/
Properties

Properties

Owned by Former user (Deleted)
Last updated: Oct 25, 2023 by Stonebranch (Deactivated)

Overview

Universal Controller contains three types of configurable properties:

Universal Controller Start-up Properties (uc.properties)

Universal Controller start-up properties are the default properties contained in the uc.properties file when the Controller is installed. These properties are required for Controller start-up and operation.
 
The values for these properties are set during the installation process. Some of the values are based on information that you provide during the installation.
 
You can reset these properties by stopping the Controller, editing uc.properties, and restarting the Controller. The changes will take effect after the restart (see Starting and Stopping Universal Controller).

Universal Controller System Properties

Universal Controller system properties define Controller system information and performance. They have their values set during installation.
 
You can reset these properties at any time, without having to stop the Controller, via the user interface.
 

Note

In a High Availability environment, all Universal Controller cluster nodes share the same database; therefore, updating Universal Controller System Properties for one cluster node applies to all cluster nodes.

Command Line Interface (CLI) Properties

CLI provides a sample configuration file, cmdtools.props , that you can use to pass CLI Global parameters to a CLI command.

Note

Properties for Universal Message Service (OMS) are installed as configuration file options when OMS is installed as a component of Universal Agent. The values for these options are set during the installation. There are several configuration methods available for changing these values.

Universal Controller Start-up Properties (uc.properties)

The uc.properties file is read by the Controller, which is started by Tomcat.

The uc.properties file resides here:

[tomcat directory]\conf

Note

The backslash character in a property value must be escaped as a double backslash.

For example:

example.path=c:\\stonebranch\\uc

Property Name

Description

Default

For MySQL:



uc.db.mysql.character_encoding

Allows the retrieval of output with extended unicode characters. If the property is not set, character encoding will not be used in the JDBC URL.
 
Examples:


uc.db.rdbms=mysql

Database type. Specify this property if you are using a MySQL database.


uc.db.url=jdbc:mysql://localhost/

JDBC connect URL. Specify this property if you are using a MySQL database.


For SQLServer



uc.db.rdbms=sqlserver

Database type. Specify this property if you are using a SQLServer database.


uc.db.url=jdbc:sqlserver://localhost:1433;DatabaseName=uc

JDBC connect URL. Specify this property if you are using a SQLServer database.


For Oracle



uc.db.rdbms=oracle

Database type. Specify this property if you are using an Oracle database.


uc.db.url=jdbc:oracle:thin:@//localhost:1521/@oracle.db.name@

JDBC connect URL. Specify this property if you are using an Oracle database.


For All Databases



uc.db.name

IMPORTANT

If you specify a database name in this property and in uc.db.url, the names must be the same.

Name for the Controller database.

uc

uc.db.password

Database password that will be replaced by uc.db.password.encrypted in the uc.properties file upon start-up.

(none)

uc.db.password.encrypted

Encrypted version of uc.db.password that will replace uc.db.password in the uc.properties file upon start-up.

(none)

uc.db.pooler.connections

Sets the minimum number of idle connections to maintain in the Server connection pool, or zero to create none.
 
The Server connection pool is used by all internal database transactions.

1

uc.db.pooler.connections.Client

Sets the minimum number of idle connections to maintain in the Client connection pool, or zero to create none.
 
The Client connection pool is used by all user interface related database transactions.

1

uc.db.pooler.connections.max

Sets the maximum number of connections that can be allocated by the Server connection pool at a given time.
 
The Server connection pool is used by all internal database transactions.
 

Note

The installer overrides the default by configuring a maximum number of 40 in the uc.properties file.

30

uc.db.pooler.connections.max.Client

Sets the maximum number of connections that can be allocated by the Client connection pool at a given time.
 
The Client connection pool is used by all user interface related database transactions.

30

uc.db.pooler.connections.max.Reserved

Sets the maximum number of connections that can be allocated by the Reserved connection pool at a given time.
 
The Reserved connection pool is used by all critical internal database transactions.

30

uc.db.pooler.connections.Reserved

Sets the minimum number of idle connections to maintain in the Reserved connection pool, or zero to create none.
 
The Reserved connection pool is used by all critical internal database transactions.

1

uc.db.url.append.properties

Allows additional options to be appended to the JDBC URL generated by Universal Controller.
 
Example:
 

 (none)

uc.db.user

Login ID that the Controller will use to log in to your database.

root

For LDAP:



uc.ldap.groups.filter_indirect

When this property is set to true, any Groups synchronized indirectly (that is, through a User's memberOf attribute) will honor the Group search filter and Group OU filters under the LDAP Advanced Settings section.
 

