Openfire Properties

Openfire Properties

VERSION 34  

Created on: Aug 29, 2007 11:32 AM by slushpupie - Last Modified:  Sep 23, 2012 4:32 PM by rcollier

This is an attempt at documenting every property used by Openfire.  Please keep this list in alphabetical order, for easier searching.

 

1. XML Properties

2. Openfire System Properties

3. Java System Properties

4. Http-Bind Properties

 

#

XML Properties

 

Property	Description	Default
admin.authorizedUsernames	A comma seperated list of usernames allowed to log into the admin console.	admin
admin.authorizedJIDs	A comma seperated list of full JID's allowed to log into the admin console. The JIDs may belong to remote users.
adminConsole.port	The port number the admon console listens on (not encrpyted). Disable by using \-1.	9090
adminConsole.securePort	The port number the admin console listens on (encrypted). Disable by using \-1.	9091
connectionProvider.className	The class name of the database connection provider
database.defaultProvider.driver	seehttp://www.igniterealtime.org/builds/openfire/docs/latest/documentation/database .html
database.defaultProvider.serverURL	seehttp://www.igniterealtime.org/builds/openfire/docs/latest/documentation/database .html
database.defaultProvider.username	TODO
database.defaultProvider.password	TODO
database.defaultProvider.minConnections	minimum database connections
database.defaultProvider.maxConnections	maximum database connections TODO
database.defaultProvider.connectionTimeout	database connection timeout
database.defaultProvider.testSQL	SQL command to test whether a connection is fine
database.defaultProvider.testBeforeUse	true / false - test connection before using it
database.defaultProvider.testAfterUse	true / false - test connection after using it
database.defaultProvider.checkOpenConnection	TODO - is it still valid?
database.defaultProvider.openConnectionTimeLimit	TODO - is it still valid?
database.mysql.useUnicode	TODO
database.JDNIProvider.name	TODO
ldap.adminDN	a directory administrator's DN. All directory operations will be performed with this account. The admin must be able to perform searches and load user records. The user does not need to be able to make changes to the directory, as Openfire treats the directory as read-only. If this property is not set, an anonymous login to the server will be attempted. If you do not allow anonymous searches to your LDAP server, you must set this.
ldap.adminPassword	the password for the directory administrator.
ldap.alternateBaseDN	a second DN in the directory can optionally be set. If set, the alternate base DN will be used for authentication and loading single users, but will not be used to display a list of users (due to technical limitations).
ldap.authCache.enabled	Enable LDAP authentication cache, if using the LdapAuth provider	true
ldap.authCache.maxLifetime	TODO
ldap.authCache.size	Cache size (in bytes) for LDAP authentication cache	524288
ldap.autoFollowReferrals	a value of "true" indicates that LDAP referrals should be automatically followed. If this property is not set or is set to "false", the referral policy used is left up to to the provider. A referral is an entity that is used to redirect a client's request to another server. A referral contains the names and locations of other objects. It is sent by the server to indicate that the information that the client has requested can be found at another location (or locations), possibly at another server or several servers.
ldap.baseDN	the starting DN that searches for users will performed with. The entire subtree under the base DN will be searched for user accounts. This is required for all LDAP setups.
ldap.clientSideSorting	If Openfire should sort the LDAP results itself set to true. If the ldap server can do it, set to false.	False
ldap.connectionPoolEnabled	a value of "false" disables LDAP connection pooling.	true
ldap.debugEnabled	a value of "true" if debugging should be turned on. When on, trace information about buffers sent and received by the LDAP provider is written to System.out
ldap.emailField	the field name that holds the user's email address. If this property is not set, the default value is mail. Active Directory users should use the the default value mail.
ldap.groupDescriptionField	the field name that holds the description a group. If this property is not set, the default value is description.
