external-software/github_OpenIdentityPlatform_OpenDJ.git

On behalf of Gene (doc team), Some modification for the doc generation.

lutoff

06.52.2008 c69bb7a93b3a9c3315347a488e19e96f3b4bf0b8

 opends/src/admin/defn/org/opends/server/admin/std/AccessControlHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="access-control-handler"
  plural-name="access-control-handlers"
@@ -33,8 +33,18 @@
  xmlns:cli="http://www.opends.org/admin-cli">
  <adm:synopsis>
    <adm:user-friendly-plural-name />
    manage the application-wide access-control.
      manage the application-wide access control. The OpenDS access control 
      handler is defined through an extensible interface, so that alternate 
      implementations can be created. Only one access control handler may be 
      active in the server at any given time.  
  </adm:synopsis>
  <adm:description>
     Note that OpenDS also has a privilege subsystem, which may have an impact 
     on what clients may be allowed to do in the server. For example, any user 
     with the bypass-acl privilege is not subject to access control 
     checking regardless of whether the access control implementation is 
     enabled.
  </adm:description>
  <adm:tag name="security" />
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -47,9 +57,12 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled. If set to FALSE, then no access control is enforced, and any 
      client (including unauthenticated or anonymous clients) could be allowed to perform any 
      operation if not subject to other restrictions, such as those enforced by the privilege 
      subsystem.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -62,10 +75,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:component-restart />
    </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>

 opends/src/admin/defn/org/opends/server/admin/std/AccountStatusNotificationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="account-status-notification-handler"
  plural-name="account-status-notification-handlers"
@@ -32,11 +32,12 @@
  xmlns:ldap="http://www.opends.org/admin-ldap"
  xmlns:cli="http://www.opends.org/admin-cli">
  <adm:synopsis>
    <adm:user-friendly-name />
    is invoked whenever certain types of events occur that could change
    the status of a user account. The
    <adm:user-friendly-name />
    may be used to notify the user and/or administrators of the change.
     <adm:user-friendly-plural-name />
     are invoked to provide notification to users in some form (for example, 
     by an email message) when the status of a user's account has changed 
     in some way. The 
    <adm:user-friendly-name /> 
    can be used to notify the user and/or administrators of the change.
  </adm:synopsis>
  <adm:tag name="user-management" />
  <adm:profile name="ldap">
@@ -50,9 +51,10 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      <adm:user-friendly-name />
      is enabled for use.
      Indicates whether the
      <adm:user-friendly-name /> 
      is enabled. Only enabled handlers are invoked whenever 
      a related event occurs in the server.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -65,10 +67,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>

 opends/src/admin/defn/org/opends/server/admin/std/AlertHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="alert-handler" plural-name="alert-handlers"
  package="org.opends.server.admin.std"
@@ -31,7 +31,7 @@
  xmlns:ldap="http://www.opends.org/admin-ldap"
  xmlns:cli="http://www.opends.org/admin-cli">
  <adm:synopsis>
    <adm:user-friendly-name />
    <adm:user-friendly-plural-name />
    are used to notify administrators of significant problems or notable
    events that occur in the Directory Server.
  </adm:synopsis>
@@ -47,9 +47,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -62,10 +62,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>
@@ -86,16 +89,16 @@
    </adm:synopsis>
    <adm:description>
      If there are any values for this attribute, then only alerts with
      one of the specified types will be allowed (unless they are also
      one of the specified types are allowed (unless they are also
      included in the disabled alert types). If there are no values for
      this attribute, then any alerts with a type not included in the
      list of disabled alert types will be allowed.
      this attribute, then any alert with a type not included in the
      list of disabled alert types is allowed.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          All alerts with types not included in the set of disabled
          alert types will be allowed.
          alert types are allowed.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
@@ -115,18 +118,18 @@
    </adm:synopsis>
    <adm:description>
      If there are any values for this attribute, then no alerts with
      any of the specified types will be allowed. If there are no values
      any of the specified types are allowed. If there are no values
      for this attribute, then only alerts with a type included in the
      set of enabled alert types will be allowed, or if there are no
      values for the enabled alert types option then all alert types
      will be allowed.
      set of enabled alert types are allowed, or if there are no
      values for the enabled alert types option, then all alert types
      are allowed.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          If there is a set of enabled alert types, then only alerts
          with one of those types will be allowed. Otherwise, all alerts
          will be allowed.
          with one of those types are allowed. Otherwise, all alerts
          are allowed.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/AttributeSyntaxConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="attribute-syntax"
  plural-name="attribute-syntaxes" package="org.opends.server.admin.std"
@@ -45,9 +45,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -60,10 +60,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true" read-only="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>

 opends/src/admin/defn/org/opends/server/admin/std/AttributeTypeDescriptionAttributeSyntaxConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="attribute-type-description-attribute-syntax"
  plural-name="attribute-type-description-attribute-syntaxes"
@@ -44,6 +44,9 @@
    </ldap:object-class>
  </adm:profile>
  <adm:property-override name="java-class" advanced="true">
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:defined>
        <adm:value>
@@ -54,13 +57,13 @@
  </adm:property-override>
  <adm:property name="strip-syntax-min-upper-bound" advanced="true">
    <adm:synopsis>
      Indicate whether the suggested minimum upper bound appended to an
      Indicates whether the suggested minimum upper bound appended to an
      attribute's syntax OID in it's schema definition Attribute Type
      Description is stripped off.
    </adm:synopsis>
    <adm:description>
      When retrieving the server's schema, some APIs (JNDI) fail in
      their syntax lookup methods because they don't parse this value
      their syntax lookup methods, because they do not parse this value
      correctly. This configuration option allows the server to be
      configured to provide schema definitions these APIs can parse
      correctly.

 opends/src/admin/defn/org/opends/server/admin/std/BackendConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="backend" plural-name="backends"
  package="org.opends.server.admin.std"
@@ -36,9 +36,9 @@
    presented by the server.
  </adm:synopsis>
  <adm:description>
    The data may be stored locally (e.g., in an embedded database),
    remotely (e.g., in an external system), or generated on the fly
    (e.g., calculated from other information that is available).
    The data may be stored locally in an embedded database,
    remotely in an external system, or generated on the fly
    (for example, calculated from other information that is available).
  </adm:description>
  <adm:tag name="database" />
  <adm:profile name="ldap">
@@ -52,10 +52,10 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicates whether the backend is enabled for use in the server.
      Indicates whether the backend is enabled in the server.
    </adm:synopsis>
    <adm:description>
      If a backend is not enabled, then its contents will not be
      If a backend is not enabled, then its contents are not 
      accessible when processing operations.
    </adm:description>
    <adm:syntax>
@@ -69,7 +69,7 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      backend implementation.
    </adm:synopsis>
    <adm:requires-admin-action>
@@ -88,11 +88,11 @@
  </adm:property>
  <adm:property name="backend-id" mandatory="true" read-only="true">
    <adm:synopsis>
      Provides a name that will be used to identify the associated
      backend.
      Specifies a name to identify the associated backend.
    </adm:synopsis>
    <adm:description>
      The name must be unique among all backends in the server.
      The name must be unique among all backends in the server. The backend ID may 
      not be altered after the backend is created in the server.
    </adm:description>
    <adm:syntax>
      <adm:string />
@@ -140,22 +140,21 @@
  </adm:property>
  <adm:property name="base-dn" mandatory="true" multi-valued="true">
    <adm:synopsis>
      Specifies the base DN(s) for the data that the backend will
      handle.
      Specifies the base DN(s) for the data that the backend handles.
    </adm:synopsis>
    <adm:description>
      A single backend may be responsible for one or more base DNs. Note
      that no two backends may have the same base DN, although one
      that no two backends may have the same base DN although one
      backend may have a base DN that is below a base DN provided by
      another backend (similar to the use of sub-suffixes in the Sun
      Java System Directory Server). Note that if any of the base DNs is
      Java System Directory Server). If any of the base DNs is
      subordinate to a base DN for another backend, then all base DNs
      for that backend must be subordinate to that same base DN.
    </adm:description>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          No administrative action is required by default, although some
          No administrative action is required by default although some
          action may be required on a per-backend basis before the new
          base DN may be used.
        </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/BackupBackendConfiguration.xml

