Openfire Properties

Version 39

    This is an attempt at documenting every property used by Openfire.  Please keep this list in alphabetical order, for easier searching.

     

    1. XML Properties

    2. Openfire System Properties

    3. Java System Properties

    4. Http-Bind Properties

     

    XML Properties

     

    Property

    Description

    Default

    admin.authorizedUsernames

    A comma seperated list of usernames allowed to log into the admin console.

    admin

    admin.authorizedJIDs

    A comma seperated list of full JID's allowed to log into the admin console. The JIDs may belong to remote users.

    adminConsole.port

    The port number the admon console listens on (not encrpyted). Disable by using \-1.

    9090

    adminConsole.securePort

    The port number the admin console listens on (encrypted). Disable by using \-1.

    9091

    connectionProvider.className

    The class name of the database connection provider

    database.defaultProvider.driver

    see http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/database .html

    database.defaultProvider.serverURL

    see http://www.igniterealtime.org/builds/openfire/docs/latest/documentation/database .html

    database.defaultProvider.username

    TODO

    database.defaultProvider.password

    TODO

    database.defaultProvider.minConnections

    minimum database connections

    database.defaultProvider.maxConnections

    maximum database connections TODO

    database.defaultProvider.connectionTimeout

    database connection timeout

    database.defaultProvider.testSQL

    SQL command to test whether a connection is fine

    database.defaultProvider.testBeforeUse

    true / false - test connection before using it

    database.defaultProvider.testAfterUsetrue / false - test connection after using it
    database.defaultProvider.checkOpenConnectionTODO - is it still valid?
    database.defaultProvider.openConnectionTimeLimitTODO - is it still valid?

    database.mysql.useUnicode

    TODO

    database.JDNIProvider.name

    TODO

    ldap.adminDN

    a directory administrator's DN. All directory operations will be performed with this account. The admin must be able to perform searches and load user records. The user does not need to be able to make changes to the directory, as Openfire treats the directory as read-only. If this property is not set, an anonymous login to the server will be attempted. If you do not allow anonymous searches to your LDAP server, you must set this.

    ldap.adminPassword

    the password for the directory administrator.

    ldap.alternateBaseDN

    a second DN in the directory can optionally be set. If set, the alternate base DN will be used for authentication and loading single users, but will not be used to display a list of users (due to technical limitations).

    ldap.authCache.enabled

    Enable LDAP authentication cache, if using the LdapAuth provider

    true

    ldap.authCache.maxLifetime

    TODO

    ldap.authCache.size

    Cache size (in bytes) for LDAP authentication cache

    524288

    ldap.autoFollowReferrals

    a value of "true" indicates that LDAP referrals should be automatically followed. If this property is not set or is set to "false", the referral policy used is left up to to the provider. A referral is an entity that is used to redirect a client's request to another server. A referral contains the names and locations of other objects. It is sent by the server to indicate that the information that the client has requested can be found at another location (or locations), possibly at another server or several servers.

    ldap.baseDN

    the starting DN that searches for users will performed with. The entire subtree under the base DN will be searched for user accounts. This is required for all LDAP setups.

    ldap.clientSideSorting

    If Openfire should sort the LDAP results itself set to true. If the ldap server can do it, set to false.

    False

    ldap.connectionPoolEnabled

    a value of "false" disables LDAP connection pooling.

    true

    ldap.debugEnabled

    a value of "true" if debugging should be turned on. When on, trace information about buffers sent and received by the LDAP provider is written to System.out

    ldap.emailField

    the field name that holds the user's email address. If this property is not set, the default value is mail. Active Directory users should use the the default value mail.

    ldap.groupDescriptionField

    the field name that holds the description a group. If this property is not set, the default value is description.

    ldap.groupMemberField

    the field name that holds the members in a group. If this property is not set, the default value is member.

    ldap.groupNameField

    the field name that the groupname lookups will be performed on. If this property is not set, the default value is cn.This is required if you wish to use groups from LDAP.

    ldap.groupSearchFilter

    the search filter that should be used when loading groups.

    ldap.groupNameField=

    ldap.host

    LDAP server host; e.g. localhost or machine.example.com, etc. It is possible to use many LDAP servers but all of them should share the same configuration (e.g. SSL, baseDN, admin account, etc). To specify many LDAP servers use the comma or the white space character as delimiter. Obviously, this is required for LDAP setups.

    ldap.initialContextFactory

    the name of the class that should be used as an initial context factory. if this value is not specified, "com.sun.jndi.ldap.LdapCtxFactory" will be used instead. Most users will not need to set this value.

    ldap.nameField

    the field name that holds the user's name. If this property is not set, the default value is cn. Active Directory users should use the default value displayName.

    cn

    ldap.port

    LDAP server port number.

