<?xml version="1.0" encoding="UTF-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
! or http://forgerock.org/license/CDDLv1.0.html.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at legal-notices/CDDLv1_0.txt.
|
! If applicable, add the following below this CDDL HEADER, with the
|
! fields enclosed by brackets "[]" replaced with your own identifying
|
! information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2010 Sun Microsystems, Inc.
|
! Portions Copyright 2011-2014 ForgeRock AS
|
! -->
|
<adm:managed-object name="global" plural-name="globals"
|
package="org.opends.server.admin.std"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:user-friendly-name>Global Configuration</adm:user-friendly-name>
|
<adm:user-friendly-plural-name>
|
Global Configurations
|
</adm:user-friendly-plural-name>
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name />
|
contains properties that affect the overall
|
operation of the <adm:product-name />.
|
</adm:synopsis>
|
<adm:tag name="core-server" />
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-root-config</ldap:name>
|
<ldap:superior>top</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property name="check-schema" advanced="true">
|
<adm:synopsis>
|
Indicates whether schema enforcement is active.
|
</adm:synopsis>
|
<adm:description>
|
When schema enforcement is activated, the directory server
|
ensures that all operations result in entries are valid
|
according to the defined server schema. It is strongly recommended
|
that this option be left enabled to prevent the inadvertent
|
addition of invalid data into the server.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-check-schema</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="default-password-policy" mandatory="true">
|
<adm:synopsis>
|
Specifies the name of the password policy that is in effect
|
for users whose entries do not specify an alternate password
|
policy (either via a real or virtual attribute).
|
</adm:synopsis>
|
<adm:description>
|
In addition, the default password policy will be used for providing
|
default parameters for sub-entry based password policies when not
|
provided or supported by the sub-entry itself.
|
This property must reference a password policy and no other type of
|
authentication policy.
|
</adm:description>
|
<adm:syntax>
|
<adm:aggregation relation-name="password-policy" parent-path="/" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-default-password-policy</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="add-missing-rdn-attributes" advanced="true">
|
<adm:synopsis>
|
Indicates whether the directory server should automatically add
|
any attribute values contained in the entry's RDN into that entry
|
when processing an add request.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-add-missing-rdn-attributes</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="allow-attribute-name-exceptions"
|
advanced="true">
|
<adm:synopsis>
|
Indicates whether the directory server should allow underscores
|
in attribute names and allow attribute names
|
to begin with numeric digits (both of which are violations of the
|
LDAP standards).
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-allow-attribute-name-exceptions</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="invalid-attribute-syntax-behavior"
|
advanced="true">
|
<adm:synopsis>
|
Specifies how the directory server should handle operations whenever
|
an attribute value violates the associated attribute syntax.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>reject</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="accept">
|
<adm:synopsis>
|
The directory server silently accepts attribute values
|
that are invalid according to their associated syntax.
|
Matching operations targeting those values may not behave as
|
expected.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="reject">
|
<adm:synopsis>
|
The directory server rejects attribute values that are
|
invalid according to their associated syntax.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="warn">
|
<adm:synopsis>
|
The directory server accepts attribute values that are
|
invalid according to their associated syntax, but also
|
logs a warning message to the error log. Matching operations
|
targeting those values may not behave as expected.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-invalid-attribute-syntax-behavior</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="server-error-result-code" advanced="true">
|
<adm:synopsis>
|
Specifies the numeric value of the result code when request
|
processing fails due to an internal server error.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>80</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-server-error-result-code</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="single-structural-objectclass-behavior"
|
advanced="true">
|
<adm:synopsis>
|
Specifies how the directory server should handle operations an entry does
|
not contain a structural object class or contains multiple structural
|
classes.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>reject</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="accept">
|
<adm:synopsis>
|
The directory server silently accepts entries that do
|
not contain exactly one structural object class. Certain
|
schema features that depend on the entry's structural class
|
may not behave as expected.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="reject">
|
<adm:synopsis>
|
The directory server rejects entries that do not contain
|
exactly one structural object class.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="warn">
|
<adm:synopsis>
|
The directory server accepts entries that do not contain
|
exactly one structural object class, but also logs a
|
warning message to the error log. Certain schema features
|
that depend on the entry's structural class may not behave
|
as expected.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>
|
ds-cfg-single-structural-objectclass-behavior
|
</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="notify-abandoned-operations" advanced="true">
|
<adm:synopsis>
|
Indicates whether the directory server should send a response to
|
any operation that is interrupted via an abandon request.
