumed to be in bytes).
The server periodically checks the size of the current log file. If it is greater than the specified size, the file is copied to a backup and then emptied. The server then begins writing to the empty log file until it reaches the specified size again.
Backup log files are named sequentially and stored in the same directory as the current log.
console_trace 
Sets trace options for output to stderr. The possible values are the same as for log_trace. However, console tracing is independent of log file tracing.
If logfile is defined, you can stop console output by specifying:
console_trace=-DEFAULT 
  
Note that important error messages (and some other messages) are always output, overriding the trace settings.
Examples
This example sends a trace message to the console when a TIBCO Rendezvous advisory message arrives.
console_trace=RVADV 
client_trace={enabled | disabled}
 [target=
<location>] [<filter>=<value>]
Administrators can trace a connection or group of connections. When this property is enabled, the server instructs each client to generate trace output for opening or closing a connection, message activity, and transaction activity. This type of tracing does not require restarting the client program.
Each client sends trace output to <location>, which may be either stderr (the default) or stdout.
You can specify a filter to selectively trace specific connections. The <filter> can be user, connid or clientid. The <value> can be a user name or ID (as appropriate to the filter).
When the filter and value clause is absent, the default behavior is to trace all connections.
Setting this parameter using the administration tool does not change its value in the configuration file tibemsd.conf; that is, the value does not persist across server restarts unless you set it in the configuration file.
trace_client_host = [hostname|address|both]
Trace statements related to connections can identify the host by its hostname, its IP address, or both.
When absent, the default is hostname.
Statistic Gathering Parameters

See Chapter 10, Monitoring Server Activity for more information about these parameters.

server_rate_interval

Sets the interval (in seconds) over which overall server statistics are averaged. This parameter can be set to any positive integer greater than zero.

Overall server statistics are always gathered, so this parameter cannot be set to zero. By default, this parameter is set to 1.

Setting this parameter allows you to average message rates and message size over the specified interval.

statistics

Enables or disables statistic gathering for producers, consumers, destinations, and routes. By default this parameter is set to disabled.

Disabling statistic gathering resets the total statistics for each object to zero.

rate_interval

Sets the interval (in seconds) over which statistics for routes, destinations, producers, and consumers are averaged. By default, this parameter is set to 3 seconds. Setting this parameter to zero disables the average calculation.

detailed_statistics

Specifies which objects should have detailed statistic tracking. Detailed statistic tracking is only appropriate for routes, producers that specify no destination, or consumers that specify wildcard destinations. When detailed tracking is enabled, statistics for each destination are kept for the object.

Setting this parameter to NONE disabled detailed statistic tracking. You can specify any combination of PRODUCERS, CONSUMERS, or ROUTES to enable tracking for each object. If you specify more than one type of detailed tracking, separate each item with a comma.

Examples

detailed_statistics = NONE 

Turns off detailed statistic tracking.

detailed_statistics = PRODUCERS,ROUTES 

Specifies detailed statistics should be gathered for producers and routes.

statistics_cleanup_interval

Specifies how long (in seconds) the server should keep detailed statistics if the destination has no activity. This is useful for controlling the amount of memory used by detailed statistic tracking. When the specified interval is reached, statistics for destinations with no activity are deleted.

max_stat_memory

Specifies the maximum amount of memory to use for detailed statistic gathering. If no units are specified, the amount is in bytes, otherwise you can specify the amount using KB, MB, or GB as the units.

Once the maximum memory limit is reached, the server stops collecting detailed statistics. If statistics are deleted and memory becomes available, the server resumes detailed statistic gathering.

