DEPRECATED

Please edit on http://www.igniterealtime.org/community/docs/DOC-1061

This is an attempt at documenting every property used by Openfire. Please keep this list in alphabetical order, for easiser searching.

XML Properties

Property	Description	Default
admin.authorizedUsernames	A comma seperated list of usernames allowed to log into the admin console.	admin
admin.authorizedJIDs	A comma seperated list of full JID's allowed to log into the admin console. The JIDs may belong to remote users.
adminConsole.port	The port number the admon console listens on (not encrpyted). Disable by using -1.	9090
adminConsole.securePort	The port number the admin console listens on (encrypted). Disable by using -1.	9091
connectionProvider.className	The class name of the database connection provider
database.defaultProvider.checkOpenConnection	TODO
database.defaultProvider.connectionTimeout	TODO
database.defaultProvider.driver	TODO
database.defaultProvider.maxConnections	TODO
database.defaultProvider.minConnections	TODO
database.defaultProvider.openConnectionTimeLimit	TODO
database.defaultProvider.password	TODO
database.defaultProvider.serverURL	TODO
database.defaultProvider.username	TODO
database.mysql.useUnicode	TODO
database.JDNIProvider.name	TODO
ldap.adminDN	a directory administrator's DN. All directory operations will be performed with this account. The admin must be able to perform searches and load user records. The user does not need to be able to make changes to the directory, as Openfire treats the directory as read-only. If this property is not set, an anonymous login to the server will be attempted. If you do not allow anonymous searches to your LDAP server, you must set this.
ldap.adminPassword	the password for the directory administrator.
ldap.alternateBaseDN	a second DN in the directory can optionally be set. If set, the alternate base DN will be used for authentication and loading single users, but will not be used to display a list of users (due to technical limitations).
ldap.authCache.enabled	Enable LDAP authentication cache, if using the LdapAuth provider	true
ldap.authCache.maxLifetime	TODO
ldap.authCache.size	Cache size (in bytes) for LDAP authentication cache	524288
ldap.autoFollowReferrals	a value of "true" indicates that LDAP referrals should be automatically followed. If this property is not set or is set to "false", the referral policy used is left up to to the provider. A referral is an entity that is used to redirect a client's request to another server. A referral contains the names and locations of other objects. It is sent by the server to indicate that the information that the client has requested can be found at another location (or locations), possibly at another server or several servers.
ldap.baseDN	the starting DN that searches for users will performed with. The entire subtree under the base DN will be searched for user accounts. This is required for all LDAP setups.
ldap.clientSideSorting	If Openfire should sort the LDAP results itself set to true. If the ldap server can do it, set to false.	False
ldap.connectionPoolEnabled	a value of "false" disables LDAP connection pooling.	true
ldap.debugEnabled	a value of "true" if debugging should be turned on. When on, trace information about buffers sent and received by the LDAP provider is written to System.out
ldap.emailField	the field name that holds the user's email address. If this property is not set, the default value is mail. Active Directory users should use the the default value mail.
ldap.groupDescriptionField	the field name that holds the description a group. If this property is not set, the default value is description.
ldap.groupMemberField	the field name that holds the members in a group. If this property is not set, the default value is member.
ldap.groupNameField	the field name that the groupname lookups will be performed on. If this property is not set, the default value is cn.This is required if you wish to use groups from LDAP.
