The Directory Agent configuration file

Use the das.ini file to configure aspects of Directory Agent behavior that cannot be configured in the Forcepoint Security Manager. These include the maximum memory the agent can use, the maximum threads it can create, the directory where it should store user information snapshots, and more.

The das.ini file is located in the bin directory (C:\Program Files\Websense\Web Security\bin or /opt/Websense/bin/, by default).

Use a text editor to edit the file.
For parameters that can take multiple values, use the pipe symbol (“|”) to separate entries.
For parameters that are either enabled or disabled, the only valid values are 0 (for disable) and 1 (for enable). In this file, the values “on” and “off” cannot be used.
When you are finished making changes, save and close the file, and then restart the Directory Agent service or daemon. Changes do not take effect until the service has restarted.

Key values that can be configured in the file include:

The maximum amount of memory that Directory Agent can use, in megabytes (MB). If Directory Agent is configured to collect a very large number of directory entries (more than 200,000 user or group definitions), you may need to increase this number.
MaxMemory=100
The full directory path showing where Directory Agent stores directory service snapshots (complete views of the directory, used to determine what has changed between one query and the next).
SnapshotDir=./snapshots/

This relative path translates to C:\Program Files\Websense\Web Security\bin\snapshots (Windows) or /opt/Websense/bin/snapshots/ (Linux).
The full directory path showing where Directory Agent stores the LDIF files that Sync Service sends to the hybrid service.
DiffDir=./diffs/
The regular expression Directory Agent uses to validate email addresses in LDAP records. Records whose email addresses do not match the pattern are dropped.
For example, [a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~- ]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?

Leave the parameter blank (default) if you do not want Directory Agent to perform email address validation.

EmailValidateRegex=
The number of times Directory Agent retries after a failed attempt to connect to Sync Service. Takes an integer value between 1 and 65535.
SyncServiceRetryCount=5
The number of seconds Directory Agent waits between retry attempts when establishing a connection to Sync Service. Takes an integer value between 1 and 65535.
SyncServiceRetryDelay=60
The number of times Directory Agent retries after a failed attempt to connect to the directory service. Takes an integer value between 1 and 65535.
DirServiceRetryCount=5
The number of seconds Directory Agent waits between retry attempts when establishing a connection to the directory service. Takes an integer value between 1 and 65535.
DirServiceRetryDelay=60
The number of seconds the Directory Agent backup subsystem waits between attempts to reconnect to Sync Service. The backup subsystem is responsible for verifying that user data is successfully received by Sync Service and sent to the hybrid service. In the event of a failure, the backup subsystem makes sure that the LDIF file that could not be sent is preserved for a later retry attempt.
Takes an integer value between 1 and 65535.

BackupPollPeriod=60
The number of times the Directory Agent backup subsystem attempts to reconnect to Sync Service to determine the status of the last transaction. Takes an integer value between 1 and 65535.
BackupRetryCount=60
Configuration settings if you are using Sun Java System Directory or Oracle Directory Server to send user and group information to the hybrid service. Enable these parameters by removing the # symbol from the beginning of the lines.
# GroupMembershipAttribute=uniqueMember

# MemberOfAttribute=memberOf
Whether or not Directory Agent follows LDAP referrals. Takes a value of 1 (enabled) or 0 (disabled).
EnableLDAPReferrals=1