@@ -23,20 +23,21 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="backup-backend" plural-name="backup-backends"
  package="org.opends.server.admin.std" extends="backend"
  advanced="true" xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The backup backend provides read-only access to the set of backups
    that are available for the OpenDS Directory Server.
    The
    <adm:user-friendly-name />
    provides read-only access to the set of backups
    that are available for the OpenDS Directory Server. 
  </adm:synopsis>
  <adm:description>
    The backup backend is provided as a convenience feature that makes
    it easier to determine what backups are available to be restored if
    necessary.
    It is provided as a convenience feature that makes it easier to determine what
    backups are available to be restored if necessary.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -65,8 +66,8 @@
      backups for a particular backend.
    </adm:synopsis>
    <adm:description>
      This is a multivalued property, and each value may specify a
      different backup directory if desired (e.g., one for each backend
      This is a multivalued property. Each value may specify a
      different backup directory if desired (one for each backend
      for which backups are taken). Values may be either absolute paths
      or paths that are relative to the base of the OpenDS Directory
      Server installation.

 opends/src/admin/defn/org/opends/server/admin/std/CancelExtendedOperationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="cancel-extended-operation-handler"
  plural-name="cancel-extended-operation-handlers"
@@ -39,8 +39,8 @@
  </adm:synopsis>
  <adm:description>
    It allows clients to cancel operations initiated from earlier
    requests, and will ensure that both the cancel request and the
    operation being canceled will receive response messages.
    requests. The property ensures that both the cancel request and the
    operation being canceled receives response messages.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>

 opends/src/admin/defn/org/opends/server/admin/std/CertificateMapperConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="certificate-mapper"
  plural-name="certificate-mappers"
@@ -50,9 +50,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -65,11 +65,14 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
    <adm:syntax>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
     <adm:syntax>
      <adm:java-class>
        <adm:instance-of>
          org.opends.server.api.CertificateMapper

 opends/src/admin/defn/org/opends/server/admin/std/ConfigFileHandlerBackendConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="config-file-handler-backend"
  plural-name="config-file-handler-backends"
@@ -31,10 +31,11 @@
  advanced="true" xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The config file handler backend provides the ability for clients to
    access the server configuration over protocol, allowing both read
    and write operations (although modify DN operations are not
    supported for entries in the server configuration).
    The
    <adm:user-friendly-name />
    allows clients to access the server configuration over protocol, and 
    allow both read and write operations. Note: Modify DN operations are not
    supported for entries in the server configuration.
  </adm:synopsis>
  <adm:profile name="ldap">
    <ldap:object-class>

