mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -37,7 +37,6 @@ <adm:tag name="user-management"/> <adm:profile name="ldap"> <ldap:object-class> <ldap:oid>1.3.6.1.4.1.26027.1.2.62</ldap:oid> <ldap:name>ds-cfg-password-policy</ldap:name> <ldap:superior>top</ldap:superior> </ldap:object-class> @@ -59,110 +58,98 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.192</ldap:oid> <ldap:name>ds-cfg-password-attribute</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="default-password-storage-scheme-dn" mandatory="true" <adm:property name="default-password-storage-scheme" mandatory="true" multi-valued="true"> <adm:synopsis> Specifies the DNs of the configuration entries for the password storage schemes that will be used to encode clear-text passwords for this password policy. Specifies the names of the the password storage schemes that will be used to encode clear-text passwords for this password policy. </adm:synopsis> <adm:syntax> <adm:dn> <adm:base>cn=password storage schemes,cn=config</adm:base> </adm:dn> <adm:aggregation relation-name="password-storage-scheme" parent-path="/"> <adm:target-enabled-property-name name="enabled" /> </adm:aggregation> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.178</ldap:oid> <ldap:name>ds-cfg-default-password-storage-scheme-dn</ldap:name> <ldap:name>ds-cfg-default-password-storage-scheme</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="deprecated-password-storage-scheme-dn" <adm:property name="deprecated-password-storage-scheme" mandatory="false" multi-valued="true"> <adm:synopsis> Specifies the DNs of the configuration entries for password storage schemes that will be considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with any deprecated schemes, then those values will be removed and replaced with values encoded using the default password storage scheme(s). Specifies the names of the password storage schemes that will be considered deprecated for this password policy. If a user with this password policy authenticates to the server and his/her password is encoded with any deprecated schemes, then those values will be removed and replaced with values encoded using the default password storage scheme(s). </adm:synopsis> <adm:default-behavior> <adm:undefined /> </adm:default-behavior> <adm:syntax> <adm:dn> <adm:base>cn=password storage schemes,cn=config</adm:base> </adm:dn> <adm:aggregation relation-name="password-storage-scheme" parent-path="/"> <adm:target-enabled-property-name name="enabled" /> </adm:aggregation> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.179</ldap:oid> <ldap:name>ds-cfg-deprecated-password-storage-scheme-dn</ldap:name> <ldap:name>ds-cfg-deprecated-password-storage-scheme</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="password-validator-dn" mandatory="false" <adm:property name="password-validator" mandatory="false" multi-valued="true"> <adm:synopsis> Specifies the DN(s) of the password validator(s) that should be Specifies the names of the password validators that should be used with the associated password storage scheme. </adm:synopsis> <adm:description> Specifies the DN(s) of the password validator(s) that should be used with the associated password storage scheme. Changes to this configuration attribute will take effect immediately. </adm:description> <adm:default-behavior> <adm:undefined /> </adm:default-behavior> <adm:syntax> <adm:dn> <adm:base>cn=password validators,cn=config</adm:base> </adm:dn> <adm:aggregation relation-name="password-validator" parent-path="/"> <adm:target-enabled-property-name name="enabled" /> </adm:aggregation> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.195</ldap:oid> <ldap:name>ds-cfg-password-validator-dn</ldap:name> <ldap:name>ds-cfg-password-validator</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="account-status-notification-handler-dn" <adm:property name="account-status-notification-handler" mandatory="false" multi-valued="true"> <adm:synopsis> Specifies the DN(s) of the account status notification handler(s) Specifies the names of the account status notification handlers that should be used with the associated password storage scheme. </adm:synopsis> <adm:description> Specifies the DN(s) of the account status notification handler(s) that should be used with the associated password storage scheme. Changes to this configuration attribute will take effect immediately. </adm:description> <adm:default-behavior> <adm:undefined /> </adm:default-behavior> <adm:syntax> <adm:dn> <adm:base>cn=account status notification handlers,cn=config</adm:base> </adm:dn> <adm:aggregation relation-name="account-status-notification-handler" parent-path="/"> <adm:target-enabled-property-name name="enabled" /> </adm:aggregation> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.174</ldap:oid> <ldap:name> ds-cfg-account-status-notification-handler-dn ds-cfg-account-status-notification-handler </ldap:name> </ldap:attribute> </adm:profile> @@ -191,7 +178,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.177</ldap:oid> <ldap:name>ds-cfg-allow-user-password-changes</ldap:name> </ldap:attribute> </adm:profile> @@ -220,7 +206,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.198</ldap:oid> <ldap:name> ds-cfg-password-change-requires-current-password </ldap:name> @@ -251,7 +236,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.208</ldap:oid> <ldap:name>ds-cfg-force-change-on-add</ldap:name> </ldap:attribute> </adm:profile> @@ -282,7 +266,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.181</ldap:oid> <ldap:name>ds-cfg-force-change-on-reset</ldap:name> </ldap:attribute> </adm:profile> @@ -313,39 +296,35 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.201</ldap:oid> <ldap:name>ds-cfg-skip-validation-for-administrators</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="password-generator-dn" mandatory="false" <adm:property