ldap.groupMemberField	the field name that holds the members in a group. If this property is not set, the default value is member.
ldap.groupNameField	the field name that the groupname lookups will be performed on. If this property is not set, the default value is cn.This is required if you wish to use groups from LDAP.
ldap.groupSearchFilter	the search filter that should be used when loading groups.	ldap.groupNameField=
ldap.host	LDAP server host; e.g. localhost or machine.example.com, etc. It is possible to use many LDAP servers but all of them should share the same configuration (e.g. SSL, baseDN, admin account, etc). To specify many LDAP servers use the comma or the white space character as delimiter. Obviously, this is required for LDAP setups.
ldap.initialContextFactory	the name of the class that should be used as an initial context factory. if this value is not specified, "com.sun.jndi.ldap.LdapCtxFactory" will be used instead. Most users will not need to set this value.
ldap.nameField	the field name that holds the user's name. If this property is not set, the default value is cn. Active Directory users should use the default value displayName.	cn
ldap.port	LDAP server port number.	389
ldap.posixMode	a value of "true" means that users are stored within the group by their user name alone. A value of "false" means that users are stored by their entire DN within the group. If this property is not set, the default value is false. Note: the posix mode must be set correctly for your server in order for group integration to work. This is required if you wish to use groups from LDAP.
ldap.sslEnabled	a value of "true" to enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port number most likely should be changed to 636.
ldap.searchFields	the LDAP fields that will be used for user searches. If this property is not set, the username, name, and email fields will be searched. An example value for this field is "Username/uid,Name/cname". That searches the uid and cname fields in the directory and labels them as "Username" and "Name" in the search UI. You can add as many fields as you'd like using comma-delimited "DisplayName/Field" pairs. You should ensure that any fields used for searching are properly indexed so that searches return quickly.
ldap.searchFilter	the search filter that should be used when loading users.	The default search will be for users that have the attribute specified by ldap.usernameField.
ldap.usernameField	the field name that the username lookups will be performed on. If this property is not set, the default value is uid. Active Directory users should try the default value sAMAccountName.
ldap.vcard-mapping	The literal mapping between ldap fields and the XML to go in the vcard
log.debug.enabled	Turn on debug logging
log.debug.format	The format used for debug logging
log.debug.size	The maximum size of the debug log
log.directory	The directory all log files will go into
log.error.format	The format used for the error log
log.error.size	The maximum size of the error log
log.info.format	The format used for the info log
log.info.size	The maximum size of the info log
log.warn.format	The format used for the warn log
log.warn.size	The maximum size of the warn log
locale	The locale (language settings)
nativeAuth.domain	TODO
network.interface	An ip address to bind to. Generally only useful on multi-homed systems.
pop3.authCache.enabled	TODO
pop3.authCache.maxLifetime	TODO
pop3.authCache.size	TODO	512*1024
pop3.authRequiresDomain	TODO
pop3.debug	TODO
pop3.domain	TODO
pop3.host	TODO
pop3.port	TODO
pop3.ssl	TODO
provider.auth.className	The class name of the AuthProvider (Authentication)
provider.user.className	The class name of the UserProvider
provider.group.className	The class name of the GroupProvider
provider.vcard.className	The class name of the VcardProvider
sasl.mechs	Configure which authorization mechanisms Openfire allows (DIGEST-MD5 PLAIN CRAM-MD5). Java's CRAM-MD5 implementation and Cryus SASL's implementation differ slightly. To remove CRAM-MD5 add <sasl><mechs>DIGEST-MD5 PLAIN</mechs><sasl> to openfire.xml	ANONYMOUS PLAIN DIGEST-MD5 CRAM-MD5 JIVE-SHAREDSECRET
sasl.approvedRealms
sasl.gssapi.config
sasl.gssapi.debug		false
sasl.gssapi.useSubjectCredsOnly		false
sasl.realm
setup	True if Openfire has been configured. False only after an initial install before configuring.