 opends/src/admin/defn/org/opends/server/admin/std/ConnectionHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="connection-handler"
  plural-name="connection-handlers"
@@ -49,9 +49,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -64,10 +64,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>
@@ -83,16 +86,16 @@
  </adm:property>
  <adm:property name="allowed-client" multi-valued="true">
    <adm:synopsis>
      This property specifies a set of address masks that may be used to
      determine the addresses of the clients that are allowed to
      Specifies a set of address masks that determines the 
      addresses of the clients that are allowed to
      establish connections to this connection handler.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this configuration attribute will take effect
          immediately but will not interfere with connections that may
          already be established.
          Changes to this configuration attribute take effect
          immediately and do not interfere with connections that may
          have already been established.
        </adm:synopsis>
      </adm:none>
    </adm:requires-admin-action>
@@ -100,8 +103,8 @@
      <adm:alias>
        <adm:synopsis>
          All clients with addresses that do not match an address on the
          deny list will be allowed. If there is no deny list, then all
          clients will be allowed.
          deny list are allowed. If there is no deny list, then all
          clients are allowed.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
@@ -116,22 +119,22 @@
  </adm:property>
  <adm:property name="denied-client" multi-valued="true">
    <adm:synopsis>
      This property specifies a set of address masks that may be used to
      determine the addresses of the clients that are not allowed to
      Specifies a set of address masks that determines
      the addresses of the clients that are not allowed to
      establish connections to this connection handler.
    </adm:synopsis>
    <adm:description>
      If both allowed and denied client masks are defined and a client
      connection matches one or more masks in both lists, then the
      connection will be denied. If only a denied list is specified,
      then any client not matching a mask in that list will be allowed.
      connection is denied. If only a denied list is specified,
      then any client not matching a mask in that list is allowed.
    </adm:description>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this configuration attribute will take effect
          immediately but will not interfere with connections that may
          already be established.
          Changes to this configuration attribute take effect
          immediately and do not interfere with connections that may
          have already been established.
        </adm:synopsis>
      </adm:none>
    </adm:requires-admin-action>
@@ -139,8 +142,8 @@
      <adm:alias>
        <adm:synopsis>
          If an allow list is specified, then only clients with
          addresses on the allow list will be allowed. Otherwise, all
          clients will be allowed.
          addresses on the allow list are allowed. Otherwise, all
          clients are allowed.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/CryptoManagerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="crypto-manager" plural-name="crypto-managers"
  package="org.opends.server.admin.std"
@@ -45,12 +45,12 @@
  </adm:profile>
  <adm:property name="digest-algorithm" advanced="true">
    <adm:synopsis>
      The preferred message digest algorithm for the Directory Server.
      Specifies the preferred message digest algorithm for the Directory Server.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately and 
          only affect cryptographic operations performed after the
          change.
        </adm:synopsis>
@@ -72,13 +72,13 @@
  </adm:property>
  <adm:property name="mac-algorithm" advanced="true">
    <adm:synopsis>
      The preferred MAC algorithm for the Directory Server.
      Specifies the preferred MAC algorithm for the Directory Server.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          only affect cryptographic operations performed after the
          Changes to this property take effect immediately but only 
          affect cryptographic operations performed after the
          change.
        </adm:synopsis>
      </adm:none>
@@ -99,13 +99,13 @@
  </adm:property>
  <adm:property name="mac-key-length" advanced="true">
    <adm:synopsis>
      The preferred key length in bits for the preferred MAC algorithm.
      Specifies the key length in bits for the preferred MAC algorithm.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          only affect cryptographic operations performed after the
          Changes to this property take effect immediately but only 
          affect cryptographic operations performed after the
          change.
        </adm:synopsis>
      </adm:none>
@@ -126,14 +126,14 @@
  </adm:property>
  <adm:property name="cipher-transformation" advanced="true">
    <adm:synopsis>
      The preferred cipher for the Directory Server, to be specified
      Specifies the cipher for the Directory Server 
      using the syntax algorithm/mode/padding.
    </adm:synopsis>
    <adm:description>
      The full transformation is required: specifying only an algorithm
      and allowing the cipher provider to supply the default mode and
      padding is not supported, because there is no guarantee these
      default values will be the same among different implementations.
      default values are the same among different implementations.
      Some cipher algorithms, including RC4 and ARCFOUR, do not have a
      mode or padding, and hence must be specified using NONE for the
      mode field and NoPadding for the padding field. For example,
@@ -142,7 +142,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but  
          only affect cryptographic operations performed after the
          change.
        </adm:synopsis>
@@ -164,12 +164,12 @@
  </adm:property>
  <adm:property name="cipher-key-length" advanced="true">
    <adm:synopsis>
      The preferred key length in bits for the preferred cipher.
      Specifies the key length in bits for the preferred cipher.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but 
          only affect cryptographic operations performed after the
          change.
        </adm:synopsis>
@@ -219,13 +219,13 @@
  </adm:property>
  <adm:property name="ssl-protocol" multi-valued="true">
    <adm:synopsis>
      Specifies the names of the SSL protocols that will be allowed for
      Specifies the names of the SSL protocols that are allowed for
      use in SSL or TLS communication.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but 
          only impact new SSL/TLS-based sessions created after the
          change.
        </adm:synopsis>
@@ -250,13 +250,13 @@
  </adm:property>
  <adm:property name="ssl-cipher-suite" multi-valued="true">
    <adm:synopsis>
      Specifies the names of the SSL cipher suites that will be allowed
      Specifies the names of the SSL cipher suites that are allowed
      for use in SSL or TLS communication.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but 
          only impact new SSL/TLS-based sessions created after the
          change.
        </adm:synopsis>
@@ -287,7 +287,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but 
          only impact new SSL/TLS-based sessions created after the
          change.
        </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/DebugTargetConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="debug-target" plural-name="debug-targets"
  package="org.opends.server.admin.std"
@@ -33,6 +33,13 @@
    <adm:user-friendly-plural-name />
    define the types of messages logged by the debug logPublisher.
  </adm:synopsis>
  <adm:description>
    Debug targets allow for fine-grain control of which messages are logged
    based on the package, class, or method that generated the message. Each
    debug target configuration entry resides below the entry with RDN of
    "cn=Debug Target" immediately below the parent ds-cfg-debug-log-publisher 
    entry.
  </adm:description>
  <adm:tag name="logging" />
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -42,10 +49,10 @@
  </adm:profile>
  <adm:property name="debug-scope" mandatory="true" read-only="true">
    <adm:synopsis>
      The fully-qualified OpenDS Java package, class, or method affected
      Specifies the fully-qualified OpenDS Java package, class, or method affected
      by the settings in this target definition. Use the number
      character (#) to separate the class name and the method name. (ie.
      org.opends.server.core.DirectoryServer#startUp)
      character (#) to separate the class name and the method name 
      (that is, org.opends.server.core.DirectoryServer#startUp).
    </adm:synopsis>
    <adm:syntax>
      <adm:string>
@@ -53,9 +60,9 @@
          <adm:regex>
            ^([A-Za-z][A-Za-z0-9_]*\\.)*[A-Za-z][A-Za-z0-9_]*(#[A-Za-z][A-Za-z0-9_]*)?$
          </adm:regex>
          <adm:usage>JAVA_NAME</adm:usage>
          <adm:usage>STRING</adm:usage>
          <adm:synopsis>
            A fully-qualified OpenDS Java package, class, or method
            The fully-qualified OpenDS Java package, class, or method
            name.
          </adm:synopsis>
        </adm:pattern>
@@ -69,40 +76,40 @@
  </adm:property>
  <adm:property name="debug-level" mandatory="true">
    <adm:synopsis>
      The lowest severity level of debug messages to log.
      Specifies the lowest severity level of debug messages to log.
    </adm:synopsis>
    <adm:syntax>
      <adm:enumeration>
        <adm:value name="disabled">
          <adm:synopsis>No messages will be logged.</adm:synopsis>
          <adm:synopsis>No messages are logged.</adm:synopsis>
        </adm:value>
        <adm:value name="error">
          <adm:synopsis>
            Messages with severity level of ERROR or higher will be
            Messages with severity level of ERROR or higher are
            logged.
          </adm:synopsis>
        </adm:value>
        <adm:value name="warning">
          <adm:synopsis>
            Messages with severity level of WARNING or higher will be
            Messages with severity level of WARNING or higher are
            logged.
          </adm:synopsis>
        </adm:value>
        <adm:value name="info">
          <adm:synopsis>
            Messages with severity level of INFO or higher will be
            Messages with severity level of INFO or higher are
            logged.
          </adm:synopsis>
        </adm:value>
        <adm:value name="verbose">
          <adm:synopsis>
            Messages with severity level of VERBOSE or higher will be
            Messages with severity level of VERBOSE or higher are
            logged.
          </adm:synopsis>
        </adm:value>
        <adm:value name="all">
          <adm:synopsis>
            Messages with any severity level will be logged.
            Messages with any severity level are logged.
          </adm:synopsis>
        </adm:value>
      </adm:enumeration>
@@ -115,12 +122,12 @@
  </adm:property>
  <adm:property name="debug-category" multi-valued="true">
    <adm:synopsis>
      The debug message categories to be logged.
      Specifies the debug message categories to be logged.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          Messages with any category will be logged if they have a
          Messages with any category are logged if they have a
          sufficient debug level.
        </adm:synopsis>
      </adm:alias>
@@ -128,31 +135,31 @@
    <adm:syntax>
      <adm:enumeration>
        <adm:value name="caught">
          <adm:synopsis>Exception caught.</adm:synopsis>
          <adm:synopsis>Exception caught</adm:synopsis>
        </adm:value>
        <adm:value name="constructor">
          <adm:synopsis>Constructor entry.</adm:synopsis>
          <adm:synopsis>Constructor entry</adm:synopsis>
        </adm:value>
        <adm:value name="data">
          <adm:synopsis>Raw data dump.</adm:synopsis>
          <adm:synopsis>Raw data dump</adm:synopsis>
        </adm:value>
        <adm:value name="database-access">
          <adm:synopsis>Access to a backend database.</adm:synopsis>
        </adm:value>
        <adm:value name="enter">
          <adm:synopsis>Method entry.</adm:synopsis>
          <adm:synopsis>Method entry</adm:synopsis>
        </adm:value>
        <adm:value name="exit">
          <adm:synopsis>Method exit.</adm:synopsis>
          <adm:synopsis>Method exit</adm:synopsis>
        </adm:value>
        <adm:value name="message">
          <adm:synopsis>Arbitrary debug message.</adm:synopsis>
          <adm:synopsis>Arbitrary debug message</adm:synopsis>
        </adm:value>
        <adm:value name="protocol">
          <adm:synopsis>Protocol element dump.</adm:synopsis>
          <adm:synopsis>Protocol element dump</adm:synopsis>
        </adm:value>
        <adm:value name="thrown">
          <adm:synopsis>Exception throw from method.</adm:synopsis>
          <adm:synopsis>Exception throw from method</adm:synopsis>
        </adm:value>
      </adm:enumeration>
    </adm:syntax>
@@ -164,7 +171,7 @@
  </adm:property>
  <adm:property name="omit-method-entry-arguments">
    <adm:synopsis>
      Property to indicate whether to include method arguments in debug
      Specifies the property to indicate whether to include method arguments in debug
      messages.
    </adm:synopsis>
    <adm:default-behavior>
@@ -183,7 +190,7 @@
  </adm:property>
  <adm:property name="omit-method-return-value">
    <adm:synopsis>
      Property to indicate whether to include the return value in debug
      Specifies the property to indicate whether to include the return value in debug
      messages.
    </adm:synopsis>
    <adm:default-behavior>
@@ -202,7 +209,7 @@
  </adm:property>
  <adm:property name="include-throwable-cause">
    <adm:synopsis>
      Property to indicate whether to include the cause of exceptions in
      Specifies the property to indicate whether to include the cause of exceptions in
      exception thrown and caught messages.
    </adm:synopsis>
    <adm:default-behavior>
@@ -221,7 +228,7 @@
  </adm:property>
  <adm:property name="throwable-stack-frames">
    <adm:synopsis>
      Property to indicate the number of stack frames to include in the
      Specifies the property to indicate the number of stack frames to include in the
      stack trace for method entry and exception thrown messages.
    </adm:synopsis>
    <adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/DirectoryStringAttributeSyntaxConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="directory-string-attribute-syntax"
  plural-name="directory-string-attribute-syntaxes"
@@ -31,8 +31,9 @@
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    <adm:user-friendly-plural-name />
    define an attribute syntax for storing arbitrary string (and
    The
    <adm:user-friendly-name />
    defines an attribute syntax for storing arbitrary string (and
    sometimes binary) data.
  </adm:synopsis>
  <adm:profile name="ldap">
@@ -52,13 +53,13 @@
  </adm:property-override>
  <adm:property name="allow-zero-length-values" advanced="true">
    <adm:synopsis>
      Indicate whether zero-length (i.e., empty string) values will be
      Indicates whether zero-length (that is, an empty string) values are
      allowed.
    </adm:synopsis>
    <adm:description>
      This is technically not allowed by the revised LDAPv3
      specification, but some environments may require it for backward
      compatibility with servers that did allow it.
      compatibility with servers that do allow it.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>