SSL Server Parameters
See Chapter 12, Using the SSL Protocol for more information about these parameters.
ssl_dh_size 
Size of the Diffie-Hellman key. Can be 512, 768, 1024, or 2048 bits. The default value is 1024.
This key is not used for cipher suites available for export.
ssl_server_ciphers
Specifies the cipher suites used by the server; each suite in the list is separated by a colon (:). This parameter must follow the OpenSSL cipher string syntax.
For example, you can enable two cipher suites with the following setting:
ssl_server_ciphers = RC4-MD5:RC4-SHA 
See Specifying Cipher Suites for more information about the cipher suites available in TIBCO Enterprise Message Service and the syntax for specifying them in this parameter.
ssl_renegotiate_size
Key renegotiation is deprecated in release 4.3; it is not supported in release 5.0.
The server renegotiates for a new symmetric key when the cumulative size (in bytes) of the data that the server exchanges with a client reaches this threshold.
The minimum value for this parameter is 64Kb. You can specify Kb, Mb, or Gb for the units. For example:
ssl_renegotiate_size = 10Gb 
When neither of the two renegotiation parameters are set, the server does not initiate key renegotiation.
For more information, see Renegotiating the Session Key.
ssl_renegotiate_interval
Key renegotiation is deprecated in release 4.3; it is not supported in release 5.0.
The server renegotiates for a new symmetric key when the time (in seconds) since the last key negotiation reaches this threshold.
The minimum value is 15 seconds. For example, you can set this parameter as follows to renegotiate every 24 hours:
ssl_renegotiate_interval = 86400 
When neither of the two renegotiation parameters are set, the server does not initiate key renegotiation.
For more information, see Renegotiating the Session Key.
ssl_require_client_cert  
If this parameter is set to yes, the server only accepts SSL connections from clients that have digital certificates. Connections from clients without certificates are denied.
If this parameter is set to no, then connections are accepted from clients that do not have a digital certificate.
Whether this parameter is set to yes or no, clients that do have digital certificates are always authenticated against the certificates supplied to the ssl_server_trusted parameter.
ssl_use_cert_username  
If this parameter is set to yes, a client’s user name is always extracted from the CN field of the client’s digital certificate, if the digital certificate is specified.
The CN field is either a username, an email address, or a web address.
ssl_cert_user_specname 
This parameter is useful if clients are required to supply a username, but you wish to designate a special username to use when the client’s username should be taken from the client’s digital certificate.
For example, you may wish all clients to specify their username when logging in. This means the ssl_use_cert_username parameter would be set to no. The username is supplied by the user, and not taken from the digital certificate. However, you may wish one username to signify that the client logging in with that name should have the name taken from the certificate. A good example of this username would be anonymous. All clients logging in as anonymous will have their user names taken from their digital certificates.
The value specified by this parameter is the username that clients will use to log in when the username should be taken from their digital certificate. A good example of the value of this parameter would be anonymous.
Also, the value of this parameter is ignored if the ssl_use_cert_username parameter is specified. When that parameter is specified, all client usernames are taken from their certificates. This parameter has no effect for users that have no certificate.
ssl_server_identity 
The server’s digital certificate in PEM, DER, or PKCS#12 format. You can copy the digital certificate into the specification for this parameter, or you can specify the path to a file that contains the certificate in one of the supported formats.
This parameter must be specified if any SSL ports are listed in the listen parameter, or if the ssl_enabled parameter is set to true.
PEM and PKCS#12 formats allow the digital certificate to include the private key. If these formats are used and the private key is part of the digital certificate, then setting ssl_server_key is optional.
ssl_server_key 
The server’s private key. If it is included in the digital certificate in ssl_server_identity, then this parameter is not needed.
This parameter supports private keys in the following formats: PEM, DER, PKCS#12.
You can specify the actual key in this parameter, or you can specify a path to a file that contains the key.
ssl_password 
Private key or password for private keys.
This password can optionally be specified on the command line when tibemsd is started.
If SSL is enabled, and the password is not specified with this parameter or on the command line, tibemsd will ask for the password upon startup.
You can set passwords by way of the tibemsadmin tool. When passwords are set with this tool, the password is obfuscated in the configuration file. See Chapter 8, Using the Administration Tool for more information about using tibemsadmin to set passwords.
ssl_server_issuer 
Certificate chain member for the server. The server reads the certificates in the chain in the order they are presented in this parameter.
The same certificate can appear in multiple places in the certificate chain.
The certificates must be in PEM, DER, PKCS#7, or PKCS#12 format.
ssl_server_trusted 
List of CA root certificates the server trusts as issuers of client certificates.
Specify only CA root certificates. Do not include intermediate CA certificates.
The certificates must be in PEM, DER, or PKCS#7 format. You can either provide the actual certificates, or you can specify a path to a file containing the certificate chain.
Example
ssl_server_trusted = certs\CA1_root.pem 
ssl_server_trusted = certs\CA2_root.pem 
ssl_rand_egd 
The path for the installed entropy gathering daemon (EGD), if one is installed. This daemon is used to generate random numbers for C clients and the TIBCO Enterprise Message Service server. Java clients do not use this parameter.
ssl_rand_file 
File containing random data. This file can be used to generate random numbers.
ssl_crl_path
A non-null value for this parameter activates the server’s certificate revocation list (CRL) feature.
The server reads CRL files from this directory.
ssl_crl_update_interval
The server automatically updates its CRLs at this interval (in hours).
When this parameter is absent, the default is 24 hours.
ssl_auth_only
When enabled, the server allows clients to request the use of SSL only for authentication (to protect user passwords). For an overview of this feature, see SSL Authentication Only.
When disabled, the server ignores client requests for this feature. When absent, the default value is disabled.
LDAP General Parameters