name="password-generator" mandatory="false" multi-valued="false"> <adm:synopsis> Specifies the DN of the configuration entry that references the password generator for use with the associated password policy. Specifies the name of the password generator that should be used with the associated password policy. </adm:synopsis> <adm:description> Specifies the DN of the configuration entry that references the password generator for use with the associated password policy. This will be used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request. Changes to this configuration attribute will take effect immediately. provided in the request. </adm:description> <adm:default-behavior> <adm:undefined /> </adm:default-behavior> <adm:syntax> <adm:dn> <adm:base>cn=password generators,cn=config</adm:base> </adm:dn> <adm:aggregation relation-name="password-generator" parent-path="/"> <adm:target-enabled-property-name name="enabled" /> </adm:aggregation> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.194</ldap:oid> <ldap:name>ds-cfg-password-generator-dn</ldap:name> <ldap:name>ds-cfg-password-generator</ldap:name> </ldap:attribute> </adm:profile> </adm:property> @@ -375,7 +354,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.199</ldap:oid> <ldap:name>ds-cfg-require-secure-authentication</ldap:name> </ldap:attribute> </adm:profile> @@ -405,7 +383,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.200</ldap:oid> <ldap:name>ds-cfg-require-secure-password-changes</ldap:name> </ldap:attribute> </adm:profile> @@ -438,7 +415,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.209</ldap:oid> <ldap:name>ds-cfg-allow-multiple-password-values</ldap:name> </ldap:attribute> </adm:profile> @@ -467,13 +443,12 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.176</ldap:oid> <ldap:name>ds-cfg-allow-pre-encoded-passwords</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="minimum-password-age" mandatory="false" <adm:property name="min-password-age" mandatory="false" multi-valued="false"> <adm:synopsis> Specifies the minimum length of time that must pass after a @@ -500,13 +475,12 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.191</ldap:oid> <ldap:name>ds-cfg-minimum-password-age</ldap:name> <ldap:name>ds-cfg-min-password-age</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="maximum-password-age" mandatory="false" <adm:property name="max-password-age" mandatory="false" multi-valued="false"> <adm:synopsis> Specifies the maximum length of time that a user may continue @@ -531,14 +505,13 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.189</ldap:oid> <ldap:name>ds-cfg-maximum-password-age</ldap:name> <ldap:name>ds-cfg-max-password-age</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="maximum-password-reset-age" mandatory="false" <adm:property name="max-password-reset-age" mandatory="false" multi-valued="false"> <adm:synopsis> Specifies the maximum length of time that users have to change @@ -563,8 +536,7 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.190</ldap:oid> <ldap:name>ds-cfg-maximum-password-reset-age</ldap:name> <ldap:name>ds-cfg-max-password-reset-age</ldap:name> </ldap:attribute> </adm:profile> </adm:property> @@ -595,7 +567,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.193</ldap:oid> <ldap:name> ds-cfg-password-expiration-warning-interval </ldap:name> @@ -630,7 +601,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.180</ldap:oid> <ldap:name>ds-cfg-expire-passwords-without-warning</ldap:name> </ldap:attribute> </adm:profile> @@ -659,7 +629,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.175</ldap:oid> <ldap:name>ds-cfg-allow-expired-password-changes</ldap:name> </ldap:attribute> </adm:profile> @@ -689,7 +658,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.182</ldap:oid> <ldap:name>ds-cfg-grace-login-count</ldap:name> </ldap:attribute> </adm:profile> @@ -718,7 +686,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.187</ldap:oid> <ldap:name>ds-cfg-lockout-failure-count</ldap:name> </ldap:attribute> </adm:profile> @@ -749,7 +716,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.186</ldap:oid> <ldap:name>ds-cfg-lockout-duration</ldap:name> </ldap:attribute> </adm:profile> @@ -782,7 +748,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.188</ldap:oid> <ldap:name> ds-cfg-lockout-failure-expiration-interval </ldap:name> @@ -815,7 +780,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.197</ldap:oid> <ldap:name>ds-cfg-require-change-by-time</ldap:name> </ldap:attribute> </adm:profile> @@ -846,7 +810,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.184</ldap:oid> <ldap:name>ds-cfg-last-login-time-attribute</ldap:name> </ldap:attribute> </adm:profile> @@ -875,7 +838,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.185</ldap:oid> <ldap:name>ds-cfg-last-login-time-format</ldap:name> </ldap:attribute> </adm:profile> @@ -906,7 +868,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.196</ldap:oid> <ldap:name>ds-cfg-previous-last-login-time-format</ldap:name> </ldap:attribute> </adm:profile> @@ -940,7 +901,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.183</ldap:oid> <ldap:name>ds-cfg-idle-lockout-interval</ldap:name> </ldap:attribute> </adm:profile> @@ -991,7 +951,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.443</ldap:oid> <ldap:name>ds-cfg-state-update-failure-policy</ldap:name> </ldap:attribute> </adm:profile> @@ -1019,7 +978,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.444</ldap:oid> <ldap:name>ds-cfg-password-history-count</ldap:name> </ldap:attribute> </adm:profile> @@ -1048,7 +1006,6 @@ </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:oid>1.3.6.1.4.1.26027.1.1.445</ldap:oid> <ldap:name>ds-cfg-password-history-duration</ldap:name> </ldap:attribute> </adm:profile>