|
</adm:synopsis>
|
<adm:description>
|
The LDAP specification states that abandoned operations should not
|
receive any response, but this may cause problems with client
|
applications that always expect to receive a response to each
|
request.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-notify-abandoned-operations</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="size-limit">
|
<adm:synopsis>
|
Specifies the maximum number of entries that can be returned
|
to the client during a single search operation.
|
</adm:synopsis>
|
<adm:description>
|
A value of 0 indicates that no size limit is enforced. Note
|
that this is the default server-wide limit, but it may be
|
overridden on a per-user basis using the ds-rlim-size-limit
|
operational attribute.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>1000</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-size-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="time-limit">
|
<adm:synopsis>
|
Specifies the maximum length of time that should be spent processing
|
a single search operation.
|
</adm:synopsis>
|
<adm:description>
|
A value of 0 seconds indicates that no time limit is
|
enforced. Note that this is the default server-wide time limit,
|
but it may be overridden on a per-user basis using the
|
ds-rlim-time-limit operational attribute.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>60 seconds</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:duration base-unit="s" lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-time-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="proxied-authorization-identity-mapper"
|
mandatory="true">
|
<adm:synopsis>
|
Specifies the name of the identity mapper to map
|
authorization ID values (using the "u:" form) provided in the
|
proxied authorization control to the corresponding user entry.
|
</adm:synopsis>
|
<adm:syntax>
|
<adm:aggregation relation-name="identity-mapper"
|
parent-path="/">
|
<adm:constraint>
|
<adm:synopsis>
|
The referenced identity mapper must be enabled.
|
</adm:synopsis>
|
<adm:target-is-enabled-condition>
|
<adm:contains property="enabled" value="true" />
|
</adm:target-is-enabled-condition>
|
</adm:constraint>
|
</adm:aggregation>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>
|
ds-cfg-proxied-authorization-identity-mapper
|
</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="writability-mode">
|
<adm:synopsis>
|
Specifies the kinds of write operations the directory server
|
can process.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>enabled</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="enabled">
|
<adm:synopsis>
|
The directory server attempts to process all write
|
operations that are requested of it, regardless of their
|
origin.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="disabled">
|
<adm:synopsis>
|
The directory server rejects all write operations that
|
are requested of it, regardless of their origin.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="internal-only">
|
<adm:synopsis>
|
The directory server attempts to process write
|
operations requested as internal operations or through
|
synchronization, but rejects any such operations
|
requested from external clients.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-writability-mode</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="reject-unauthenticated-requests">
|
<adm:synopsis>
|
Indicates whether the directory server should reject any request
|
(other than bind or StartTLS requests) received from a client that
|
has not yet been authenticated, whose last authentication attempt was
|
unsuccessful, or whose last authentication attempt used anonymous
|
authentication.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-reject-unauthenticated-requests</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="bind-with-dn-requires-password">
|
<adm:synopsis>
|
Indicates whether the directory server should reject any simple
|
bind request that contains a DN but no password.
|
</adm:synopsis>
|
<adm:description>
|
Although such bind requests are technically allowed by the LDAPv3
|
specification (and should be treated as anonymous simple
|
authentication), they may introduce security problems in
|
applications that do not verify that the client actually provided
|
a password.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-bind-with-dn-requires-password</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="lookthrough-limit">
|
<adm:synopsis>
|
Specifies the maximum number of entries that the directory server
|
should "look through" in the course of processing a search
|
request.
