Configuration of the TIBCO ActiveMatrix BPM Directory Engine

This table describes the properties listed in de.properties. Unless specified, the property value is set to the default value shown.

Note: If you have upgraded to this version of ActiveMatrix BPM from version 4.2.0 or earlier, the following properties are not automatically added to the de.properties file. The system behaves as if these properties were set with the indicated default values. If you want to use a non-default value for one of these properties, you must manually add the property to the file, with your required value:
  • LdapDNCaseInsensitive
  • ResourceQueryCleanerEnable
  • ResourceQueryCleanerStart
  • ResourceQueryCleanerInterval
  • ResourceQueryCleanerEnd
  • ResourceQueryCleanerLimit
  • ResourceQueryCleanerPause
  • restrictUserSettings
Properties in de.properties
Property Name Default Value Description
IgnoreCaseOnLogin
false Specifies if the authentication service should allow users to ignore case when logging in. This emulates how a typical Windows login is performed.
DisableAllPushDestinations
true

Disables the processing of Push Destinations throughout Directory Engine. Any attempt to read a push destination will result in no data being returned. Any attempt to modify or set a push destination will result in an error being reported

DisablePushDestinationsForResources
true

Disables the processing of Push Destinations throughout Directory Engine but only for Resources. Other organisational entities remain unaffected. See DisableAllPushDestinations for further details of the behavior.

SqlInClauseLimit
900 The maximum number of elements used within an SQL "in" clause. You may need to change this value if your database does not support such a large value.
NamedEntityCacheSize
50 The size of the NamedEntity ID sequence cache. See the section about sequence caching in the TIBCO ActiveMatrix BPM Performance Tuning Guide for the general effect of the size of ID sequence caches on system performance.
ResetModelCache
false Determines whether caches are reset for organization model deployments. Must be changed to ’true’ to clear the caches. If the setting is already ’true’ it will need to be changed to ’false’ and back to ’true’ again (after several seconds between each save) to ensure that the change is picked up and the clearance has been activated.
UserPropertyCacheSize
50 The size of the UserProperty ID sequence cache.
NameComparisonCase
Insensitive
false Determines whether comparisons of entity names are to be case-sensitive in situations such as RQL evaluation. By default they are case-sensitive, so custID would be different from CustId.
LdapDNCaseInsensitive
false Determines whether ActiveMatrix BPM treats attribute values in a user's LDAP distinguished name (DN) as case-sensitive (false) or case-insensitive (true) when searching for that user in the LDAP source.

If LdapDNCaseInsensitive is:

  • true, attribute values in the DN are treated as case insensitive - so cn=Value is the same as cn=value.
  • false, attribute values in the DN are treated as case sensitive - so cn=Value is different from cn=value.

When a BPM user is created from an LDAP source, ActiveMatrix BPM stores their DN and uses it when searching for that user in the LDAP source - for example, when displaying the list of BPM resources in an LDAP container in the Organization Browser, or when using the lookupUser operation in the EntityResolverService. If the case of any attribute value in that user's DN is subsequently changed in the LDAP source, and LdapDNCaseInsensitive is:

  • true, the user can still be found.
  • false, the user is flagged as a "missing resource".
Note: Setting LdapDNCaseInsensitive=true does not affect DN attribute names. ActiveMatrix BPM always treats DN attribute names as case-insensitive, so cn=Value is the same as CN=Value.
LdapIDCacheSize
50 The size of the cache for LDAP container sequence ID numbers.
LdapCacheTimeout
60000 The timeout period for the LDAP attributes cache, in milliseconds. A value of 0, or a negative number, disables the cache.
LdapCacheMaxAttributes
500 The maximum number of LDAP entries whose attributes to be cached. A value of 0, or a negative number, means that no maximum is applied.
LdapSearchPageSize
1000 Specifies whether paging of LDAP search results is supported, and the page size to be used.

Paging is a LDAPv3 extension (RFC 2696). You can determine whether an LDAP server supports paged results by examining the supported controls of the LDAP Server. If those controls do not contain the pagedResultsControl (uid:1.2.840.113556.1.4.319), paged results are disabled for searches against that LDAP server.

If the LDAP server you are using supports this extension, you can configure the page size by setting this property to a positive integer that specifies the maximum number of rows to be included in each page of the search results. This can avoid LDAP connection timeouts. If your LDAP server does not report that it supports paged results, paging is still disabled even if this property is positive.

Setting this property to 0 or a negative value disables the use of paged results across all LDAP servers.