    389

    ldap.posixMode

    a value of "true" means that users are stored within the group by their user name alone. A value of "false" means that users are stored by their entire DN within the group. If this property is not set, the default value is false. Note: the posix mode must be set correctly for your server in order for group integration to work. This is required if you wish to use groups from LDAP.

    ldap.sslEnabled

    a value of "true" to enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port number most likely should be changed to 636.

    ldap.searchFields

    the LDAP fields that will be used for user searches. If this property is not set, the username, name, and email fields will be searched. An example value for this field is "Username/uid,Name/cname". That searches the uid and cname fields in the directory and labels them as "Username" and "Name" in the search UI. You can add as many fields as you'd like using comma-delimited "DisplayName/Field" pairs. You should ensure that any fields used for searching are properly indexed so that searches return quickly.

    ldap.searchFilter

    the search filter that should be used when loading users.

    The default search will be for users that have the attribute specified by ldap.usernameField.

    ldap.usernameField

    the field name that the username lookups will be performed on. If this property is not set, the default value is uid. Active Directory users should try the default value sAMAccountName.

    ldap.vcard-mapping

    The literal mapping between ldap fields and the XML to go in the vcard

    log.debug.enabled

    Turn on debug logging

    log.debug.format

    The format used for debug logging

    log.debug.size

    The maximum size of the debug log

    log.directory

    The directory all log files will go into

    log.error.format

    The format used for the error log

    log.error.size

    The maximum size of the error log

    log.info.format

    The format used for the info log

    log.info.size

    The maximum size of the info log

    log.warn.format

    The format used for the warn log

    log.warn.size

    The maximum size of the warn log

    locale

    The locale (language settings)

    nativeAuth.domain

    TODO

    network.interface

    An ip address to bind to. Generally only useful on multi-homed systems.

    pop3.authCache.enabled

    TODO

    pop3.authCache.maxLifetime

    TODO

    pop3.authCache.size

    TODO

    512*1024

    pop3.authRequiresDomain

    TODO

    pop3.debug

    TODO

    pop3.domain

    TODO

    pop3.host

    TODO

    pop3.port

    TODO

    pop3.ssl

    TODO

    provider.auth.className

    The class name of the AuthProvider (Authentication)

    provider.user.className

    The class name of the UserProvider

    provider.group.className

    The class name of the GroupProvider

    provider.vcard.className

    The class name of the VcardProvider

    sasl.mechs

    Configure which authorization mechanisms Openfire allows (DIGEST-MD5 PLAIN CRAM-MD5). Java's CRAM-MD5 implementation and Cryus SASL's implementation differ slightly. Multiple values are seperated by commas.

    ANONYMOUS

    PLAIN

    DIGEST-MD5

    CRAM-MD5

    JIVE-SHAREDSECRET

    SCRAM-SHA-1

    GSSAPI

    EXTERNAL

    sasl.approvedRealms

    sasl.gssapi.config

    sasl.gssapi.debug

    false

    sasl.gssapi.useSubjectCredsOnly

    false

    sasl.realm

    setup

    True if Openfire has been configured. False only after an initial install before configuring.