 opends/src/admin/defn/org/opends/server/admin/std/DseeCompatAccessControlHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="dsee-compat-access-control-handler"
  plural-name="dseecompat-access-control-handlers"
@@ -33,8 +33,9 @@
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provides a Sun Java System Directory Server Enterprise Edition
    compatible access control implementation.
    provides an implementation that uses syntax compatible with the 
    Sun Java System Directory Server Enterprise Edition
    access control handlers.
  </adm:synopsis>
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -62,8 +63,8 @@
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          No global access control rules will be defined, which means
          that no access will be allowed for any data in the server
          No global access control rules are defined, which means
          that no access is allowed for any data in the server
          unless specifically granted by access control rules in the
          data.
        </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/EntryCacheConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="entry-cache" plural-name="entry-caches"
  package="org.opends.server.admin.std"
@@ -48,9 +48,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -63,10 +63,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>
@@ -82,8 +85,8 @@
  </adm:property>
  <adm:property name="cache-level" mandatory="true">
    <adm:synopsis>
      The entry cache level which specifies this cache position in the
      cache order if more than one instance of the cache is configured.
      Specifies the cache level in the cache order if more than 
      one instance of the cache is configured.
    </adm:synopsis>
    <adm:syntax>
      <adm:integer lower-limit="1" />

 opends/src/admin/defn/org/opends/server/admin/std/ErrorLogAccountStatusNotificationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="error-log-account-status-notification-handler"
  plural-name="error-log-account-status-notification-handlers"
@@ -32,10 +32,11 @@
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    <adm:user-friendly-name />
    is an account status notification handler that writes information
    about status notifications using the Directory Server's error
    logging facility.
    The
    <adm:user-friendly-name /> 
    is a notification handler that writes information 
    to the server error log whenever an appropriate account status event 
    occurs.
  </adm:synopsis>
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -59,93 +60,80 @@
  <adm:property name="account-status-notification-type" mandatory="true"
    multi-valued="true">
    <adm:synopsis>
      Indicates which types of event can trigger an account status
      notification.
      Indicates which types of event can trigger an account status notification.
    </adm:synopsis>
    <adm:syntax>
      <adm:enumeration>
        <adm:value name="account-temporarily-locked">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been temporarily locked after
            too many failed attempts.
            Generate a notification whenever a user account has been temporarily 
            locked after too many failed attempts.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-permanently-locked">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been permanently locked after
            too many failed attempts.
            Generate a notification whenever a user account has been permanently 
            locked after too many failed attempts.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-unlocked">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been unlocked by an
            Generate a notification whenever a user account has been unlocked by an
            administrator.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-idle-locked">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been locked because it was idle
            for too long.
            Generate a notification whenever a user account has been locked 
            because it was idle for too long.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-reset-locked">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been locked because it the
            password had been reset by an administrator but not changed
            Generate a notification whenever a user account has been locked, 
            because the password had been reset by an administrator but not changed
            by the user within the required interval.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-disabled">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been disabled by an
            Generate a notification whenever a user account has been disabled by an
            administrator.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-enabled">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user account has been enabled by an
            Generate a notification whenever a user account has been enabled by an
            administrator.
          </adm:synopsis>
        </adm:value>
        <adm:value name="account-expired">
          <adm:synopsis>
            Indicates that an account status message should be generated
            whenever a user authentication has failed because the
            account has expired.
            Generate a notification whenever a user authentication has failed 
            because the account has expired.
          </adm:synopsis>
        </adm:value>
        <adm:value name="password-expired">
          <adm:synopsis>
            Indicates that an account status notification message should
            be generated whenever a user authentication has failed
            Generate a notification whenever a user authentication has failed
            because the password has expired.
          </adm:synopsis>
        </adm:value>
        <adm:value name="password-expiring">
          <adm:synopsis>
            Indicates that an account status notification message should
            be generated the first time that a password expiration
            warning is encountered for a user password.
            Generate a notification whenever a password expiration
            warning is encountered for a user password for the first time.
          </adm:synopsis>
        </adm:value>
        <adm:value name="password-reset">
          <adm:synopsis>
            Indicates that an account status notification message should
            be generated whenever a user's password is reset by an
            Generate a notification whenever a user's password is reset by an
            administrator.
          </adm:synopsis>
        </adm:value>
        <adm:value name="password-changed">
          <adm:synopsis>
            Indicates whether an account status notification message
            should be generated whenever a user changes his/her own
            Generate a notification whenever a user changes his/her own
            password.
          </adm:synopsis>
        </adm:value>

 opends/src/admin/defn/org/opends/server/admin/std/ExtendedOperationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="extended-operation-handler"
  plural-name="extended-operation-handlers"
@@ -33,8 +33,7 @@
  xmlns:cli="http://www.opends.org/admin-cli">
  <adm:synopsis>
    <adm:user-friendly-plural-name />
    are responsible for all processing of different types of extended
    operations in the server.
    processes the different types of extended operations in the server.
  </adm:synopsis>
  <adm:tag name="core" />
  <adm:profile name="ldap">
@@ -50,8 +49,8 @@
    <adm:synopsis>
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use (i.e. whether the types of extended operations
      that it defines will be allowed in the server).
      is enabled (that is, whether the types of extended operations
      are allowed in the server).
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -64,10 +63,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>

 opends/src/admin/defn/org/opends/server/admin/std/FIFOEntryCacheConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="fifo-entry-cache"
  plural-name="fifo-entry-caches" package="org.opends.server.admin.std"
@@ -73,7 +73,7 @@
  </adm:property-override>
  <adm:property name="lock-timeout" advanced="true">
    <adm:synopsis>
      The length of time to wait while attempting to acquire a read or
      Specifies the length of time to wait while attempting to acquire a read or
      write lock.
    </adm:synopsis>
    <adm:default-behavior>
@@ -93,7 +93,7 @@
  </adm:property>
  <adm:property name="max-memory-percent">
    <adm:synopsis>
      The maximum memory usage for the entry cache as a percentage of
      Specifies the maximum memory usage for the entry cache as a percentage of
      the total JVM memory.
    </adm:synopsis>
    <adm:default-behavior>
@@ -112,7 +112,7 @@
  </adm:property>
  <adm:property name="max-entries">
    <adm:synopsis>
      The maximum number of entries that we will allow in the cache.
      Specifies the maximum number of entries that we will allow in the cache.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:defined>