Note: The LDAP server may impose its own page-size limit. If the LDAP server has a page-size specified (which is commonly 1000), and it is less than the value specified in the LdapSearchPageSize property, the LDAP server value takes precedence.
LdapBinaryAttributes
None Holds a list of the LDAP attributes, separated by spaces, that are to be treated as binary data. These are in addition to the binary attributes already pre-defined in the Java environment property java.naming.ldap.attributes.binary. See Use of Binary Attributes.
AdminLdapDn
uid\admin,
ou\=system Optional.

The LDAP Distinguished Name (DN) for the default internal user tibco-admin. See Configuring the Admin User.

OrgModelRestrictionsEnabled
None Enables, or disables, the organization access restrictions defined within LDAP Containers.

When disabled (the default) no restrictions will be placed on a user's access to organizations, or the entities within them.

When enabled, users will only have access to those organizations associated with the LDAP Container to which they belong, and to those organizations not associated with any LDAP Container.

restrictUserSettings
true Determines whether there are additional restrictions when calling the deleteUserSettings or saveUserSettings operations in the UserSettingsService to update user settings that are either managed by the Workspace application Configuration Administrator or are defined as part of a system view. If this property is set to true:
  • The applicationConfiguration system action is also needed to call the deleteUserSettings or saveUserSettings operations (this is in addition to the userAdmin system action, which is always needed to change user settings).
  • If the storageKey parameter is set to a GUID, it must be the GUID of the user making the call to deleteUserSettings or saveUserSettings. This prevents the user from deleting or saving user settings for other users.
Note: A System Administrator (that is, a user holding the "All System Actions" privilege) can delete or save the user settings for any user, even if the restrictUserSettings property is set to true.

For additional information, see "UserSettingsService" in the TIBCO ActiveMatrix BPM Developer's Guide.

The following properties are related to Resource Query Language (RQL) queries:
ResourceQueryBatchSize
50

The number of dynamic query entities updated in a single database transaction. Should be sufficiently large enough for performance but not too large that the database transaction limit is reached.

ResourceQueryCacheSize
50

The size of the cache for Resource Query ID sequence numbers.

ResourceQueryRetryLimit
5

The number of attempts to save a resource query in the database before reporting failure.

ResourceQueryRetryInterval
500

The period to wait between retries if an attempt to save a resource query in the database fails. Specified in milliseconds.

ResourceQueryVersion
2*

Specifies the version number of the RQL expression algorithm, which determines the way in which RQL expressions are evaluated. The available versions are:

  • 1 - Uses the original method of resolving RQL expressions in memory.
  • 2 - Translates the RQL expression to SQL, which results in much faster processing of expressions. Use this version if you use a large number of RQL expressions against a large number of resources.

For additional information, see "RQL Expression Evaluation" in the TIBCO Business Studio BPM Implementation Guide.

* If you have performed a new installation of ActiveMatrix BPM version 4.3 or later, this property is included in the de.properties file with a default value of 2. However, if you have upgraded ActiveMatrix BPM from a pre-4.3 version, this property is not included in the de.properties file by default (and algorithm version 1 is used in this situation). In the upgrade scenario, to use version 2 of the algorithm, you must add the property to de.properties and set the value to 2.

ResourceQueryCleanerEnable
true

Enables, or disables, the re-evaluation of resource queries to identify those that are no longer referenced. If disabled, automatic deletion of un-referenced queries will not take place (which will require manual deletions via an API call, otherwise performance of the system will degrade over time).

In a multi-node environment, only one node is chosen (at random) to schedule and process the re-evaluation of resource queries. If that node is stopped, another node is chosen to take over the scheduling and processing. Processing after node fail-over will commence after the next ResourceQueryCleanerStart time, likely resulting in a delay in processing deletions.

Changing this value requires a node restart for the new value to take effect.

ResourceQueryCleanerStart
00:00

The time of day (expressed in the JVM's default timezone) at which the first resource query evaluation of those queries that can be deleted. The accepted format for this value is "hh:mm", where "hh" is a value from "00" to "23", and "mm" is a value from "00" to "59".

In a multi-node environment, only one node is chosen (at random) to schedule and process the re-evaluation events. If that node is stopped, another node is chosen to take over the scheduling and processing. Subsequent processing events will be scheduled according to the value of the property ResourceQueryCleanerInterval. Processing after node fail-over will commence after the next ResourceQueryCleanerStart time, likely resulting in a delay in processing deletions.

Changing this value requires a node restart for the new value to take effect.

ResourceQueryCleanerInterval
P1D

The interval between re-evaluation of resource queries to identify those that are no longer referenced, and can be removed from the system. This value should be great enough to ensure that two events do not overlap. The value is expressed as an XML Schema Duration string (for example, "P1D" = once per day, "PT12H" = once every 12 hours).

Changing this value requires a node restart for the new value to take effect.

ResourceQueryCleanerEnd
01:00 The time of day (expressed in the JVM's default time zone) at which the last resource query evaluation of the queries that can be deleted will be accepted.