 

#

Openfire System Properties

 

Property	Description	Default
cache.name.maxLifetime	Cache expiration time for name in milleseconds.	see How to configure Openfire's caches
cache.name.size	Cache size for name in bytes	see How to configure Openfire's caches
locale.timeZone	The timezone for your locale
dnsutil.dnsOverride	(!http://www.igniterealtime.org/issues/images/icons/newfeature.gif! [JM-711\	http://www.igniterealtime.org/issues/browse/JM-711]) Internal DNS that allows to specify target IP addresses and ports to use for domains. Sample values for the property (make sure to insert no space characters!): {example.com,127.0.0.33:5269} {example.com,127.0.0.33:5269},{de.de,192.168.0.33:4567}
flash.crossdomain.enabled	Boolean for if the flash cross domain server is enabled (new in OF 3.6.5)	true
flash.crossdomain.port	Integer for the port number to listen on for crossdomain requests (new in OF 3.6.5)	5229
hazelcast.config.xml.filename	Name of the Hazelcast configuration file. By overriding this value you can easily install a custom cluster configuration file in the Hazelcast plugin /classes/ directory, or in the classpath of your own custom plugin.	hazelcast-cache-config.xml
hazelcast.max.execution.seconds	Maximum time to wait when running a synchronous task across members of the cluster.	30
hazelcast.startup.delay.seconds	Number of seconds to wait before launching the Hazelcast plugin. This allows Openfire to deploy any other plugins before initializing the cluster caches, etc.	5
hazelcast.startup.retry.count	Number of times to retry initialization if the cluster fails to start on the first attempt.	1
hazelcast.startup.retry.seconds	Number of seconds to wait between subsequent attempts to start the cluster.	10
ldap.override.avatar	When enabled allows users to changer/add an avatar openfire servers  bound to LDAP that do not have an LDAP defined avatar.  The Property  Values are true or false.	true
mail.debug	Enable debugging for mail.
mail.smtp.host	The SMTP Hostname to use
mail.smtp.password	The SMTP Password to use when using SMTP Auth
mail.smtp.port	The port to use for SMTP	25
mail.smtp.ssl	Enable SSL for smtp	false
mail.smtp.username	The SMTP Username to use when using SMTP Auth
mediaproxy.enabled	The value "false" if the Openfire media proxy should not be enabled. The media proxy allows Jingle clients to communicate when peer to peer connections fail (such as when behind a strict firewall).	true (a null value means true)
mediaproxy.idleTimeout	The maximum amount of time (in milleseconds) to wait before a media proxy session is closed when there is no activity.	90000
mediaproxy.portMin	The minimum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.	10000
mediaproxy.portMax	The maximum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.	20000
passwordKey	Key used to decrypt Blowfish encrypted passwords in 'ofUser.encryptedPassword' (when user.usePlainPassword is set to false)	randomly generated when detected as null
plugins.upload.enabled	Enables the ability to upload plugins from the admin interface.	true
register.inband	Allow inband registration	true
register.password	Allow inband password changes	true
route.all-resources	Enable routing of messages to base JID to every client logged in with the same base JID (different resources) and the same (highest) priority	false
rss.enabled	Enable or disable the RSS feed in the admin console http://www.igniterealtime.org/issues/browse/JM-1172	true
shutdownMessage.enabled	If true, send a shutdown message to all connected users before terminating the server
update.lastCheck	Keep track of the last time we checked for updates. Don't edit this value.
update.proxy.host	Sets the host of the proxy to use to connect to jivesoftware.org or 'null' if no proxy is used.
update.proxy.port	Sets the port of the proxy to use to connect to jivesoftware.org or \-1 if no proxy is being used.
user.usePlainPassword	Sets wether the password for users is stored in the database in plaintext format in the ofUser.plainPassword column, or encrypted using the Blowfish algorithm in the ofUser.encryptedPassword column, using the key found in the "passwordKey" property.	false
xmpp.audit.active	Turn on packet auditing
xmpp.audit.ignore	A comma seperated list of users to ignore when auditing packets
xmpp.audit.iq	If true, audit ip packets
xmpp.audit.logdir	The directory to put the audit file in
xmpp.audit.logtimeout	TODO
xmpp.audit.maxcount	TODO
xmpp.audit.maxsize	TODO
xmpp.audit.message	If true, audit message packets
xmpp.audit.presence	If true, audit presence packets
xmpp.audit.xpath	TODO
xmpp.auth.anonymous	True if anonymous authentication is allowed
xmpp.auth.retries	Number of failed authentication attempts allowed.	3
xmpp.client.compression.policy	TODO
xmpp.client.idle	Time in millesconds to disconnect an idle client. Use -1 to disable.	6 * 60 * 1000 (thanks Keehong)
xmpp.client.login.allowed	A comma seperated list of IP addresses clients are allowed to log in from
xmpp.client.roster.active	Enables the roster for clients. If false, it is not possible to retrieve users rosters or broadcast presence packets to roster contacts.
xmpp.client.tls.policy	TODO
xmpp.client.validate.host	If true, validate the hostname in the stream header sent by clients.
xmpp.command.limit	TODO
xmpp.command.timeout	TODO
xmpp.component.defaultSecret	TODO
xmpp.component.permission	TODO
xmpp.component.socket.active	TODO
