<?xml version="1.0" encoding="UTF-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
! add the following below this CDDL HEADER, with the fields enclosed
|
! by brackets "[]" replaced with your own identifying information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Portions Copyright 2007 Sun Microsystems, Inc.
|
! -->
|
|
<adm:managed-object name="global" plural-name="globals"
|
package="org.opends.server.admin.std"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
|
<adm:user-friendly-name>Global Configuration</adm:user-friendly-name>
|
|
<adm:user-friendly-plural-name>
|
Global Configurations
|
</adm:user-friendly-plural-name>
|
|
<adm:synopsis>
|
The global configuration contains properties that affect the overall
|
operation of the
|
<adm:product-name />
|
.
|
</adm:synopsis>
|
<adm:tag name="core"/>
|
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:oid>1.3.6.1.4.1.26027.1.2.13</ldap:oid>
|
<ldap:name>ds-cfg-root-config</ldap:name>
|
<ldap:superior>top</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
|
<adm:property name="check-schema" mandatory="true">
|
<adm:synopsis>
|
Indicates whether schema enforcement is active.
|
</adm:synopsis>
|
<adm:description>
|
This property indicates whether the
|
<adm:product-name />
|
should ensure that all operations result in entries that are valid
|
according to the defined server schema. It is strongly recommended
|
that this option be left enabled to prevent the inadvertent
|
addition of invalid data into the server.
|
</adm:description>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.24</ldap:oid>
|
<ldap:name>ds-cfg-check-schema</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="default-password-policy" mandatory="true">
|
<adm:synopsis>
|
Specifies the DN of the configuration entry for the password policy that
|
will be in effect for users whose entries do not specify an alternate
|
password policy (either via a real or virtual attribute).
|
</adm:synopsis>
|
<adm:syntax>
|
<adm:dn>
|
<adm:base>cn=Password Policies,cn=config</adm:base>
|
</adm:dn>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.202</ldap:oid>
|
<ldap:name>ds-cfg-default-password-policy</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="add-missing-rdn-attributes" mandatory="false">
|
<adm:synopsis>
|
Indicates whether the Directory Server should automatically add any
|
attribute values contained in the entry's RDN into that entry when
|
processing an add request.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
true
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.142</ldap:oid>
|
<ldap:name>ds-cfg-add-missing-rdn-attributes</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="allow-attribute-name-exceptions" mandatory="false">
|
<adm:synopsis>
|
Indicates whether the Directory Server should allow the use of underscores
|
in attribute names, and should allow attribute names to begin with
|
numeric digits (both of which are violations of the LDAP standards).
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
false
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.5</ldap:oid>
|
<ldap:name>ds-cfg-allow-attribute-name-exceptions</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="invalid-attribute-syntax-behavior" mandatory="false">
|
<adm:synopsis>
|
Specifies how the Directory Server should handle operations which would
|
result in an attribute value that violates the associated attribute
|
syntax.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
reject
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="accept">
|
<adm:synopsis>
|
The Directory Server will silently accept attribute values that are
|
invalid according to their associated syntax. Matching operations
|
targeting those values may not behave as expected.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="reject">
|
<adm:synopsis>
|
The Directory Server will reject attribute values that are invalid
|
according to their associated syntax.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="warn">
|
<adm:synopsis>
|
The Directory Server will accept attribute values that are invalid
|
according to their associated syntax, but will also log a warning
|
message to the error log. Matching operations targeting those
|
values may not behave as expected.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.44</ldap:oid>
|
<ldap:name>ds-cfg-invalid-attribute-syntax-behavior</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="server-error-result-code" mandatory="false">
|
<adm:synopsis>
|
Specifies the numeric value of the result code that should be used for
|
cases in which request processing fails due to an internal server error.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
80
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.143</ldap:oid>
|
<ldap:name>ds-cfg-server-error-result-code</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="single-structural-objectclass-behavior" mandatory="false">
|
<adm:synopsis>
|
Specifies how the Directory Server should handle operations which would
|
result in an entry without any structural object class, or that would
|
result in an entry containing multiple structural classes.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
reject
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="accept">
|
<adm:synopsis>
|
The Directory Server will silently accept entries that do not
|
contain exactly one structural object class. Certain schema
|
features that depend on the entry's structural class may not behave
|
as expected.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="reject">
|
<adm:synopsis>
|
The Directory Server will reject entries that do not contain exactly
|
one structural object class.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="warn">
|
<adm:synopsis>
|
The Directory Server will accept entries that do not contain exactly
|
one structural object class, but will also log a warning message to
|
the error log. Certain schema features that depend on the entry's
|
structural class may not behave
|
as expected.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.117</ldap:oid>
|