 opends/src/admin/defn/org/opends/server/admin/std/FileSystemEntryCacheConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="file-system-entry-cache"
  plural-name="file-system-entry-caches"
@@ -37,17 +37,17 @@
    track of the entries.
  </adm:synopsis>
  <adm:description>
    For the best performance the JE database should reside in a memory
    based file system, although any file system will do for this cache
    to function. Entries are maintained either by FIFO (default) or LRU
    (configurable) based list implementation. Cache sizing is based on
    For best performance, the JE database should reside in a memory
    based file system although any file system will do for this cache
    to function. Entries are maintained either by FIFO (default) or LRU-based
    (configurable) list implementation. Cache sizing is based on
    the size of free space available in the file system, such that if
    enough memory is free, then adding an entry to the cache will not
    require purging, but if more than a specified size of the file
    require purging. If more than the specified size of the file
    system available space is already consumed, then one or more entries
    will need to be removed in order to make room for a new entry. It is
    need to be removed in order to make room for a new entry. It is
    also possible to configure a maximum number of entries for the cache.
    If this is specified, then the number of entries will not be allowed
    If this is specified, then the number of entries are not allowed
    to exceed this value, but it may not be possible to hold this many
    entries if the available memory fills up first. Other configurable
    parameters for this cache include the maximum length of time to block
@@ -55,7 +55,7 @@
    used to define criteria for determining which entries are stored in
    the cache. If a set of filters are provided then an entry must match
    at least one of them in order to be stored in the cache.
    JE environment cache size can also be configured either as percentage
    JE environment cache size can also be configured either as a percentage
    of the free memory available in the JVM, or as an absolute size in
    bytes. This cache has a persistence property which, if enabled,
    allows for the contents of the cache to persist across server or
@@ -204,7 +204,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changing this property will only affect the encoding of the
          Changing this property only affects the encoding of the
          cache entries put in the cache after the change is made. It
          will not be retroactively applied to existing cache entries.
        </adm:synopsis>
@@ -226,7 +226,7 @@
  </adm:property>
  <adm:property name="db-cache-percent">
    <adm:synopsis>
      The maximum memory usage for the internal JE cache as a percentage
      Specifies the maximum memory usage for the internal JE cache as a percentage
      of the total JVM memory.
    </adm:synopsis>
    <adm:default-behavior>
@@ -245,7 +245,7 @@
  </adm:property>
  <adm:property name="db-cache-size">
    <adm:synopsis>
      The maximum JVM memory usage in bytes for the internal JE cache.
      Specifies the maximum JVM memory usage in bytes for the internal JE cache.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:defined>
@@ -269,11 +269,11 @@
    </adm:synopsis>
    <adm:description>
      Any Berkeley DB Java Edition property can be specified using the
      following form: property-name=property-value Refer to OpenDS
      following form: property-name=property-value. Refer to the OpenDS
      documentation for further information on related properties, their
      implications and range values. The definitive identification of
      all the property parameters available in the example.properties
      file of Berkeley DB Java Edition distribution.
      file in the Berkeley DB Java Edition distribution.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>

 opends/src/admin/defn/org/opends/server/admin/std/FingerprintCertificateMapperConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="fingerprint-certificate-mapper"
  plural-name="fingerprint-certificate-mappers"
@@ -70,7 +70,7 @@
  </adm:property>
  <adm:property name="fingerprint-algorithm" mandatory="true">
    <adm:synopsis>
      Specifies the name of the digest algorithm which should be used to
      Specifies the name of the digest algorithm to
      compute the fingerprint of client certificates.
    </adm:synopsis>
    <adm:syntax>
@@ -100,13 +100,13 @@
      Specifies the set of base DNs below which to search for users.
    </adm:synopsis>
    <adm:description>
      The base DNs will be used when performing searches to map the
      The base DNs are used when performing searches to map the
      client certificates to a user entry.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          The server will perform the search in all public naming
          The server performs the search in all public naming
          contexts.
        </adm:synopsis>
      </adm:alias>

 opends/src/admin/defn/org/opends/server/admin/std/GetSymmetricKeyExtendedOperationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="get-symmetric-key-extended-operation-handler"
  plural-name="get-symmetric-key-extended-operation-handlers"
@@ -34,7 +34,6 @@
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provides support for the get symmetric key extended operation, which
    is used by the OpenDS cryptographic framework for creating and
    obtaining symmetric encryption keys.
  </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml

@@ -34,7 +34,9 @@
    Global Configurations
  </adm:user-friendly-plural-name>
  <adm:synopsis>
    The global configuration contains properties that affect the overall
    The 
    <adm:user-friendly-name />
    contains properties that affect the overall
    operation of the
    <adm:product-name />
    .
@@ -51,8 +53,8 @@
      Indicates whether schema enforcement is active.
    </adm:synopsis>
    <adm:description>
      When schema enforcement is activate the Directory Server will
      ensure that all operations result in entries that are valid
      When schema enforcement is activated, the Directory Server 
      ensures that all operations result in entries are valid
      according to the defined server schema. It is strongly recommended
      that this option be left enabled to prevent the inadvertent
      addition of invalid data into the server.
@@ -73,7 +75,7 @@
  </adm:property>
  <adm:property name="default-password-policy" mandatory="true">
    <adm:synopsis>
      Specifies the name of the password policy that will be in effect
      Specifies the name of the password policy that is in effect
      for users whose entries do not specify an alternate password
      policy (either via a real or virtual attribute).
    </adm:synopsis>
@@ -109,8 +111,8 @@
  <adm:property name="allow-attribute-name-exceptions"
    advanced="true">
    <adm:synopsis>
      Indicates whether the Directory Server should allow the use of
      underscores in attribute names, and should allow attribute names
      Indicates whether the Directory Server should allow underscores 
      in attribute names and allow attribute names
      to begin with numeric digits (both of which are violations of the
      LDAP standards).
    </adm:synopsis>
@@ -131,9 +133,8 @@
  <adm:property name="invalid-attribute-syntax-behavior"
    advanced="true">
    <adm:synopsis>
      Specifies how the Directory Server should handle operations which
      would result in an attribute value that violates the associated
      attribute syntax.
      Specifies how the Directory Server should handle operations whenever
      an attribute value violates the associated attribute syntax.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:defined>
@@ -144,7 +145,7 @@
      <adm:enumeration>
        <adm:value name="accept">
          <adm:synopsis>
            The Directory Server will silently accept attribute values
            The Directory Server silently accepts attribute values
            that are invalid according to their associated syntax.
            Matching operations targeting those values may not behave as
            expected.
@@ -152,15 +153,15 @@
        </adm:value>
        <adm:value name="reject">
          <adm:synopsis>
            The Directory Server will reject attribute values that are
            The Directory Server rejects attribute values that are
            invalid according to their associated syntax.
          </adm:synopsis>
        </adm:value>
        <adm:value name="warn">
          <adm:synopsis>
            The Directory Server will accept attribute values that are
            invalid according to their associated syntax, but will also
            log a warning message to the error log. Matching operations
            The Directory Server accepts attribute values that are
            invalid according to their associated syntax, but also
            logs a warning message to the error log. Matching operations
            targeting those values may not behave as expected.
          </adm:synopsis>
        </adm:value>
@@ -174,9 +175,8 @@
  </adm:property>
  <adm:property name="server-error-result-code" advanced="true">
    <adm:synopsis>
      Specifies the numeric value of the result code that should be used
      for cases in which request processing fails due to an internal
      server error.
      Specifies the numeric value of the result code when request 
      processing fails due to an internal server error.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:defined>
@@ -195,9 +195,8 @@
  <adm:property name="single-structural-objectclass-behavior"
    advanced="true">
    <adm:synopsis>
      Specifies how the Directory Server should handle operations which
      would result in an entry without any structural object class, or
      that would result in an entry containing multiple structural
      Specifies how the Directory Server should handle operations an entry does 
      not contain a structural object class or contains multiple structural
      classes.
    </adm:synopsis>
    <adm:default-behavior>
@@ -209,7 +208,7 @@
      <adm:enumeration>
        <adm:value name="accept">
          <adm:synopsis>
            The Directory Server will silently accept entries that do
            The Directory Server silently accepts entries that do
            not contain exactly one structural object class. Certain
            schema features that depend on the entry's structural class
            may not behave as expected.
@@ -217,14 +216,14 @@
        </adm:value>
        <adm:value name="reject">
          <adm:synopsis>
            The Directory Server will reject entries that do not contain
            The Directory Server rejects entries that do not contain
            exactly one structural object class.
          </adm:synopsis>
        </adm:value>
        <adm:value name="warn">
          <adm:synopsis>
            The Directory Server will accept entries that do not contain
            exactly one structural object class, but will also log a
            The Directory Server accepts entries that do not contain
            exactly one structural object class, but also logs a
            warning message to the error log. Certain schema features
            that depend on the entry's structural class may not behave
            as expected.
@@ -268,11 +267,10 @@
  <adm:property name="size-limit">
    <adm:synopsis>
      Specifies the maximum number of entries that the Directory Server
      should return to the client in the course of processing a search
      operation.
      should return to the client durin a search operation.
    </adm:synopsis>
    <adm:description>
      A value of 0 indicates that no size limit will be enforced. Note
      A value of 0 indicates that no size limit is enforced. Note
      that this is the default server-wide limit, but it may be
      overridden on a per-user basis using the ds-rlim-size-limit
      operational attribute.
@@ -297,7 +295,7 @@
      should spend processing a search operation.
    </adm:synopsis>
    <adm:description>
      A value of 0 seconds indicates that no time limit will be
      A value of 0 seconds indicates that no time limit is
      enforced. Note that this is the default server-wide time limit,
      but it may be overridden on a per-user basis using the
      ds-rlim-time-limit operational attribute.
@@ -319,7 +317,7 @@
  <adm:property name="proxied-authorization-identity-mapper"
    mandatory="true">
    <adm:synopsis>
      Specifies the name of the identity mapper that will be used to map
      Specifies the name of the identity mapper to map
      authorization ID values (using the "u:" form) provided in the
      proxied authorization control to the corresponding user entry.
    </adm:synopsis>
@@ -346,8 +344,8 @@
  </adm:property>
  <adm:property name="writability-mode">
    <adm:synopsis>
      Specifies which kinds of write operations the Directory Server
      should attempt to process.
      Specifies the kinds of write operations the Directory Server
      can process.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:defined>
@@ -358,22 +356,22 @@
      <adm:enumeration>
        <adm:value name="enabled">
          <adm:synopsis>
            The Directory Server will attempt to process all write
            The Directory Server attempts to process all write
            operations that are requested of it, regardless of their
            origin.
          </adm:synopsis>
        </adm:value>
        <adm:value name="disabled">
          <adm:synopsis>
            The Directory Server will reject all write operations that
            The Directory Server rejects all write operations that
            are requested of it, regardless of their origin.
          </adm:synopsis>
        </adm:value>
        <adm:value name="internal-only">
          <adm:synopsis>
            The Directory Server will attempt to process write
            The Directory Server attempts to process write
            operations requested as internal operations or through
            synchronization, but will reject any such operations
            synchronization, but rejects any such operations
            requested from external clients.
          </adm:synopsis>
        </adm:value>
@@ -389,7 +387,7 @@
    <adm:synopsis>
      Indicates whether the Directory Server should reject any request
      (other than bind or StartTLS requests) received from a client that
      has not yet authenticated, whose last authentication attempt was
      has not yet been authenticated, whose last authentication attempt was
      unsuccessful, or whose last authentication attempt used anonymous
      authentication.
    </adm:synopsis>
@@ -443,7 +441,7 @@
      This includes any entry that the server must examine in the course
      of processing the request, regardless of whether it actually
      matches the search criteria. A value of 0 indicates that no
      lookthrough limit will be enforced. Note that this is the default
      lookthrough limit is enforced. Note that this is the default
      server-wide limit, but it may be overridden on a per-user basis
      using the ds-rlim-lookthrough-limit operational attribute.
    </adm:description>
@@ -464,7 +462,7 @@
  <adm:property name="smtp-server" multi-valued="true">
    <adm:synopsis>
      Specifies the address (and optional port number) for a mail server
      that can be used to send e-mail messages via SMTP.
      that can be used to send email messages via SMTP.
    </adm:synopsis>
    <adm:description>
      It may be an IP address or resolvable hostname, optionally
@@ -473,9 +471,7 @@
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          If no values are defined, then it will not be possible to take
          advantage of server features that may provide the ability to
          send e-mail via SMTP.
          If no values are defined, then the server cannot send email via SMTP.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
@@ -505,12 +501,12 @@
    </adm:synopsis>
    <adm:description>
      Any attempt to invoke a task not included in the list of allowed
      tasks will be rejected.
      tasks is rejected.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          If no values are defined, then the server will not allow any
          If no values are defined, then the server does not allow any
          tasks to be invoked.
        </adm:synopsis>
      </adm:alias>
@@ -530,14 +526,14 @@
      the server.
    </adm:synopsis>
    <adm:description>
      If a privilege is disabled, then it will be assumed that all
      clients (including unauthenticated clients) will have that
      If a privilege is disabled, then it is assumed that all
      clients (including unauthenticated clients) have that
      privilege.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          If no values are defined, then the server will enforce all
          If no values are defined, then the server enforces all
          privileges.
        </adm:synopsis>
      </adm:alias>
@@ -681,7 +677,7 @@
    <adm:description>
      Note that these messages may include information that could
      potentially be used by an attacker. If this option is disabled,
      then these messages will appear only in the server's access log.
      then these messages appears only in the server's access log.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>
@@ -703,8 +699,7 @@
      remain established since its last completed operation.
    </adm:synopsis>
    <adm:description>
      A value of "0 seconds" indicates that no idle time limit will be
      enforced.
      A value of "0 seconds" indicates that no idle time limit is enforced.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>
@@ -726,7 +721,7 @@
      configuration whenever the startup process completes successfully.
    </adm:synopsis>
    <adm:description>
      This can ensure that the server provides a "last known good"
      This ensures that the server provides a "last known good"
      configuration, which can be used as a reference (or copied into
      the active config) if the server fails to start with the current
      "active" configuration.
@@ -758,15 +753,15 @@
      <adm:enumeration>
        <adm:value name="auto">
          <adm:synopsis>
            In the "auto" configuration mode there is no workflow
            In the "auto" configuration mode, there is no workflow
            configuration. The workflows are created automatically based
            on the backend configuration. There will be one workflow per
            on the backend configuration. There is one workflow per
            backend base DN.
          </adm:synopsis>
        </adm:value>
        <adm:value name="manual">
          <adm:synopsis>
            In the "manual" configuration mode each workflow is created
            In the "manual" configuration mode, each workflow is created
            according to its description in the configuration.
          </adm:synopsis>
        </adm:value>
@@ -780,7 +775,7 @@
  </adm:property>
  <adm:property name="etime-resolution" mandatory="false">
    <adm:synopsis>
      The resolution to use for operation elapsed processing time (etime)
      Specifies the resolution to use for operation elapsed processing time (etime)
      measurements.
    </adm:synopsis>
    <adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/GroupImplementationConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="group-implementation"
  plural-name="group-implementations"
@@ -37,8 +37,8 @@
  </adm:synopsis>
  <adm:description>
    Different group implementations may have different ways of
    determining membership (e.g., it may explicitly list the members,
    and/or it may dynamically determine membership).
    determining membership. For example, some groups may explicitly list the members,
    and/or they may dynamically determine membership.
  </adm:description>
  <adm:tag name="core" />
  <adm:profile name="ldap">
@@ -52,9 +52,9 @@
  </adm:profile>
  <adm:property name="enabled" mandatory="true">
    <adm:synopsis>
      Indicate whether the
      Indicates whether the
      <adm:user-friendly-name />
      is enabled for use.
      is enabled.
    </adm:synopsis>
    <adm:syntax>
      <adm:boolean />
@@ -67,10 +67,13 @@
  </adm:property>
  <adm:property name="java-class" mandatory="true">
    <adm:synopsis>
      The fully-qualified name of the Java class that provides the
      Specifies the fully-qualified name of the Java class that provides the
      <adm:user-friendly-name />
      implementation.
    </adm:synopsis>
   <adm:requires-admin-action>
     <adm:component-restart />
   </adm:requires-admin-action>
    <adm:syntax>
      <adm:java-class>
        <adm:instance-of>org.opends.server.api.Group</adm:instance-of>

