Service Settings
The majority of NIM Service settings can be accessed and modified through the Configuration section of the web interface. However, some advanced settings are available for more comprehensive customization, such as those in the settings.json file. These include disabling variable validation, lookup auditing, AD max changes threshold, memory settings, root certificates, TLS verification, TLS cipher list, and requiring TLS 1.3. Each setting offers specific adjustments to optimize NIM service performance and security.
Generally, the majority of the NIM Service settings can be conveniently accessed and modified through the Configuration section of the web interface, offering a user-friendly method for system adjustments. However, it's important to note that not all settings are accessible through this simplified interface. To accommodate more comprehensive customization needs, there are additional configuration settings available. The following list includes some of these advanced settings, providing further options to tailor the service to specific requirements.
Settings.json
The NIM service uses configuration file settings.json when started. The file is maintained by the the service itself for most settings, but not for all. These other settings are described here:
Key | disable_variable_validation |
Type | boolean |
Default Value | false |
A boolean flag (true of false) to disable validation of the variables that are sent by NIM apps. It is not recommended to set this flag. Only if the variable state validation fails the flag can be used as a last resort. When set, the end-user can manipulate the variable data that is sent to the service. At the service side, the values are not checked. To reflect the setting, one of the following log messages is generated when the service is started:
|
Key | lookup_no_auditing |
Type | boolean |
Default Value | false |
A boolean flag (true/false) to disable updating the auditing database when dealing with large lookup tables. To reflect the setting, one of the following log messages is generated when the service is started:
|
Key | ad_max_gms_delta |
Type | numeric |
Default Value | <unlimited> |
Sets the maximum number of changes to be made in AD. This should be used when adding/deleting too many accounts from group in AD results in the error:
The number used will vary. Recommended to start with 10000. NoteThe sync will potentially need to run multiple times in order to process all changes when this max is set. |
Key | ng_debug |
Type | boolean |
Default Value | false |
Enables additional logging for when name generation is executed within a mapping
|
Registry Keys
Key | --max-old-space-size= |
Path | HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1 |
Ex. Value | 16384 |
Controls the maximum amount of committed memory to the NIM service. The default value is 4Gb. The NIM Framework provides scripts for adjusting this value. |
Key | NODE_EXTRA_CA_CERTS |
Path | HKLM\SYSTEM\CurrentControlSet\Services\NIM\env |
Ex. Value | C:\\Tools4ever\\certs\\FiddlerRoot.cer |
Specifies additional CA Root certificates that should be trusted by NIM |
Key | NODE_TLS_REJECT_UNAUTHORIZED |
Path | HKLM\SYSTEM\CurrentControlSet\Services\NIM\env |
Ex. Value | 0 |
Used for proxy support, disables verification of certificates in requests for REST Connectors |
Key | --tls-cipher-list |
Path | HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1 |
Ex. Value | :!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES256-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA384:!kRSA |
Specify a list of ciphers is allowed or not allowed to use. Please see NodeJS Documentation for more information |
Key | --tls-min-v1.3 |
Path | HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1 |
Ex. Value | |
Use TLS v1.3 (Default is minimum v1.2) Please see NodeJS Documentation for more information |