xmpp.component.socket.port	TODO
xmpp.domain	The name of the server	127.0.0.1)
xmpp.forward.admins	TODO
xmpp.muc.create.anyone	Permission policy for creating rooms. Set to false to allow anyone to create rooms, true to restrict to jids listed in xmpp.muc.create.jid. Note: The meaning is reversed:-)	false
xmpp.muc.create.jid	List of JIDs that are allowed to create a MUC room.
xmpp.muc.discover.locked	Checks if the room may be included in search results.	true
xmpp.muc.enabled	Set this to false to disable MUC / conference. Requires server restart. (looks like it doesnt work on 3.6.4 - wroot)	true
xmpp.muc.history.maxNumber	The maximum number of chat history messages stored for the room.	25
xmpp.muc.history.type	Set history strategy type. Valid values: defaulType, none, all, number	number
xmpp.muc.service	Host name of MUC service. Requires server restart.	conference
xmpp.muc.skipInvite	(3.7.0+) Disable the auto invitation of newly added members to a MUC chatroom's access control list.	false
xmpp.muc.sysadmin.jid	Load the list of JIDs that are system admins of the MUC service.
xmpp.muc.tasks.log.batchsize	The number of messages to log on each run of the logging process.	50
xmpp.muc.tasks.log.timeout	The number of milliseconds to elapse between logging of room conversations.	300000
xmpp.muc.tasks.user.idle	The number of milliseconds a user must be idle before he/she gets kicked from all the rooms.	-1
xmpp.muc.tasks.user.timeout	The number of milliseconds before clearing of idle chat users.	300000
xmpp.muc.unload.empty_days	The server will unload from memory persistent rooms that have been empty for 30 (default) days. The room will still exist in the database and users may still join. The only consequence is that it won't appear in the discovery list. This option is valid for prior 3.6.0 versions only. As 3.6.0 has introduced multiple conference services.	30
xmpp.offline.quota	How many messages to store before bouncing or dropping as per xmpp.offline.type	100 * 1024 messages?
xmpp.offline.type	Controls the strategy for handling messages to offline users: - bounce: All messages are bounced to the sender. - drop: All messages are silently dropped. - store: All messages are stored - store_and_bounce: Messages are stored up to the storage limit, and then bounced. - store_and_drop: Messages are stored up to the storage limit, and then silently dropped.	store_and_bounce
xmpp.parser.buffer.size	since 3.5.2 / JM-1350: XMLLightweightParser allows N Bytes of buffered data before closing a potential dangerous connection to avoid an Out-Of-Memory error.	1048576
xmpp.privateStorageEnabled	TODO
xmpp.proxy.enabled	TODO
xmpp.proxy.externalip	Some servers are setup to use DNS SRV records. In that case, their domain may not the actual server address. For example, the DNS SRV record for igniterealtime.org could point to a server at xmpp.igniterealtime.org. This will affect non XMPP traffic like the file proxy transfer service, since the proxy service can't give out the normal XMPP domain name and have that work.  When this property is set, the file transfer proxy service will advertise the given IP address rather than the XMPP server domain.
xmpp.proxy.port	TODO
xmpp.proxy.service	TODO
xmpp.pubsub.create.anyone	Determines if anyone can create nodes
xmpp.pubsub.create.jid	List of JID's of those that are allowed to create nodes
xmpp.pubsub.enabled	since 3.5.0 / JM-1262: Disable pubsub by setting this value to false	true
xmpp.pubsub.multiple-subscriptions	Turns the ability to have multiple subscriptions to a node on/off	true
xmpp.pubsub.root.creator	Specifies the JID of the root node creator
xmpp.pubsub.root.nodeID	Specifies the id of the root collection node
xmpp.pubsub.service	The pubsub service name	pubsub
xmpp.pubsub.sysadmin.jid	Sets the specified JID's as pubsub admins
xmpp.pubsub.flush.timer	The time delay (in seconds) between flushing of the published items cache to persistent storage.	120 (seconds)
xmpp.pubsub.flush.max	The maximum number of items the published items cache will hold before it flushes itelf to persistent storage.	1000
xmpp.pubsub.fetch.max	The maximum number of items that a get items operations on a node will return.  Openfire doesn't support Result Sets in pubsub yet, so making this number too large will cause memory and performance issues.	2000
xmpp.pubsub.purge.timer	The time delay (in seconds) to purge stale data from the database.	300 (seconds)
xmpp.server.certificate.accept-selfsigned	TODO
xmpp.server.certificate.verify	TODO
xmpp.server.certificate.verify.chain	TODO
xmpp.server.certificate.verify.root	TODO
xmpp.server.certificate.verify.validity	TODO
xmpp.server.compression.policy	TODO
xmpp.server.dialback.enabled	TODO
xmpp.server.outgoing.threads	TODO
xmpp.server.permission	TODO
xmpp.server.processing.threads	TODO
xmpp.server.read.timeout	TODO
xmpp.server.session.allowmultiple	TODO
xmpp.server.session.idle	TODO
xmpp.server.session.timeout	TODO
xmpp.server.socket.active	TODO
xmpp.server.socket.port	TODO
xmpp.server.socket.remotePort	TODO
xmpp.server.tls.enabled	TODO
xmpp.session.conflict-limit	TODO
xmpp.session.sending-limit	TODO
xmpp.socket.plain.active	TODO
xmpp.socket.plain.port	TODO
xmpp.socket.ssl.active	TODO
xmpp.socket.ssl.algorithm	TODO
xmpp.socket.ssl.keypass	TODO
xmpp.socket.ssl.keystore	TODO
xmpp.socket.ssl.port	TODO
xmpp.socket.ssl.storeType	TODO
xmpp.socket.ssl.trustpass	TODO
xmpp.socket.ssl.truststore	TODO