<ldap:name>ds-cfg-single-structural-objectclass-behavior</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="notify-abandoned-operations" mandatory="false">
|
<adm:synopsis>
|
Indicates whether the Directory Server should send a response to any
|
operation that is interrupted via an abandon request. The LDAP
|
specification states that abandoned operations should not receive any
|
response, but this may cause problems with client applications that
|
always expect to receive a response to each request.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
false
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.71</ldap:oid>
|
<ldap:name>ds-cfg-notify-abandoned-operations</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="size-limit" mandatory="false">
|
<adm:synopsis>
|
Specifies the maximum number of entries that the Directory Server should
|
return to the client in the course of processing a search operation. A
|
value of 0 indicates that no size limit will be enforced. Note that this
|
is the default server-wide limit, but it may be overridden on a per-user
|
basis using the ds-rlim-size-limit operational attribute.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
1000
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.118</ldap:oid>
|
<ldap:name>ds-cfg-size-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="time-limit" mandatory="false">
|
<adm:synopsis>
|
Specifies the maximum length of time that the Directory Server should
|
spend procesing a search operation. A value of 0 seconds indicates that
|
no time limit will be enforced. Note that this is the default server-wide
|
time limit, but it may be overridden on a per-user basis using the
|
ds-rlim-time-limit operational attribute.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
60 seconds
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:duration base-unit="s" lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.150</ldap:oid>
|
<ldap:name>ds-cfg-time-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="proxied-authorization-identity-mapper-dn"
|
mandatory="true">
|
<adm:synopsis>
|
Specifies the DN of the configuration entry for the identity mapper that
|
will be used to map authorization ID values (using the "u:" form) provided
|
in the proxied authorization control to the corresponding user entry.
|
</adm:synopsis>
|
<adm:syntax>
|
<adm:dn>
|
<adm:base>cn=Identity Mappers,cn=config</adm:base>
|
</adm:dn>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.149</ldap:oid>
|
<ldap:name>ds-cfg-proxied-authorization-identity-mapper-dn</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="writability-mode" mandatory="false">
|
<adm:synopsis>
|
Specifies which kinds of write operations the Directory Server should
|
attempt to process.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
enabled
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="enabled">
|
<adm:synopsis>
|
The Directory Server will attempt to process all write operations
|
that are requested of it, regardless of their origin.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="disabled">
|
<adm:synopsis>
|
The Directory Server will reject all write operations that are
|
requested of it, regardless of their origin.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="internal-only">
|
<adm:synopsis>
|
The Directory Server will attempt to process write operations
|
requested as internal operations or through synchronization, but
|
will reject any such operations requested from external clients.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.161</ldap:oid>
|
<ldap:name>ds-cfg-writability-mode</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="reject-unauthenticated-requests" mandatory="false">
|
<adm:synopsis>
|
Indicates whether the Directory Server should reject any request (other
|
than bind or StartTLS requests) received from a client that has not yet
|
authenticated, whose last authentication attempt was unsuccessful, or
|
whose last authentication attempt used anonymous authentication.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
false
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.301</ldap:oid>
|
<ldap:name>ds-cfg-reject-unauthenticated-requests</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="bind-with-dn-requires-password" mandatory="false">
|
<adm:synopsis>
|
Indicates whether the Directory Server should reject any simple bind
|
request that contains a DN but no password. Although such bind requests
|
are technically allowed by the LDAPv3 specification (and should be treated
|
as anonymous simple authentication), they may introduce security problems
|
in applications that do not verify that the client actually provided a
|
password.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
true
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.163</ldap:oid>
|
<ldap:name>ds-cfg-bind-with-dn-requires-password</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="lookthrough-limit" mandatory="false">
|
<adm:synopsis>
|
Specifies the maximum number of entries that the Directory Server should
|
"look through" in the course of processing a search request. This
|
includes any entry that the server must examine in the course of
|
processing the request, regardless of whether it actually matches the
|
search criteria. A value of 0 indicates that no lookthrough limit will
|
be enforced. Note that this is the default server-wide limit, but it may
|
be overridden on a per-user basis using the ds-rlim-lookthrough-limit
|
operational attribute.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
5000
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer lower-limit="0" />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.285</ldap:oid>
|
<ldap:name>ds-cfg-lookthrough-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="smtp-server" mandatory="false" multi-valued="true">
|
<adm:synopsis>
|
Specifies the address (and optional port number) for a mail server that
|
can be used to send e-mail messages via SMTP. It may be an IP address or
|
resolvable hostname, optionally followed by a colon and a port number.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then it will not be possible to take