 opends/src/admin/defn/org/opends/server/admin/std/JMXAlertHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="jmx-alert-handler"
  plural-name="jmx-alert-handlers" package="org.opends.server.admin.std"
@@ -32,7 +32,7 @@
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    may be used to generate JMX notifications to alert administrators of
    is used to generate JMX notifications to alert administrators of
    significant events that occur within the server.
  </adm:synopsis>
  <adm:profile name="ldap">

 opends/src/admin/defn/org/opends/server/admin/std/JMXConnectionHandlerConfiguration.xml

@@ -80,7 +80,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately, but
          Changes to this property take effect immediately, but
          only for subsequent attempts to access the key manager
          provider for associated client connections.
        </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml

@@ -36,7 +36,7 @@
    is used to interact with clients using LDAP.
  </adm:synopsis>
  <adm:description>
    In particular, it provides full support for LDAPv3 and limited
    It provides full support for LDAPv3 and limited
    support for LDAPv2.
  </adm:description>
  <adm:constraint>
@@ -126,7 +126,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately, but
          Changes to this property take effect immediately, but
          only for subsequent attempts to access the key manager
          provider for associated client connections.
        </adm:synopsis>
@@ -176,7 +176,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately, but
          Changes to this property take effect immediately, but
          only for subsequent attempts to access the trust manager
          provider for associated client connections.
        </adm:synopsis>
@@ -226,7 +226,7 @@
      Multiple addresses may be provided as separate values for this
      attribute. If no values are provided, then the
      <adm:user-friendly-name />
      will listen on all interfaces.
      listens on all interfaces.
    </adm:description>
    <adm:requires-admin-action>
      <adm:component-restart />
@@ -247,14 +247,14 @@
  </adm:property>
  <adm:property name="allow-ldap-v2">
    <adm:synopsis>
      Indicates whether connections from LDAPv2 clients will be allowed.
      Indicates whether connections from LDAPv2 clients are allowed.
    </adm:synopsis>
    <adm:description>
      If LDAPv2 clients will be allowed, then only a minimal degree of
      special support will be provided for them to ensure that
      LDAPv3-specific protocol elements (e.g., Configuration Guide 25
      If LDAPv2 clients are allowed, then only a minimal degree of
      special support are provided for them to ensure that
      LDAPv3-specific protocol elements (for example, Configuration Guide 25
      controls, extended response messages, intermediate response
      messages, referrals, etc.) are not sent to an LDAPv2 client.
      messages, referrals) are not sent to an LDAPv2 client.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>
@@ -279,7 +279,7 @@
    <adm:description>
      If enabled, the
      <adm:user-friendly-name />
      will maintain statistics about the number and types of operations
      maintains statistics about the number and types of operations
      requested over LDAP and the amount of data sent and received.
    </adm:description>
    <adm:default-behavior>
@@ -303,7 +303,7 @@
      should use TCP keep-alive.
    </adm:synopsis>
    <adm:description>
      If enabled, the SO_KEEPALIVE socket option to indicate that TCP
      If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP
      keepalive messages should periodically be sent to the client to
      verify that the associated connection is still valid. This may
      also help prevent cases in which intermediate network hardware
@@ -333,13 +333,13 @@
      should use TCP no-delay.
    </adm:synopsis>
    <adm:description>
      If enabled, the TCP_NODELAY socket option will be used to ensure
      If enabled, the TCP_NODELAY socket option is used to ensure
      that response messages to the client are sent immediately rather
      than potentially waiting to determine whether additional response
      messages can be sent in the same packet. In most cases, using the
      TCP_NODELAY socket option will provide better performance and
      TCP_NODELAY socket option provides better performance and
      lower response times, but disabling it may help for some cases in
      which the server will send a large number of entries to a client
      which the server sends a large number of entries to a client
      in response to a search request.
    </adm:description>
    <adm:default-behavior>
@@ -363,7 +363,7 @@
      should reuse socket descriptors.
    </adm:synopsis>
    <adm:description>
      If enabled, the SO_REUSEADDR socket option will be used on the
      If enabled, the SO_REUSEADDR socket option is used on the
      server listen socket to potentially allow the reuse of socket
      descriptors for clients in a TIME_WAIT state. This may help the
      server avoid temporarily running out of socket descriptors in
@@ -415,15 +415,13 @@
  <adm:property name="max-request-size" advanced="true">
    <adm:synopsis>
      Specifies the size of the largest LDAP request message that will
      be allowed by this
      <adm:user-friendly-name />
      .
      be allowed by this LDAP Connection handler.      
    </adm:synopsis>
    <adm:description>
      This property is analogous to the maxBERSize configuration
      attribute of the Sun Java System Directory Server. This can help
      prevent denial-of-service attacks by clients that indicate they
      will send extremely large requests to the server causing it to
      send extremely large requests to the server causing it to
      attempt to allocate large amounts of memory.
    </adm:description>
    <adm:default-behavior>
@@ -442,7 +440,7 @@
  </adm:property>
  <adm:property name="num-request-handlers" advanced="true">
    <adm:synopsis>
      Specifies the number of request handlers that will be used to read
      Specifies the number of request handlers that are used to read
      requests from clients.
    </adm:synopsis>
    <adm:description>
@@ -450,7 +448,7 @@
      <adm:user-friendly-name />
      uses one thread to accept new connections from clients, but uses
      one or more additional threads to read requests from existing
      client connections. This can help ensure that new requests are
      client connections. This ensures that new requests are
      read efficiently and that the connection handler itself does not
      become a bottleneck when the server is under heavy load from many
      clients at the same time.
@@ -474,14 +472,14 @@
  </adm:property>
  <adm:property name="allow-start-tls">
    <adm:synopsis>
      Indicates whether clients will be allowed to use StartTLS.
      Indicates whether clients are allowed to use StartTLS.
    </adm:synopsis>
    <adm:description>
      If enabled, the
      <adm:user-friendly-name />
      will allow clients to use the StartTLS extended operation to
      allows clients to use the StartTLS extended operation to
      initiate secure communication over an otherwise insecure channel.
      Note that this will only be allowed if the
      Note that this is only allowed if the
      <adm:user-friendly-name />
      is not configured to use SSL, and if the server is configured with
      a valid key manager provider and a valid trust manager provider.
@@ -521,22 +519,22 @@
      <adm:enumeration>
        <adm:value name="disabled">
          <adm:synopsis>
            Clients will not be required to provide their own
            Clients are not required to provide their own
            certificates when performing SSL negotiation.
          </adm:synopsis>
        </adm:value>
        <adm:value name="optional">
          <adm:synopsis>
            Clients will be requested to provide their own certificates
            when performing SSL negotiation, but will still accept the
            Clients are requested to provide their own certificates
            when performing SSL negotiation, but still accept the
            connection even if the client does not provide a
            certificate.
          </adm:synopsis>
        </adm:value>
        <adm:value name="required">
          <adm:synopsis>
            Clients will be required to provide their own certificates
            when performing SSL negotiation, and will be refused access
            Clients are required to provide their own certificates
            when performing SSL negotiation and are refused access
            if the do not provide a certificate.
          </adm:synopsis>
        </adm:value>
@@ -551,13 +549,13 @@
  <adm:property name="accept-backlog" advanced="true">
    <adm:synopsis>
      Specifies the maximum number of pending connection attempts that
      will be allowed to queue up in the accept backlog before the
      are allowed to queue up in the accept backlog before the
      server starts rejecting new connection attempts.
    </adm:synopsis>
    <adm:description>
      This is primarily an issue for cases in which a large number of
      connections are established to the server in a very short period
      of time (e.g., a benchmark utility that creates a large number of
      of time (for example, a benchmark utility that creates a large number of
      client threads that each have their own connection to the server)
      and the connection handler is unable to keep up with the rate at
      which the new connections are established.
@@ -583,14 +581,14 @@
  </adm:property>
  <adm:property name="ssl-protocol" multi-valued="true">
    <adm:synopsis>
      Specifies the names of the SSL protocols that will be allowed for
      Specifies the names of the SSL protocols that are allowed for
      use in SSL or StartTLS communication.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          only impact new SSL/TLS-based sessions created after the
          Changes to this property take effect immediately but only 
          impact new SSL/TLS-based sessions created after the
          change.
        </adm:synopsis>
      </adm:none>
@@ -614,13 +612,13 @@
  </adm:property>
  <adm:property name="ssl-cipher-suite" multi-valued="true">
    <adm:synopsis>
      Specifies the names of the SSL cipher suites that will be allowed
      Specifies the names of the SSL cipher suites that are allowed
      for use in SSL or StartTLS communication.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect immediately but will
          Changes to this property take effect immediately but will
          only impact new SSL/TLS-based sessions created after the
          change.
        </adm:synopsis>
@@ -650,7 +648,7 @@
    </adm:synopsis>
    <adm:description>
      If an attempt to write data to a client takes longer than this
      length of time, then the client connection will be terminated.
      length of time, then the client connection is terminated.
    </adm:description>
    <adm:default-behavior>
      <adm:defined>