|
</adm:synopsis>
|
<adm:description>
|
This includes any entry that the server must examine in the course
|
of processing the request, regardless of whether it actually
|
matches the search criteria. A value of 0 indicates that no
|
lookthrough limit is enforced. Note that this is the default
|
server-wide limit, but it may be overridden on a per-user basis
|
using the ds-rlim-lookthrough-limit operational attribute.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>5000</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-lookthrough-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="smtp-server" multi-valued="true">
|
<adm:synopsis>
|
Specifies the address (and optional port number) for a mail server
|
that can be used to send email messages via SMTP.
|
</adm:synopsis>
|
<adm:description>
|
It may be an IP address or resolvable hostname, optionally
|
followed by a colon and a port number.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then the server cannot send email via SMTP.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string>
|
<adm:pattern>
|
<adm:regex>^.+(:[0-9]+)?$</adm:regex>
|
<adm:usage>HOST[:PORT]</adm:usage>
|
<adm:synopsis>
|
A hostname, optionally followed by a ":" followed by a port
|
number.
|
</adm:synopsis>
|
</adm:pattern>
|
</adm:string>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-smtp-server</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="allowed-task" advanced="true"
|
multi-valued="true">
|
<adm:synopsis>
|
Specifies the fully-qualified name of a Java class that may be
|
invoked in the server.
|
</adm:synopsis>
|
<adm:description>
|
Any attempt to invoke a task not included in the list of allowed
|
tasks is rejected.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then the server does not allow any
|
tasks to be invoked.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-allowed-task</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="disabled-privilege" multi-valued="true">
|
<adm:synopsis>
|
Specifies the name of a privilege that should not be evaluated by
|
the server.
|
</adm:synopsis>
|
<adm:description>
|
If a privilege is disabled, then it is assumed that all
|
clients (including unauthenticated clients) have that
|
privilege.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then the server enforces all
|
privileges.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="bypass-lockdown">
|
<adm:synopsis>
|
Allows the associated user to bypass server lockdown mode.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="bypass-acl">
|
<adm:synopsis>
|
Allows the associated user to bypass access control checks
|
performed by the server.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="modify-acl">
|
<adm:synopsis>
|
Allows the associated user to modify the server's access
|
control configuration.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="config-read">
|
<adm:synopsis>
|
Allows the associated user to read the server configuration.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="config-write">
|
<adm:synopsis>
|
Allows the associated user to update the server
|
configuration. The config-read privilege is also required.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-read">
|
<adm:synopsis>
|
Allows the associated user to perform JMX read operations.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-write">
|
<adm:synopsis>
|
Allows the associated user to perform JMX write operations.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-notify">
|
<adm:synopsis>
|
Allows the associated user to subscribe to receive JMX
|
notifications.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="ldif-import">
|
<adm:synopsis>
|
Allows the user to request that the server process LDIF
|
import tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="ldif-export">
|
<adm:synopsis>
|
Allows the user to request that the server process LDIF
|
export tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="backend-backup">
|
<adm:synopsis>
|
Allows the user to request that the server process backup
|
tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="backend-restore">
|
<adm:synopsis>
|
Allows the user to request that the server process restore
|
tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="server-lockdown">
|
<adm:synopsis>
|
Allows the user to place and bring the server of lockdown mode.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="server-shutdown">
|
<adm:synopsis>
|
Allows the user to request that the server shut down.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="server-restart">
|
<adm:synopsis>
|
Allows the user to request that the server perform an
|
in-core restart.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="proxied-auth">
|
<adm:synopsis>
|
Allows the user to use the proxied authorization control, or
|
to perform a bind that specifies an alternate authorization
|
identity.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="disconnect-client">
|
<adm:synopsis>
|
Allows the user to terminate other client connections.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="cancel-request">
|
<adm:synopsis>
|
Allows the user to cancel operations in progress on other
|
client connections.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="password-reset">
|
<adm:synopsis>
|
Allows the user to reset user passwords.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="data-sync">
|
<adm:synopsis>
|
Allows the user to participate in data synchronization.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="update-schema">
|
<adm:synopsis>
|
Allows the user to make changes to the server schema.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="privilege-change">
|
<adm:synopsis>
|
Allows the user to make changes to the set of defined root
|
privileges, as well as to grant and revoke privileges for
|
users.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="unindexed-search">
|
<adm:synopsis>
|
Allows the user to request that the server process a search
|
that cannot be optimized using server indexes.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="subentry-write">
|
<adm:synopsis>
|
Allows the associated user to perform LDAP subentry write
|
operations.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="changelog-read">
|
<adm:synopsis>
|
The privilege that provides the ability to perform read
|
operations on the changelog
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-disabled-privilege</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="return-bind-error-messages">
|
<adm:synopsis>
|
Indicates whether responses for failed bind operations should
|
include a message string providing the reason for the
|
authentication failure.