 

#

Java System Properties

 

Property	Description	Default
app.name	"Openfire"
appdir	The location Openfire is installed in
java.library.path	Where to look for the native library path for NativeAuthProvider
line.separator	What the default line seperator is.	"\n"
mrj.version	Only used for OS detection in Mac OS
pluginDirs	The directory the plugins live in
os.name	The OS Name (eg "Windows 2000").	Automatically set by Java
whack.componentManagerClass	TODO
openfire.lib.dir	The place to look for ServerStarter.	'../lib'
openfireHome	The location where Openfire is installed in

For plugins (gateway), see http://www.igniterealtime.org/community/docs/DOC-1002

#

Http-Bind Properties

 

Property	Description	Default
log.httpbind.enabled	Print all packets which were sent or received via http-bind to STOUT.	false
xmpp.httpbind.client.idle	Seconds a session has to be idle to be closed	30
xmpp.httpbind.client.requests.max	the number of simultaneous requests allowable.	2
xmpp.httpbind.client.requests.wait	the longest time (in seconds) that Openfire is allowed to wait before responding to any request during the session.	0x7fffffff
xmpp.httpbind.client.requests.polling	the maximum allowable period over which a client can send empty requests to the server.	5

출처 - http://community.igniterealtime.org/docs/DOC-1061