     

    Openfire System Properties

     

    Property

    Description

    Default

    cache.name.maxLifetime

    Cache expiration time for name in milleseconds.

    see How to configure Openfire's caches

    cache.name.size

    Cache size for name in bytes

    see How to configure Openfire's caches

    locale.timeZone

    The timezone for your locale

    dnsutil.dnsOverride

    (!http://www.igniterealtime.org/issues/images/icons/newfeature.gif! [JM-711\

    http://www.igniterealtime.org/issues/browse/JM-711]) Internal DNS that allows to specify target IP addresses and ports to use for domains. Sample values for the property (make sure to insert no space characters!):

    {example.com,127.0.0.33:5269}

    {example.com,127.0.0.33:5269},{de.de,192.168.0.33:4567}

    flash.crossdomain.enabledBoolean for if the flash cross domain server is enabled (new in OF 3.6.5)true
    flash.crossdomain.portInteger for the port number to listen on for crossdomain requests (new in OF 3.6.5)5229
    hazelcast.config.xml.filenameName of the Hazelcast configuration file. By overriding this value you can easily install a custom cluster configuration file in the Hazelcast plugin /classes/ directory, or in the classpath of your own custom plugin.hazelcast-cache-config.xml
    hazelcast.max.execution.secondsMaximum time to wait when running a synchronous task across members of the cluster.30
    hazelcast.startup.delay.secondsNumber of seconds to wait before launching the Hazelcast plugin. This allows Openfire to deploy any other plugins before initializing the cluster caches, etc.5
    hazelcast.startup.retry.countNumber of times to retry initialization if the cluster fails to start on the first attempt.1
    hazelcast.startup.retry.secondsNumber of seconds to wait between subsequent attempts to start the cluster.10
    ldap.override.avatar When enabled allows users to changer/add an avatar openfire servers  bound to LDAP that do not have an LDAP defined avatar.  The Property  Values are true or false.true

    mail.debug

    Enable debugging for mail.

    mail.smtp.host

    The SMTP Hostname to use

    mail.smtp.password

    The SMTP Password to use when using SMTP Auth

    mail.smtp.port

    The port to use for SMTP

    25

    mail.smtp.ssl

    Enable SSL for smtp

    false

    mail.smtp.username

    The SMTP Username to use when using SMTP Auth

    mediaproxy.enabled

    The value "false" if the Openfire media proxy should not be enabled. The media proxy allows Jingle clients to communicate when peer to peer connections fail (such as when behind a strict firewall).

    true (a null value means true)

    mediaproxy.idleTimeout

    The maximum amount of time (in milleseconds) to wait before a media proxy session is closed when there is no activity.

    90000

    mediaproxy.portMin

    The minimum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.

    10000

    mediaproxy.portMax

    The maximum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.

    20000

    passwordKeyKey used to decrypt Blowfish encrypted passwords in 'ofUser.encryptedPassword' (when user.usePlainPassword is set to false)randomly generated when detected as null

    plugins.upload.enabled

    Enables the ability to upload plugins from the admin interface.

    true

    register.inband

    Allow inband registration

    true

    register.password

    Allow inband password changes

    true

    route.all-resources

    Enable routing of messages to base JID to every client logged in with the same base JID (different resources) and the same (highest) priority

    false

    rss.enabled

    Enable or disable the RSS feed in the admin console  http://www.igniterealtime.org/issues/browse/JM-1172

    true

    session.stalled.capIf there are more than this number of bytes waiting to be written to a connection session, then it's assumed that the session has stalled and it will be closed5242880 - i.e. 5 MB

    shutdownMessage.enabled

    If true, send a shutdown message to all connected users before terminating the server

    update.lastCheck

    Keep track of the last time we checked for updates. Don't edit this value.

    update.proxy.host

    Sets the host of the proxy to use to connect to jivesoftware.org or 'null' if no proxy is used.

    update.proxy.port

    Sets the port of the proxy to use to connect to jivesoftware.org or \-1 if no proxy is being used.

    user.usePlainPasswordSets wether the password for users is stored in the database in plaintext format in the ofUser.plainPassword column, or encrypted using the Blowfish algorithm in the ofUser.encryptedPassword column, using the key found in the "passwordKey" property.false

    xmpp.audit.active

    Turn on packet auditing

    xmpp.audit.ignore

    A comma seperated list of users to ignore when auditing packets

    xmpp.audit.iq

    If true, audit ip packets

    xmpp.audit.logdir

    The directory to put the audit file in

    xmpp.audit.logtimeout

    TODO

    xmpp.audit.maxcount

    TODO

    xmpp.audit.maxsize

    TODO

    xmpp.audit.message

    If true, audit message packets

    xmpp.audit.presence

    If true, audit presence packets

    xmpp.audit.xpath

    TODO

    xmpp.auth.anonymous

    True if anonymous authentication is allowed

    xmpp.auth.retries

    Number of failed authentication attempts allowed.