See Chapter 9, Authentication and Permissions for more information about these parameters.

ldap_url
URL of the external directory server. This can take the following forms:
LDAP://<host>:<tcp_port> 
or
LDAPS://<host>:<ssl_port> 
For example:
LDAP://myLdapServer:1855 
ldap_principal
The distinguished name (DN) of the LDAP administrator. This is the user that the TIBCO Enterprise Message Service sever uses to bind to the LDAP server.
ldap_credential
The password associated with the user defined in the ldap_principal property. This value must be specified and cannot be an empty string.
ldap_cache_enabled
Enables caching of LDAP data.
ldap_cache_ttl
Specifies the maximum time (in seconds) that cached LDAP data is retained before it is refreshed.
LDAP Secure Connections
ldap_conn_type
Specifies they type of connection that the server uses to to get LDAP information.
  • When this parameter is absent, LDAP connections use TCP (non-secure). For backward compatibility, this is the default setting.
  • ldaps—Use SSL on the LDAP connection (secure).
  • startTLS—Use the startTLS extension to the LDAP version 3 protocol (secure).
ldap_tls_cacert_file
You must specify one of these two parameters for secure connections.
This file contains the CA certificate that the TIBCO EMS server trusts to sign the LDAP server’s certificate.
ldap_tls_cacert_dir
When there are two or more CA certificates in the verify chain, the server scans this directory for CA certificates.
ldap_tls_ciphers
Optional. You can specify the cipher suite to use for encryption on secure LDAP connections.
This parameter must follow the OpenSSL cipher string syntax; see Specifying Cipher Suites.
In addition to the actual cipher names, you may specify cipher quality; for example:
  • HIGH
  • HIGH:MEDIUM
ldap_tls_rand_file
When the operating system does not include a random data feature, this file is the source of random data for encryption.
ldap_tls_cert_file
When the LDAP server requires client authentication, use the certificate in this file to identify the TIBCO EMS server.
ldap_tls_key_file
When the LDAP server requires client authentication, use the private key in this file.
When you plan to start the server remotely, we recommend that you do not password-encrypt the key file.
LDAP User Parameters

See Chapter 9, Authentication and Permissions for more information about these parameters.