Note

The code default for this property, which is used if this property is not set, is false.

true

uc.ldap.groups.single_parent_per_child

IMPORTANT

This property should be set to true only if your Groups being synchronized from AD have at most one parent Group.

When synchronizing Groups, the default behavior in the Controller is to copy the members of a Sub Group into the Parent Group.
 
When this property is set to true, the Controller assumes that each Group has, at most, a single Parent Group and will use the Parent field on the Group definition to maintain the hierarchy instead of copying members.

false

uc.ldap.groups.update_members

IMPORTANT

This property should be set to false only when synchronizing Groups from AD, and the number of values for the member attribute exceeds the MaxValRange LDAP policy (and the MaxValRange cannot be increased).

When synchronizing Groups, the default behavior in the Controller is to use the multi-valued member attribute to update the members for a Group; however, AD limits the number of values returned for an attribute, which can result in Group members being removed unexpectedly. This limit is determined by the MaxValRange LDAP policy (typically 1,500).
 
When this property is set to false, the Controller will not use the member attribute values to update members when synchronizing Groups from AD. Group membership will continue to be updated based on the memberOf attribute values when synchronizing Users from AD.

true

uc.ldap.users.synchronize_by_range

IMPORTANT

This property should be set to false only if your LDAP server supports paged results.

 
When synchronizing Users, the default behaviour in the Controller is to search based on ranges, using a filter like (&(uid>=a)(uid<=b)). To use the <= or >= operators in a filter, an ordering rule must be defined for the attribute in the LDAP schema.
 
OpenLDAP's schema does not define an ordering rule for the User Id Attribute (for example, uid), so searches using filters like the above do not return any results.
 
When this property is set to false, the Controller will not search based on ranges when synchronizing Users.

true

uc.ldap.users.synchronize_indirect

IMPORTANT

This property should be set to true only if your LDAP server does not support the User Membership Attribute (for example, memberOf).

Synchronizes LDAP users indirectly based on group membership. This only applies to groups that users are direct members of.
 
When this property is set to true, the following will apply for the LDAP refresh (scheduled and server operations):

  • Users will not be synchronized directly based on the User Filter and User Target OU List.
  • Groups will continue to be synchronized directly based on the Group Filter and Group Target OU List.
  • For each matching group, the Group Member Attribute (for example, member) will be used to synchronize users matching the User Filter and User Target OU List

Note

The uc.ldap.groups.update_members property will be ignored when indirect user synchronization is enabled.

Note

There is currently no support for nested groups if the User Membership Attribute is not supported by the LDAP server.

false

uc.ldap.users.update_memberships_on_login

IMPORTANT

This property should not be set to true if group membership for users is static, since there is extra overhead to process the groups, which may impact login performance.

When this property is set to true, LDAP group memberships for existing LDAP users are updated upon successful login.

Note

When dynamically creating a new LDAP user at login, the user will be added only to groups that it is a direct member of. Likewise, when updating an existing LDAP user at login, the user will be removed from any groups that it is not a direct member of. Therefore, it is not recommended that you enable this property if a group hierarchy exists, since the user will be removed from any parent groups when logging in. (Group membership for the parent groups will be restored the next time the LDAP refresh runs; however, this can take up to 24 hours.)

false

For Single Sign-On:



saml.log.level

Configures the log level for the SAML framework: ALL, TRACE, DEBUG, INFO, WARN, or ERROR.

INFO

saml.maxAuthenticationAge

Specifies how long, in seconds, users can single sign-on after their initial authentication with the Identity Provider (based on value AuthInstance of the Authentication statement). Some Identity Providers allow users to stay authenticated for longer periods than this, so you might need to change the default value.

7200

Other Properties:



jdk.xml.entityExpansionLimit

Limits the number of XML entity expansions.
 
Valid values are any positive integer. A value equal to 0 indicates no limit.
 
If jdk.xml.entityExpansionLimit is not specified in uc.properties (or on start-up with -Djdk.xml.entityExpansionLimit=<limit>), Universal Controller will initialize it to a default value of 1.

  • If jdk.xml.entityExpansionLimit is specified on start-up with -Djdk.xml.entityExpansionLimit=<limit>, this takes precedence over the Universal Controller default value of 1.
  • If jdk.xml.entityExpansionLimit is specified in uc.properties, this takes precedence over specifying it on start-up with -Djdk.xml.entityExpansionLimit=<limit>.

1

uc.date.formats

Accepted input date formats for Date Functions and