<?xml version="1.0" encoding="utf-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
! or http://forgerock.org/license/CDDLv1.0.html.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at legal-notices/CDDLv1_0.txt.
|
! If applicable, add the following below this CDDL HEADER, with the
|
! fields enclosed by brackets "[]" replaced with your own identifying
|
! information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2009 Sun Microsystems, Inc.
|
! Portions copyright 2013 ForgeRock AS.
|
! -->
|
<adm:managed-object name="network-group"
|
plural-name="network-groups"
|
package="org.opends.server.admin.std"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name/>
|
is used to classify incoming client connections and route requests to
|
workflows.
|
</adm:synopsis>
|
<adm:tag name="core-server"/>
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-network-group</ldap:name>
|
<ldap:superior>top</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:relation name="network-group-qos-policy"
|
managed-object-name="qos-policy"
|
hidden="true">
|
<adm:synopsis>
|
Specifies the set of quality of service (QoS) policies enforced by
|
the
|
<adm:user-friendly-name/>
|
.
|
</adm:synopsis>
|
<adm:description>
|
All client connections belonging to the
|
<adm:user-friendly-name/>
|
will comply with its policies.
|
</adm:description>
|
<adm:one-to-many unique="true"
|
plural-name="network-group-qos-policies"/>
|
<adm:profile name="ldap">
|
<ldap:rdn-sequence>cn=QoS Policies</ldap:rdn-sequence>
|
</adm:profile>
|
</adm:relation>
|
<adm:property name="enabled" mandatory="true">
|
<adm:synopsis>
|
Indicates whether the
|
<adm:user-friendly-name/>
|
is enabled for use in the server.
|
</adm:synopsis>
|
<adm:description>
|
If a
|
<adm:user-friendly-name/>
|
is not enabled then its workflows will not be accessible when
|
processing operations.
|
</adm:description>
|
<adm:syntax>
|
<adm:boolean/>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-enabled</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="priority" mandatory="true">
|
<adm:synopsis>
|
Specifies the priority for this <adm:user-friendly-name/>.
|
</adm:synopsis>
|
<adm:description>
|
A client connection is first compared against the
|
<adm:user-friendly-name/>
|
with the lowest priority. If the client connection does not match
|
its connection criteria, then the client connection is compared against
|
the
|
<adm:user-friendly-name/>
|
with next lowest priority, and so on. If no
|
<adm:user-friendly-name/>
|
is selected then the client connection is rejected.
|
</adm:description>
|
<adm:syntax>
|
<adm:integer lower-limit="0"/>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-priority</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="workflow" multi-valued="true">
|
<adm:synopsis>
|
Specifies a set of workflows which should be accessible from this
|
<adm:user-friendly-name/>
|
.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>No workflows will be accessible.</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:aggregation relation-name="workflow"
|
parent-path="/">
|
<adm:constraint>
|
<adm:synopsis>
|
The referenced workflows must be enabled.
|
</adm:synopsis>
|
<adm:target-is-enabled-condition>
|
<adm:contains property="enabled" value="true"/>
|
</adm:target-is-enabled-condition>
|
</adm:constraint>
|
</adm:aggregation>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-workflow</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="allowed-auth-method" multi-valued="true">
|
<adm:synopsis>
|
Specifies a set of allowed authorization methods that clients
|
must use in order to establish connections to this
|
<adm:user-friendly-name/>.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately and do not
|
interfere with connections that may have already been
|
established.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
All authorization methods are allowed.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="anonymous">
|
<adm:synopsis>
|
Unauthorized clients.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="simple">
|
<adm:synopsis>
|
Clients who bind using simple authentication (name and password).
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="sasl">
|
<adm:synopsis>
|
Clients who bind using SASL/external certificate based
|
authentication.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-allowed-auth-method</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="allowed-protocol" multi-valued="true">
|
<adm:synopsis>
|
Specifies a set of allowed supported protocols that clients
|
must use in order to establish connections to this
|
<adm:user-friendly-name/>.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately and do not
|
interfere with connections that may have already been
|
established.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
All supported protocols are allowed.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:enumeration>
|
<adm:value name="ldap">
|
<adm:synopsis>
|
Clients using LDAP are allowed.
|
</adm:synopsis>
|
</adm:value>
|
<adm:value name="ldaps">
|
<adm:synopsis>
|
Clients using LDAPS are allowed.
|
</adm:synopsis>
|
</adm:value>
|
</adm:enumeration>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-allowed-protocol</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="allowed-bind-dn" multi-valued="true">
|
<adm:synopsis>
|
Specifies a set of bind DN patterns that determine the
|
clients that are allowed to establish connections to this
|
<adm:user-friendly-name/>.
|
</adm:synopsis>
|
<adm:description>
|
Valid bind DN filters are strings composed of zero or more
|
wildcards. A double wildcard ** replaces one or more RDN
|
components (as in uid=dmiller,**,dc=example,dc=com). A simple
|
wildcard * replaces either a whole RDN, or a whole type, or a
|
value substring (as in uid=bj*,ou=people,dc=example,dc=com).
|
</adm:description>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately and do not
|
interfere with connections that may have already been
|
established.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
All bind DNs are allowed.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-allowed-bind-dn</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property-reference name="allowed-client" />
|
<adm:property-reference name="denied-client" />
|
<adm:property name="is-security-mandatory">
|
<adm:synopsis>
|
Specifies whether or not a secured client connection
|
is required in order for clients to establish connections
|
to this <adm:user-friendly-name/>.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately and do not
|
interfere with connections that may have already been
|
established.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-is-security-mandatory</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
