<?xml version="1.0" encoding="utf-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
|
! or http://forgerock.org/license/CDDLv1.0.html.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at legal-notices/CDDLv1_0.txt.
|
! If applicable, add the following below this CDDL HEADER, with the
|
! fields enclosed by brackets "[]" replaced with your own identifying
|
! information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2008 Sun Microsystems, Inc.
|
! Portions Copyright 2011 ForgeRock AS
|
! -->
|
<adm:managed-object name="password-policy-import-plugin"
|
plural-name="password-policy-import-plugins"
|
package="org.opends.server.admin.std" extends="plugin"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name />
|
ensures that clear-text passwords contained in LDIF
|
entries are properly encoded before they are stored in the
|
appropriate directory server backend.
|
</adm:synopsis>
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-password-policy-import-plugin</ldap:name>
|
<ldap:superior>ds-cfg-plugin</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property-override name="java-class" advanced="true">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
org.opends.server.plugins.PasswordPolicyImportPlugin
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property-override name="plugin-type" advanced="true">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>ldifimport</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property-override name="invoke-for-internal-operations">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property name="default-user-password-storage-scheme"
|
multi-valued="true">
|
<adm:synopsis>
|
Specifies the names of the password storage schemes to be
|
used for encoding passwords contained in attributes with the user
|
password syntax for entries that do not include the
|
ds-pwp-password-policy-dn attribute specifying which password
|
policy is to be used to govern them.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If the default password policy uses the attribute with the
|
user password syntax, then the server uses the default
|
password storage schemes for that password policy. Otherwise,
|
it encodes user password values using the "SSHA" scheme.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:aggregation relation-name="password-storage-scheme"
|
parent-path="/">
|
<adm:constraint>
|
<adm:synopsis>
|
The referenced password storage schemes must be enabled when the
|
<adm:user-friendly-name />
|
is enabled.
|
</adm:synopsis>
|
<adm:target-needs-enabling-condition>
|
<adm:contains property="enabled" value="true" />
|
</adm:target-needs-enabling-condition>
|
<adm:target-is-enabled-condition>
|
<adm:contains property="enabled" value="true" />
|
</adm:target-is-enabled-condition>
|
</adm:constraint>
|
</adm:aggregation>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>
|
ds-cfg-default-user-password-storage-scheme
|
</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="default-auth-password-storage-scheme"
|
multi-valued="true">
|
<adm:synopsis>
|
Specifies the names of password storage schemes that to be used
|
for encoding passwords contained in attributes with the auth
|
password syntax for entries that do not include the
|
ds-pwp-password-policy-dn attribute specifying which password
|
policy should be used to govern them.
|
</adm:synopsis>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
If the default password policy uses an attribute with the auth
|
password syntax, then the server uses the default password
|
storage schemes for that password policy. Otherwise, it
|
encodes auth password values using the "SHA1" scheme.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:aggregation relation-name="password-storage-scheme"
|
parent-path="/">
|
<adm:constraint>
|
<adm:synopsis>
|
The referenced password storage schemes must be enabled when
|
the Password Policy Import plug-in is enabled.
|
</adm:synopsis>
|
<adm:target-needs-enabling-condition>
|
<adm:contains property="enabled" value="true" />
|
</adm:target-needs-enabling-condition>
|
<adm:target-is-enabled-condition>
|
<adm:contains property="enabled" value="true" />
|
</adm:target-is-enabled-condition>
|
</adm:constraint>
|
</adm:aggregation>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>
|
ds-cfg-default-auth-password-storage-scheme
|
</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