ldap_user_class
Name of the LDAP object class that stores users.
ldap_user_attribute
Name of the attribute on the user object class that holds the name of the user.
ldap_user_base_dn
Base distinguished name (DN) of the LDAP tree that contains the users.
ldap_user_scope
Specifies how deeply under the base DN to search for users. You can specify onelevel and subtree for this parameter. onelevel specifies to search only one level below the DN, subtree specifies to search all sub-trees.
ldap_user_filter
Optional LDAP search filter for finding a given user name. Use %s as the placeholder for the user name in the filter. For example:
uid=%s 
The full LDAP search grammar is specified in RFC 2254 and RFC 2251.
If unspecified, then a default search filter is generated based on the user object class and user name attribute.
ldap_all_users_filter
An optional LDAP search filter for finding all users beneath the user base DN.
If not specified, then a default search filter is generated based on the user object class and user name attribute.
LDAP Group parameters

See Chapter 9, Authentication and Permissions for more information about these parameters.

ldap_group_base_dn
Base distinguished name (DN) of the LDAP tree that contains groups.
ldap_group_scope
Specifies how deeply under the base DN to search for groups. You can specify onelevel and subtree for this parameter. onelevel specifies to search only one level below the DN, subtree specifies to search all sub-trees.
ldap_group_filter
Optional LDAP search filter for finding a group with a given group name. Use %s as the placeholder for the group name in the filter.
The full LDAP search grammar is specified in RFC 2254 2251.
If unspecified, then a default search filter is generated based on the group object class and group attribute.
ldap_all_groups_filter
Optional LDAP search filter for finding all groups beneath the group base DN.
If unspecified, then a default search filter is generated based on the group object class and group attribute.
ldap_static_group_class
Name of the LDAP object class that stores static groups.
ldap_static_group_attribute
Name of the attribute on the static group object class that holds the name of the group.
ldap_static_member_attribute
Attribute of an LDAP static group object that specifies the distinguished names (DNs) of the members of the group.
ldap_dynamic_group_class
Name of the LDAP object class that stores dynamic groups.
ldap_dynamic_group_attribute
Name of the attribute on the dynamic group object class that holds the name of the group.
ldap_dynamic_member_url_attribute
Attribute of the dynamic LDAP group object that specifies the URLs of the members of the dynamic group.
TIBCO Rendezvous Parameters—Deprecated
These parameters are deprecated. Please configure TIBCO Rendezvous import/export using the289
transports.conf file.
tibrv_bridge
Enables the bridge between TIBCO Enterprise Message Service and TIBCO Rendezvous. This parameter is disabled by default.
tibrv_service
TIBCO Rendezvous service number. By default, the value is 7500.
tibrv_network
TIBCO Rendezvous network number.
tibrv_daemon
service:hostname:portname. By default, the local daemon is used.

Example

tcp:hostname:7500 
tibrv_topic_import_dm
Sets the Delivery Mode of the topic (PERSISTENT, NON-PERSISTENT, RELIABLE).
tibrv_queue_import_dm
Sets the Delivery Mode of the queue (PERSISTENT, NON-PERSISTENT, RELIABLE).
tibrv_export_headers
Set this to false if you want to disable exporting JMS headers into TIBCO Rendezvous.
tibrv_export_properties
Set this to false if you want to disable exporting JMS properties into TIBCO Rendezvous.
tibrvcm_enable
Enables a RVCM bridge. Disabled by default.
tibrvcm_name
Name for the transport.
tibrvcm_ledger
Name for file-based ledger.
tibrvcm_sync_ledger
Set to true or false. If true, operations that update the ledger do not return until changes are written to the storage medium.
tibrvcm_request_old
Set to true or false. Determines whether a persistent correspondent requires delivery of previously-sent messages of the same name.
tibrvcm_default_ttl
Default time-to-live, in seconds.


TIBCO Enterprise Message Service™ User’s Guide
Software Release 4.3, February 2006
Copyright © TIBCO Software Inc. All rights reserved
www.tibco.com