The accepted format for this value is "hh:mm", where "hh" is a value from "00" to "23", and "mm" if a value from "00" to "59".

In a multi-node environment, only one node is chosen (at random) to schedule and process the re-evaluation events. If that node is stopped, another node is chosen to take over the scheduling and processing. Processing after node fail-over will commence after the next ResourceQueryCleanerStart time, likely resulting in a delay in processing deletions.

ResourceQueryCleanerLimit
100 The number of dynamic query entities checked for deletion in a single database transaction. This should be sufficiently large enough for performance, but not so large that the database transaction limit is reached.

The maximum value is 100.

ResourceQueryCleanerPause
5 The number of seconds between deleting batches of dynamic query entities. This permits time for other database transactions to occur, some of which are blocked while this operation is being performed.

The minimum value is 1.

The following properties are related to candidate queries:
AutoResourceGenEnable
true

Enables, or disables, the processing of resource candidate queries; to automatically populate positions and groups with resources, according to configured LDAP queries.

In a multi-node environment, only one node is chosen (at random) to schedule and process the candidate query processing events. If that node is stopped, another node will be chosen to take over the scheduling and processing.

AutoResourceDeleteEnabled
false

Enables, or disables, the automatic deletion of those resources deemed to be invalid. A resource is deemed to be invalid when the LDAP entry, from which it originates, can no longer be found. When this property is true, the processing of invalid resources is performed as part of the dynamic population of organization models.

This property only applies when AutoResourceGenEnable is true.

AutoResourceGenStart
03:30

The time of day (expressed in the JVM's default time-zone) at which the first candidate query processing will be scheduled. The accepted format for this value is "hh:mm"; where "hh" is a value from "00" to "23", and "mm" if a value from "00" to "59".

In a multi-node environment, only one node is chosen (at random) to schedule and process the candidate query processing events. If that node is stopped, another node will be chosen to take over the scheduling and processing.

Subsequent processing events are scheduled according to the value of the property AutoResourceGenInterval.

This property only applies when AutoResourceGenEnable is true.

Note: Candidate query processing should be scheduled during off-peak hours when there is no user activity.
AutoResourceGenInterval
P1D

The delay between the start of one candidate query processing event and the next. This value should be great enough to ensure that two events do not overlap. If a processing event does not complete within the specified interval, events may be skipped.

The value is expressed as an XML Schema Duration string (for example, "P1D" = once per day, "PT12H" = once every 12 hours).

This property only applies when AutoResourceGenEnable is true.

The following properties are related to extension points:
ExtensionPointProcessEnable
true

Enables, or disables, extension point processing events. If disabled, no more events will be scheduled following the completion of any currently scheduled event.

In a multi-node environment, only one node is chosen (at random) to schedule and process the extension point processing events. If that node is stopped, another node is chosen to take over the scheduling and processing.

ExtensionPointDeleteEnabled
true

Enables, or disables, the automatic removal of the organization model entities dynamically generated from the processing of extension points. When this property is true, dynamically generated entities are removed when the LDAP entry/attribute from which they are derived is removed.

This property only applies when ExtensionPointProcessEnable is true.

ExtensionPointProcessStart
03:00

The time of day (expressed in the JVM's default time-zone) at which the first extension point processing will be scheduled. The accepted format for this value is "hh:mm"; where "hh" is a value from "00" to "23", and "mm" if a value from "00" to "59".

In a multi-node environment, only one node is chosen (at random) to schedule and process extension point processing events. If that node is stopped, another node is chosen to take over the scheduling and processing.

Subsequent processing events are scheduled according to the value of the property ExtensionPointProcessInterval.

This property only applies when ExtensionPointProcessEnable is true.

Note: Extension point processing should be scheduled during off-peak hours when there is no user activity.
ExtensionPointProcessInterval
P1D

The delay between the start of one extension point processing event and the next. This value should be great enough to ensure that two events do not overlap. If a processing event does not complete within the specified interval, events may be skipped.

The value is expressed as an XML Schema Duration string (for example, "P1D" = once per day, "PT12H" = once every 12 hours).

This property only applies when ExtensionPointProcessEnable is true.

The following properties are not initially specified in the file:
AdminLdapName
tibco-admin Optional.

The name of the internal user who is authorized to login until another user is configured. See Configuring the Admin User .

AdminLdapAlias
None. Optional.

The name of your corporate LDAP server. See Configuring the Admin User .

SecurityModelUpgraded
None. Optional.

This property is specified in the file only when a system has been upgraded. See Use of the n2-auth Login Application .

The following parameters, present in earlier versions of the de.properties file, are no longer required:

  • LdapRetryAttempts
  • LdapRetryWait