ldap.groupSearchFilter	the search filter that should be used when loading groups.	ldap.groupNameField"= Unknown macro: {0}
ldap.host	LDAP server host; e.g. localhost or machine.example.com, etc. It is possible to use many LDAP servers but all of them should share the same configuration (e.g. SSL, baseDN, admin account, etc). To specify many LDAP servers use the comma or the white space character as delimiter. Obviously, this is required for LDAP setups.
ldap.initialContextFactory	the name of the class that should be used as an initial context factory. if this value is not specified, "com.sun.jndi.ldap.LdapCtxFactory" will be used instead. Most users will not need to set this value.
ldap.nameField	the field name that holds the user's name. If this property is not set, the default value is cn. Active Directory users should use the default value displayName.	cn
ldap.port	LDAP server port number.	389
ldap.posixMode	a value of "true" means that users are stored within the group by their user name alone. A value of "false" means that users are stored by their entire DN within the group. If this property is not set, the default value is false. Note: the posix mode must be set correctly for your server in order for group integration to work. This is required if you wish to use groups from LDAP.
ldap.sslEnabled	a value of "true" to enable SSL connections to your LDAP server. If you enable SSL connections, the LDAP server port number most likely should be changed to 636.
ldap.searchFields	the LDAP fields that will be used for user searches. If this property is not set, the username, name, and email fields will be searched. An example value for this field is "Username/uid,Name/cname". That searches the uid and cname fields in the directory and labels them as "Username" and "Name" in the search UI. You can add as many fields as you'd like using comma-delimited "DisplayName/Field" pairs. You should ensure that any fields used for searching are properly indexed so that searches return quickly.
ldap.searchFilter	the search filter that should be used when loading users.	The default search will be for users that have the attribute specified by ldap.usernameField.
ldap.usernameField	the field name that the username lookups will be performed on. If this property is not set, the default value is uid. Active Directory users should try the default value sAMAccountName.
ldap.vcard-mapping	The literal mapping between ldap fields and the XML to go in the vcard
log.debug.enabled	Turn on debug logging
log.debug.format	The format used for debug logging
log.debug.size	The maximum size of the debug log
log.directory	The directory all log files will go into
log.error.format	The format used for the error log
log.error.size	The maximum size of the error log
log.info.format	The format used for the info log
log.info.size	The maximum size of the info log
log.warn.format	The format used for the warn log
log.warn.size	The maximum size of the warn log
locale	The locale (language settings)
nativeAuth.domain	TODO
network.interface	An ip address to bind to. Generally only useful on multi-homed systems.
pop3.authCache.enabled	TODO
pop3.authCache.maxLifetime	TODO
pop3.authCache.size	TODO	512*1024
pop3.authRequiresDomain	TODO
pop3.debug	TODO
pop3.domain	TODO
pop3.host	TODO
pop3.port	TODO
pop3.ssl	TODO
provider.auth.className	The class name of the AuthProvider (Authentication)
provider.user.className	The class name of the UserProvider
provider.group.className	The class name of the GroupProvider
provider.vcard.className	The class name of the VcardProvider
sasl.mechs	Configure which authorization mechanisms Openfire allows (DIGEST-MD5 PLAIN CRAM-MD5). Java's CRAM-MD5 implementation and Cryus SASL's implementation differ slightly. To remove CRAM-MD5 add <sasl><mechs>DIGEST-MD5 PLAIN</mechs><sasl> to openfire.xml
setup	True if Openfire has been configured. False only after an initial install before configuring.