    3

    xmpp.client.compression.policy

    TODO

    xmpp.client.idle

    Time in millesconds to disconnect an idle client. Use -1 to disable.

    6 * 60 * 1000 (thanks Keehong)

    xmpp.client.login.allowed

    A comma seperated list of IP addresses clients are allowed to log in from

    xmpp.client.roster.active

    Enables the roster for clients. If false, it is not possible to retrieve users rosters or broadcast presence packets to roster contacts.

    xmpp.client.tls.policy

    TODO

    xmpp.client.validate.host

    If true, validate the hostname in the stream header sent by clients.

    xmpp.command.limit

    TODO

    xmpp.command.timeout

    TODO

    xmpp.component.defaultSecret

    TODO

    xmpp.component.permission

    TODO

    xmpp.component.socket.active

    TODO

    xmpp.component.socket.port

    TODO

    xmpp.domain

    The name of the server

    127.0.0.1)

    xmpp.forward.admins

    TODO

    xmpp.muc.create.anyone

    Permission policy for creating rooms. Set to false to allow anyone to create rooms, true to restrict to jids listed in xmpp.muc.create.jid. Note: The meaning is reversed:-)

    false

    xmpp.muc.create.jid

    List of JIDs that are allowed to create a MUC room.

    xmpp.muc.discover.locked

    Checks if the room may be included in search results.

    true

    xmpp.muc.enabled

    Set this to false to disable MUC / conference. Requires server restart. (looks like it doesnt work on 3.6.4 - wroot)

    true

    xmpp.muc.history.maxNumber

    The maximum number of chat history messages stored for the room.

    25

    xmpp.muc.history.type

    Set history strategy type. Valid values: defaulType, none, all, number

    number

    xmpp.muc.service

    Host name of MUC service. Requires server restart.

    conference

    xmpp.muc.skipInvite(3.7.0+) Disable the auto invitation of newly added members to a MUC chatroom's access control list.false

    xmpp.muc.sysadmin.jid

    Load the list of JIDs that are system admins of the MUC service.

    xmpp.muc.tasks.log.batchsize

    The number of messages to log on each run of the logging process.

    50

    xmpp.muc.tasks.log.timeout

    The number of milliseconds to elapse between logging of room conversations.

    300000

    xmpp.muc.tasks.user.idle

    The number of milliseconds a user must be idle before he/she gets kicked from all the rooms.

    -1

    xmpp.muc.tasks.user.timeout

    The number of milliseconds before clearing of idle chat users.

    300000

    xmpp.muc.unload.empty_days

    The server will unload from memory persistent rooms that have been empty for 30 (default) days. The room will still exist in the database and users may still join. The only consequence is that it won't appear in the discovery list. This option is valid for prior 3.6.0 versions only. As 3.6.0 has introduced multiple conference services.

    30

    xmpp.offline.quota

    How many messages to store before bouncing or dropping as per xmpp.offline.type

    100 * 1024 messages?

    xmpp.offline.type

    Controls the strategy for handling messages to offline users:

    - bounce: All messages are bounced to the sender.

    - drop: All messages are silently dropped.

    - store: All messages are stored

    - store_and_bounce: Messages are stored up to the storage limit, and then bounced.

    - store_and_drop: Messages are stored up to the storage limit, and then silently dropped.

    store_and_bounce

    xmpp.parser.buffer.size

    since 3.5.2 / JM-1350: XMLLightweightParser allows N Bytes of buffered data before closing a potential dangerous connection to avoid an Out-Of-Memory error.

