Skip to main content

NIM

Service Settings

Abstract

The majority of NIM Service settings can be accessed and modified through the Configuration section of the web interface. However, some advanced settings are available for more comprehensive customization, such as those in the settings.json file. These include disabling variable validation, lookup auditing, AD max changes threshold, memory settings, root certificates, TLS verification, TLS cipher list, and requiring TLS 1.3. Each setting offers specific adjustments to optimize NIM service performance and security.

Generally, the majority of the NIM Service settings can be conveniently accessed and modified through the Configuration section of the web interface, offering a user-friendly method for system adjustments. However, it's important to note that not all settings are accessible through this simplified interface. To accommodate more comprehensive customization needs, there are additional configuration settings available. The following list includes some of these advanced settings, providing further options to tailor the service to specific requirements.

Settings.json

The NIM service uses configuration file settings.json when started. The file is maintained by the the service itself for most settings, but not for all. These other settings are described here:

Key

disable_variable_validation

Type

boolean

Default Value

false

A boolean flag (true of false) to disable validation of the variables that are sent by NIM apps. It is not recommended to set this flag. Only if the variable state validation fails the flag can be used as a last resort. When set, the end-user can manipulate the variable data that is sent to the service. At the service side, the values are not checked. To reflect the setting, one of the following log messages is generated  when the service is started:

  • True

    • WARNING: Application variable validation is disabled. This setting should be enabled in production mode (disable_variable_validation).

  • False/Not Specified

    • Application variable validation enabled (disable_variable_validation).

Key

lookup_no_auditing

Type

boolean

Default Value

false

A boolean flag (true/false) to disable updating the auditing database when dealing with large lookup tables. To reflect the setting, one of the following log messages is generated  when the service is started:

  • True

    • Auditing disabled for lookup tables.

  • False/Not Specified

    • Auditing enabled for all tables.

Key

ad_max_gms_delta

Type

numeric

Default Value

<unlimited>

Sets the maximum number of changes to be made in AD. This should be used when adding/deleting too many accounts from group in AD results in the error:

The administrative limit for this request was exceeded.

The number used will vary. Recommended to start with 10000.

Note

The sync will potentially need to run multiple times in order to process all changes when this max is set.

Key

ng_debug

Type

boolean

Default Value

false

Enables additional logging for when name generation is executed within a mapping

  • True

    • Enabled, additional logging is provided upon execution of mapping

  • False/Not Specified

    • No additional logging is provided.

Registry Keys

Key

--max-old-space-size=

Path

HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1

Ex. Value

16384

Controls the maximum amount of committed memory to the NIM service. The default value is 4Gb. The NIM Framework provides scripts for adjusting this value.

Key

NODE_EXTRA_CA_CERTS

Path

HKLM\SYSTEM\CurrentControlSet\Services\NIM\env

Ex. Value

C:\\Tools4ever\\certs\\FiddlerRoot.cer

Specifies additional CA Root certificates that should be trusted by NIM

Key

NODE_TLS_REJECT_UNAUTHORIZED

Path

HKLM\SYSTEM\CurrentControlSet\Services\NIM\env

Ex. Value

0

Used for proxy support, disables verification of certificates in requests for REST Connectors

Key

--tls-cipher-list

Path

HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1

Ex. Value

:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES128-SHA256:!ECDHE-RSA-AES256-SHA:!ECDHE-RSA-AES256-SHA384:!ECDHE-ECDSA-AES128-SHA:!ECDHE-ECDSA-AES128-SHA256:!ECDHE-ECDSA-AES256-SHA:!ECDHE-ECDSA-AES256-SHA384:!kRSA

Specify a list of ciphers is allowed or not allowed to use. Please see NodeJS Documentation for more information

Key

--tls-min-v1.3

Path

HKLM\SYSTEM\CurrentControlSet\Services\NIM\Config\args1

Ex. Value

Use TLS v1.3 (Default is minimum v1.2) Please see NodeJS Documentation for more information