Openfire Global Properties

Property	Description	Default
cache.name.expirationTime	Cache expiration time for name in milleseconds.
cache.name.size	Cache size for name in bytes
locale.timeZone	The timezone for your locale
mail.debug	Enable debugging for mail.
mail.smtp.host	The SMTP Hostname to use
mail.smtp.password	The SMTP Password to use when using SMTP Auth
mail.smtp.port	The port to use for SMTP	25
mail.smtp.ssl	Enable SSL for smtp	false
mail.smtp.username	The SMTP Username to use when using SMTP Auth
mediaproxy.enabled	The value "false" if the Openfire media proxy should not be enabled. The media proxy allows Jingle clients to communicate when peer to peer connections fail (such as when behind a strict firewall).	true (a null value means true)
mediaproxy.idleTimeout	The maximum amount of time (in milleseconds) to wait before a media proxy session is closed when there is no activity.	90000
mediaproxy.portMin	The minimum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.	10000
mediaproxy.portMax	The maximum port value that the media proxy will use for UDP client connections. The port range must be large enough to handle as many client connections as will occur.	20000
plugins.upload.enabled	Enables the ability to upload plugins from the admin interface.	true
register.inband	Allow inband registration	true
register.password	Allow inband password changes	true
shutdownMessage.enabled	If true, send a shutdown message to all connected users before terminating the server
update.lastCheck	Keep track of the last time we checked for updates. Don't edit this value.
update.proxy.host	Sets the host of the proxy to use to connect to jivesoftware.org or 'null' if no proxy is used.
update.proxy.port	Sets the port of the proxy to use to connect to jivesoftware.org or -1 if no proxy is being used.
xmpp.audit.active	Turn on packet auditing
xmpp.audit.ignore	A comma seperated list of users to ignore when auditing packets
xmpp.audit.iq	If true, audit ip packets
xmpp.audit.logdir	The directory to put the audit file in
xmpp.audit.logtimeout	TODO
xmpp.audit.maxcount	TODO
xmpp.audit.maxsize	TODO
xmpp.audit.message	If true, audit message packets
xmpp.audit.presence	If true, audit presence packets
xmpp.audit.xpath	TODO
xmpp.auth.anonymous	True if anonymous authentication is allowed
xmpp.auth.retries	Number of failed authentication attempts allowed.	3
xmpp.client.compression.policy	TODO
xmpp.client.idle	Time in millesconds to disconnect an idle client. Use -1 to disable.	30 * 60 * 1000
xmpp.client.login.allowed	A comma seperated list of IP addresses clients are allowed to log in from
xmpp.client.roster.active	Enables the roster for clients. If false, it is not possible to retrieve users rosters or broadcast presence packets to roster contacts.
xmpp.client.tls.policy	TODO
xmpp.client.validate.host	If true, validate the hostname in the stream header sent by clients.
xmpp.command.limit	TODO
xmpp.command.timeout	TODO
xmpp.component.defaultSecret	TODO
xmpp.component.permission	TODO
xmpp.component.socket.active	TODO
xmpp.component.socket.port	TODO
xmpp.domain	The name of the server	127.0.0.1)
xmpp.forward.admins	TODO
xmpp.muc.create.anyone	TODO
xmpp.muc.create.jid	TODO
xmpp.muc.discover.locked	TODO
xmpp.muc.service	TODO
xmpp.muc.sysadmin.jid	TODO
xmpp.muc.tasks.log.batchsize	TODO
xmpp.muc.tasks.log.timeout	TODO
xmpp.muc.tasks.user.idle	TODO
xmpp.muc.tasks.user.timeout	TODO
xmpp.muc.unload.empty_days	The server will unload from memory persistent rooms that have been empty for 30 (default) days. The room will still exist in the database and users may still join. The only consequence is that it won't appear in the discovery list.	30
xmpp.offline.quota	TODO
xmpp.offline.type	TODO
xmpp.privateStorageEnabled	TODO
xmpp.proxy.enabled	TODO
xmpp.proxy.externalip	Some servers are setup to use DNS SRV records. In that case, their domain may not the actual server address. For example, the DNS SRV record for igniterealtime.org could point to a server at xmpp.igniterealtime.org. This will affect non XMPP traffic like the file proxy transfer service, since the proxy service can't give out the normal XMPP domain name and have that work. When this property is set, the file transfer proxy service will advertise the given IP address rather than the XMPP server domain.
xmpp.proxy.port	TODO
xmpp.proxy.service	TODO
xmpp.server.certificate.accept-selfsigned	TODO
xmpp.server.certificate.verify	TODO
xmpp.server.certificate.verify.chain	TODO
xmpp.server.certificate.verify.root	TODO
xmpp.server.certificate.verify.validity	TODO
xmpp.server.compression.policy	TODO
xmpp.server.dialback.enabled	TODO
xmpp.server.outgoing.threads	TODO
xmpp.server.permission	TODO
xmpp.server.processing.threads	TODO
xmpp.server.read.timeout	TODO
xmpp.server.session.allowmultiple	TODO
xmpp.server.session.idle	TODO
xmpp.server.session.timeout	TODO
xmpp.server.socket.active	TODO
xmpp.server.socket.port	TODO
xmpp.server.socket.remotePort	TODO
xmpp.server.tls.enabled	TODO
xmpp.session.conflict-limit	TODO
xmpp.session.sending-limit	TODO
xmpp.socket.plain.active	TODO
xmpp.socket.plain.port	TODO
xmpp.socket.ssl.active	TODO
xmpp.socket.ssl.algorithm	TODO
xmpp.socket.ssl.keypass	TODO
xmpp.socket.ssl.keystore	TODO
xmpp.socket.ssl.port	TODO
xmpp.socket.ssl.storeType	TODO
xmpp.socket.ssl.trustpass	TODO
xmpp.socket.ssl.truststore	TODO

System

Property	Description	Default
app.name	"Openfire"
appdir	The location Openfire is installed in
java.library.path	Where to look for the native library path for NativeAuthProvider
line.separator	What the default line seperator is.	"\n"
mrj.version	Only used for OS detection in Mac OS
pluginDirs	The directory the plugins live in
os.name	The OS Name (eg "Windows 2000").	Automatically set by Java
whack.componentManagerClass	TODO
openfire.lib.dir	The place to look for ServerStarter.	'../lib'
openfireHome	The location where Openfire is installed in

For plugins (gateway), see http://www.igniterealtime.org/community/docs/DOC-1002