    1048576

    xmpp.privateStorageEnabled

    TODO

    xmpp.proxy.enabled

    TODO

    xmpp.proxy.externalip

    Some servers are setup to use DNS SRV records. In that case, their domain may not the actual server address. For example, the DNS SRV record for igniterealtime.org could point to a server at xmpp.igniterealtime.org. This will affect non XMPP traffic like the file proxy transfer service, since the proxy service can't give out the normal XMPP domain name and have that work.
    When this property is set, the file transfer proxy service will advertise the given IP address rather than the XMPP server domain.

    xmpp.proxy.port

    TODO

    xmpp.proxy.service

    TODO

    xmpp.pubsub.create.anyoneDetermines if anyone can create nodes
    xmpp.pubsub.create.jidList of JID's of those that are allowed to create nodes

    xmpp.pubsub.enabled

    since 3.5.0 / JM-1262: Disable pubsub by setting this value to false

    true

    xmpp.pubsub.multiple-subscriptionsTurns the ability to have multiple subscriptions to a node on/offtrue
    xmpp.pubsub.root.creatorSpecifies the JID of the root node creator
    xmpp.pubsub.root.nodeIDSpecifies the id of the root collection node
    xmpp.pubsub.serviceThe pubsub service namepubsub
    xmpp.pubsub.sysadmin.jidSets the specified JID's as pubsub admins
    xmpp.pubsub.flush.timerThe time delay (in seconds) between flushing of the published items cache to persistent storage.120 (seconds)
    xmpp.pubsub.flush.maxThe maximum number of items the published items cache will hold before it flushes itelf to persistent storage.1000
    xmpp.pubsub.fetch.maxThe maximum number of items that a get items operations on a node will return.  Openfire doesn't support Result Sets in pubsub yet, so making this number too large will cause memory and performance issues.2000
    xmpp.pubsub.purge.timerThe time delay (in seconds) to purge stale data from the database.300 (seconds)

    xmpp.server.certificate.accept-selfsigned

    TODO

    xmpp.server.certificate.verify

    TODO

    xmpp.server.certificate.verify.chain

    TODO

    xmpp.server.certificate.verify.root

    TODO

    xmpp.server.certificate.verify.validity

    TODO

    xmpp.server.compression.policy

    TODO

    xmpp.server.dialback.enabled

    TODO

    xmpp.server.outgoing.threads

    TODO

    xmpp.server.permission

    TODO

    xmpp.server.processing.threads

    TODO

    xmpp.server.read.timeout

    TODO

    xmpp.server.session.allowmultiple

    TODO

    xmpp.server.session.idle

    TODO

    xmpp.server.session.timeout

    TODO

    xmpp.server.socket.active

    TODO

    xmpp.server.socket.port

    TODO

    xmpp.server.socket.remotePort

    TODO

    xmpp.server.tls.enabled

    TODO

    xmpp.session.conflict-limit

    TODO

    xmpp.session.sending-limit

    TODO

    xmpp.socket.plain.active

    TODO

    xmpp.socket.plain.port

    TODO

    xmpp.socket.ssl.active

    TODO

    xmpp.socket.ssl.algorithm

    TODO

    xmpp.socket.ssl.keypass

    TODO

    xmpp.socket.ssl.keystore

    TODO

    xmpp.socket.ssl.port

    TODO

    xmpp.socket.ssl.storeType

    TODO

    xmpp.socket.ssl.trustpass

    TODO

    xmpp.socket.ssl.truststore

    TODO

     

    Java System Properties

     

    Property

    Description

    Default

    app.name

    "Openfire"

    appdir

    The location Openfire is installed in

    java.library.path

    Where to look for the native library path for NativeAuthProvider

    line.separator

    What the default line seperator is.

    "\n"

    mrj.version

    Only used for OS detection in Mac OS

    pluginDirs

    The directory the plugins live in

    os.name

    The OS Name (eg "Windows 2000").

    Automatically set by Java

    whack.componentManagerClass

    TODO

    openfire.lib.dir

    The place to look for ServerStarter.

    '../lib'

    openfireHome

    The location where Openfire is installed in

    For plugins (gateway), see http://www.igniterealtime.org/community/docs/DOC-1002

     

    Http-Bind Properties

     

    Property
    Description
    Default
    log.httpbind.enabledPrint all packets which were sent or received via http-bind to STOUT.false
    xmpp.httpbind.client.idleSeconds a session has to be idle to be closed30
    xmpp.httpbind.client.requests.maxthe number of simultaneous requests allowable.2
    xmpp.httpbind.client.requests.waitthe longest time (in seconds) that Openfire is allowed to wait before responding to any request during the session.0x7fffffff
    xmpp.httpbind.client.requests.pollingthe maximum allowable period over which a client can send empty requests to the server.5