Configuration file | Location | Description |
---|---|---|
global.properties | TDI_home/etc | This file is the primary configuration file for the server. |
solution.properties | Solution folder | This file (solution.properties) is initially a copy of global.properties used by the current solution. After you make changes, values in this file override corresponding values in global.properties. |
registry.txt | TDI_home/serverapi | This file is the User registry for the Server API, defined by the "api.user.registry" property in global.properties |
build.properties | TDI_home/etc | This file contains the TDI build information, build date, version, and so on; it is a text file, and by default the file is in the platform-native encoding. |
tdisrvctl-log-4j.properties | TDI_home/etc | This file controls the logging strategy for the tdisrvctl command line utility. |
Log4J.properties | TDI_home/etc | This file controls the logging strategy for the server (ibmdisrv) when started from the command line. |
jlog.properties | TDI_home/etc | This file controls the tracing and First Failure Data Capture (FFDC) strategy |
ibmdi.ico | TDI_home/etc | This file lists the icons for TDI. |
idisrv.sth | TDI_home | This file contains the TDI server stash; it is a binary file that contains the encrypted password for the sample server keystore file (testserver.jks). |
derby.properties | TDI_home/etc | This file contains the default configuration for the Derby System Store shipped with TDI. |
reconnect.rules | TDI_home/etc | This file contains text that defines reconnect rules for how TDI should handle reconnect exceptions. |
global.properties.v611 | TDI_home/etc | This file serves as a sample place holder and is useful during migration. |
TDI0700.SYS2 | TDI_home/etc | This is the product signature (license) file used by the ITLM agent to recognize TDI. |
pkcs11.cfg | TDI_home/etc | This file is used for initializing the IBM PKCS11 implementation provider. For details refer to section PKCS11 Configuration File. |
testadmin.der | TDI_home/serverapi | This file is the exported certificate from testadmin.jks. |
testadmin.jks | TDI_home/serverapi | This file contains an example keystore and truststore for a Server API remote client. |
cryptoutils.bat(sh) | TDI_home/serverapi | This file is a command line utility (shell script) used for encrypting and decrypting TDI configurations and the user registry file. |
testserver.jks | TDI_home | This file is a sample server keystore and truststore, referenced as an example. |
testserver.der | TDI_home | This file is an exported sample server certificate, ready to be imported in a truststore. |
am_config.properties | TDI_home/ActionManager | This file configures the Action Manager. |
am_logging.properties | TDI_home/ActionManager | This file configures Action Manager logging. |
ibmdiservice.props | TDI_home/wind32_service | This file configures the Windows service. |
mqeconfig.props | TDI_home/jars/plugins/ | This file allows configuration of the MQe service. In TDI, we can access MQe using authentication for the MQe Mini-Certificate Server to issue certificates; the certificates are then used for authentication. When authenticating, additional properties available in TDI that must be added to the mqeconfig.props properties file. |
The file registry.txt can be encrypted and decrypted using the The TDI Encryption utility. The cryptoutil tool should not be applied on global.properties or solution.properties. We can encrypt individual property values but not the whole properties file.
Name | Possible values | Description |
---|---|---|
com.ibm.di.server.securemode | true/false | On or off switch for secure mode. |
api.keystore | file name | Server keystore used for SSL certificates. Previously com.ibm.di.server.keystore. |
api.key.alias | Key alias | Key alias from keystore for SSL certificates. Previously com.ibm.di.server.key.alias. |
{protect}-api.keystore.password | SSL keystore password | Keystore password for SSL. Added in TDI 7.0. |
{protect}-api.key.password | SSL key password | Key password for SSL. Added in TDI 7.0. |
com.ibm.di.server.encryption.keystore | file name | Data encryption for the keystore that hosts the key used by the Server. Added in TDI 7.0. |
com.ibm.di.server.encryption.key.alias | Key alias | Encryption keystore key alias. Added in TDI 7.0 |
com.ibm.di.server.encryption.keystoretype | Keystore type, that is, "JKS", "JCEKS", and so on. | Keystore type that hosts the encryption key of the Server. Added in TDI 7.0. |
com.ibm.di.server.encryption.transformation | "RSA" or some secret key transformation | Server transformation used for encryption. Can be set to either "RSA" (public key encryption) or to some secret key transformation (*** of the TDIServer Security section). Added in TDI 7.0. |
api.on | true/false | On or off Server API switch. |
api.user.registry | file name | Server API users registry file |
api.user.registry.encryption.on | true/false | User registry switch for encrypted or not encrypted. |
api.remote.on | true/false | On or off switch for remote Server API. The default setting is true. |
api.remote.ssl.on | true/false | On or off switch requiring, or not requiring, SSL for the remote Server API. |
api.remote.ssl.client.auth.on | true/false | On or off switch requiring, or not requiring, SSL client authentication for the remote Server API |
api.truststore | file name | Server truststore. |
api.truststore.pass | * | Trustore password. |
api.remote.nonssl.hosts | Non-SSL addresses for accepting non-SSL IP connections. | |
api.custom.method.invoke.on | true/false | Server API methods for custom method invocation =true when allowed to be used, and =false when disallowed. |
api.custom.method.invoke.allowed.classes | Server API classes that can be directly invoked by the Server API methods for custommethod invocation. | |
api.custom.authentication | Script file name or "[ldap]/[jaas]" for built in LDAP or JAASAuthentication | Custom authentication method. |
api.custom.authentication.ldap.* | LDAP authentication configuration set of properties. | |
javax.net.ssl.* | Standard JSSE set of properties for keystore, truststore and their passwords | |
com.ibm.di.server.pkcs11 | false | pkcs11 compliant crypto devices for SSL, required or not required. Added in TDI 7.0 |
{protect}-com.ibm.di.server.pkcs11.pass | administrator | Access password for pkcs11 compliant crypto device. Added in TDI 7.0 |
com.ibm.di.server.pkcs11.accl | false | Hardware cryptographic devices to be used for encryption when this property is set to true. |
All properties listed in the above table can be set in the configuration file global.properties, and can be protected by encryption using the {protect}- prefix (see section "Standard TDI encryption of global.properties or solution.properties" for details).