|
advantage of server features that may provide thea bility to send
|
e-mail via SMTP.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.446</ldap:oid>
|
<ldap:name>ds-cfg-smtp-server</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="allowed-task" mandatory="false" multi-valued="true">
|
<adm:synopsis>
|
Specifies the fully-qualified name of a Java class that may be invoked in
|
the server. Any attempt to invoke a task not included in the list of
|
allowed tasks will be rejected.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then the server will not allow any tasks to
|
be invoked.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.456</ldap:oid>
|
<ldap:name>ds-cfg-allowed-task</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="disabled-privilege" mandatory="false" multi-valued="true">
|
<adm:synopsis>
|
Specifies the name of a privilege that should not be evaluated by the
|
server. If a privilege is disabled, then it will be assumed that all
|
clients (including unauthenticated clients) will have that privilege.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If no values are defined, then the server will enforce all privileges.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="bypass-acl">
|
<adm:synopsis>
|
Allows the associated user to bypass access control checks performed
|
by the server.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="modify-acl">
|
<adm:synopsis>
|
Allows the associated user to modify the server's access control
|
configuration.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="config-read">
|
<adm:synopsis>
|
Allows the associated user to read the server configuration.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="config-write">
|
<adm:synopsis>
|
Allows the associated user to update the server configuration. The
|
config-read privilege is also required.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-read">
|
<adm:synopsis>
|
Allows the associated user to perform JMX read operations.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-write">
|
<adm:synopsis>
|
Allows the associated user to perform JMX write operations.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="jmx-notify">
|
<adm:synopsis>
|
Allows the associated user to subscribe to receive JMX
|
notifications.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="ldif-import">
|
<adm:synopsis>
|
Allows the user to request that the server process LDIF import
|
tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="ldif-export">
|
<adm:synopsis>
|
Allows the user to request that the server process LDIF export
|
tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="backend-backup">
|
<adm:synopsis>
|
Allows the user to request that the server process backup tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="backend-restore">
|
<adm:synopsis>
|
Allows the user to request that the server process restore tasks.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="server-shutdown">
|
<adm:synopsis>
|
Allows the user to request that the server shut down.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="server-restart">
|
<adm:synopsis>
|
Allows the user to request that the server perform an in-core
|
restart.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="proxied-auth">
|
<adm:synopsis>
|
Allows the user to use the proxied authorization control, or to
|
perform a bind that specifies an alternate authorization identity.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="disconnect-client">
|
<adm:synopsis>
|
Allows the user to terminate other client connections.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="cancel-request">
|
<adm:synopsis>
|
Allows the user to cancel operations in progress on other client
|
connections.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="password-reset">
|
<adm:synopsis>
|
Allows the user to reset user passwords.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="data-sync">
|
<adm:synopsis>
|
Allows the user to participate in data synchronization.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="update-schema">
|
<adm:synopsis>
|
Allows the user to make changes to the server schema.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="privilege-change">
|
<adm:synopsis>
|
Allows the user to make changes to the set of defined root
|
privileges, as well as to grant and revoke privileges for users.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="unindexed-search">
|
<adm:synopsis>
|
Allows the user to request that the server process a search that
|
cannot be optimized using server indexes.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.457</ldap:oid>
|
<ldap:name>ds-cfg-disabled-privilege</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="return-bind-error-messages" mandatory="false">
|
<adm:synopsis>
|
Indicates whether responses for failed bind operations should include a
|
message string providing the reason for the authentication failure. Note
|
that these messages may include information that could potentially be used
|
by an attacker. If this option is disabled, then these messages will
|
appear only in the server's access log.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
false
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.458</ldap:oid>
|
<ldap:name>ds-cfg-return-bind-error-messages</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
<adm:property name="idle-time-limit" mandatory="false" multi-valued="false">
|
<adm:synopsis>
|
Specifies the maximum lenght of time that a client connection may remain
|
established since its last completed operation. A value of "0 seconds"
|
indicates that no idle time limit will be enforced.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>0 seconds</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:duration base-unit="ms" lower-limit="0"/>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:oid>1.3.6.1.4.1.26027.1.1.463</ldap:oid>
|
<ldap:name>ds-cfg-idle-time-limit</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
|
</adm:managed-object>
|