|
</adm:synopsis>
|
<adm:description>
|
Note that these messages may include information that could
|
potentially be used by an attacker. If this option is disabled,
|
then these messages appears only in the server's access log.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-return-bind-error-messages</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="idle-time-limit">
|
<adm:synopsis>
|
Specifies the maximum length of time that a client connection may
|
remain established since its last completed operation.
|
</adm:synopsis>
|
<adm:description>
|
A value of "0 seconds" indicates that no idle time limit is enforced.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>0 seconds</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:duration base-unit="ms" lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-idle-time-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="save-config-on-successful-startup">
|
<adm:synopsis>
|
Indicates whether the directory server should save a copy of its
|
configuration whenever the startup process completes successfully.
|
</adm:synopsis>
|
<adm:description>
|
This ensures that the server provides a "last known good"
|
configuration, which can be used as a reference (or copied into
|
the active config) if the server fails to start with the current
|
"active" configuration.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-save-config-on-successful-startup</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="etime-resolution" mandatory="false">
|
<adm:synopsis>
|
Specifies the resolution to use for operation elapsed processing time (etime)
|
measurements.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
milliseconds
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="milliseconds">
|
<adm:synopsis>
|
Use millisecond resolution.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="nanoseconds">
|
<adm:synopsis>
|
Use nanosecond resolution.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-etime-resolution</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="entry-cache-preload" mandatory="false">
|
<adm:synopsis>
|
Indicates whether or not to preload the entry cache on startup.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:server-restart />
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-entry-cache-preload</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="max-allowed-client-connections">
|
<adm:synopsis>
|
Specifies the maximum number of client connections that may be
|
established at any given time
|
</adm:synopsis>
|
<adm:description>
|
A value of 0 indicates that unlimited client connection is allowed.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>0</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-max-allowed-client-connections</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="max-psearches">
|
<adm:synopsis>
|
Defines the maximum number of concurrent persistent searches that
|
can be performed on directory server
|
</adm:synopsis>
|
<adm:description>
|
The persistent search mechanism provides an active channel through which entries that change,
|
and information about the changes that occur, can be communicated. Because each persistent search
|
operation consumes resources, limiting the number of simultaneous persistent searches keeps the
|
performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>-1</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" allow-unlimited="true" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-max-psearches</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="max-internal-buffer-size" advanced="true">
|
<adm:synopsis>
|
The threshold capacity beyond which internal cached buffers used for
|
encoding and decoding entries and protocol messages will be trimmed
|
after use.
|
</adm:synopsis>
|
<adm:description>
|
Individual buffers may grow very large when encoding and decoding
|
large entries and protocol messages and should be reduced in size when
|
they are no longer needed. This setting specifies the threshold at which
|
a buffer is determined to have grown too big and should be trimmed down
|
after use.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>32 KB</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<!-- Upper limit to force 32-bit value -->
|
<adm:size lower-limit="512 B" upper-limit="1 GB"/>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-max-internal-buffer-size</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