 opends/src/admin/defn/org/opends/server/admin/std/LDIFBackendConfiguration.xml

@@ -23,18 +23,20 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="ldif-backend" plural-name="ldif-backends"
  package="org.opends.server.admin.std" extends="backend"
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The LDIF backend provides a mechanism for interacting with data
    The 
    <adm:user-friendly-name />
    provides a mechanism for interacting with data
    stored in an LDIF file.
  </adm:synopsis>
  <adm:description>
    All basic LDAP operations are supported in the LDIF backend,
    All basic LDAP operations are supported in the LDIF backend 
    although it has minimal support for custom controls.
  </adm:description>
  <adm:profile name="ldap">
@@ -59,7 +61,7 @@
  </adm:property-override>
  <adm:property name="ldif-file" mandatory="true">
    <adm:synopsis>
      This specifies the path to the LDIF file containing the data for
      Specifies the path to the LDIF file containing the data for
      this backend.
    </adm:synopsis>
    <adm:requires-admin-action>
@@ -76,7 +78,7 @@
  </adm:property>
  <adm:property name="is-private-backend">
    <adm:synopsis>
      This indicates whether the backend should be considered a private
      Indicates whether the backend should be considered a private
      backend, which indicates that it is used for storing operational
      data rather than user-defined information.
    </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/LDIFConnectionHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="ldif-connection-handler"
  plural-name="ldif-connection-handlers"
@@ -33,13 +33,13 @@
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    may be used to process changes in the server using internal
    is used to process changes in the server using internal
    operations, where the changes to process are read from an LDIF file.
  </adm:synopsis>
  <adm:description>
    The connection handler will periodically look for the existence of a
    new file, will process the changes contained in that file as
    internal operations, and will write the result to an output file
    The connection handler periodically looks for the existence of a
    new file, processes the changes contained in that file as
    internal operations, and writse the result to an output file
    with comments indicating the result of the processing. NOTE: By
    default
    <adm:user-friendly-name />

 opends/src/admin/defn/org/opends/server/admin/std/LocalDBBackendConfiguration.xml

@@ -31,8 +31,9 @@
  xmlns:ldap="http://www.opends.org/admin-ldap"
  xmlns:cli="http://www.opends.org/admin-cli">
  <adm:synopsis>
    The primary backend provided by the OpenDS Directory Server uses the
    Berkeley DB Java Edition to store user-provided data in a local
    The 
    <adm:user-friendly-name />
    uses the Berkeley DB Java Edition to store user-provided data in a local
    repository.
  </adm:synopsis>
  <adm:description>
@@ -139,7 +140,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="0" />
      <adm:integer lower-limit="0" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -150,7 +151,7 @@
  <adm:property name="db-directory" mandatory="true">
    <adm:TODO>Default this to the db/backend-id</adm:TODO>
    <adm:synopsis>
      Specifies the path to the filesystem directory that will be used
      Specifies the path to the filesystem directory that is used
      to hold the Berkeley DB Java Edition database files containing the
      data for this backend.
    </adm:synopsis>
@@ -191,8 +192,8 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this setting will only take effect for writes that
          occur after the change is made. It will not be retroactively
          Changes to this setting take effect only for writes that
          occur after the change is made. It is not retroactively
          applied to existing data.
        </adm:synopsis>
      </adm:none>
@@ -219,14 +220,14 @@
    <adm:description>
      Note that this property applies only to the entries themselves and
      does not impact the index data. Further, the effectiveness of the
      compression will be based on the type of data contained in the
      compression is based on the type of data contained in the
      entry.
    </adm:description>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this setting will only take effect for writes that
          occur after the change is made. It will not be retroactively
          Changes to this setting take effect only for writes that
          occur after the change is made. It is not retroactively
          applied to existing data.
        </adm:synopsis>
      </adm:none>
@@ -253,7 +254,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes will not take effect for any import that may already
          Changes do not take effect for any import that may already
          be in progress.
        </adm:synopsis>
      </adm:none>
@@ -290,7 +291,7 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes will not take effect for any import that may already
          Changes do not take effect for any import that may already
          be in progress.
        </adm:synopsis>
      </adm:none>
@@ -311,13 +312,13 @@
  </adm:property>
  <adm:property name="import-queue-size" advanced="true">
    <adm:synopsis>
      Specifies the size (in number of entries) of the queue that will
      be used to hold the entries read during an LDIF import.
      Specifies the size (in number of entries) of the queue that is 
      used to hold the entries read during an LDIF import.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes will not take effect for any import that may already
          Changes do not take effect for any import that may already
          be in progress.
        </adm:synopsis>
      </adm:none>
@@ -328,7 +329,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="1" />
      <adm:integer lower-limit="1" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -338,20 +339,19 @@
  </adm:property>
  <adm:property name="import-temp-directory" mandatory="true">
    <adm:synopsis>
      Specifies the location of the directory that will be used for the
      files used to hold temporary information that will be used during
      the index post-processing phase of an LDIF import.
      Specifies the location of the directory that is used to hold 
      temporary information during the index post-processing phase of an LDIF import.
    </adm:synopsis>
    <adm:description>
      The specified directory will only be used while an import is in
      progress and the files created in this directory will be deleted
      The specified directory is only used while an import is in
      progress and the files created in this directory are deleted
      as they are processed. It may be an absolute path or one that is
      relative to the instance root directory.
    </adm:description>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes will not take effect for any import that may already
          Changes do not take effect for any import that may already
          be in progress.
        </adm:synopsis>
      </adm:none>
@@ -372,18 +372,18 @@
  </adm:property>
  <adm:property name="import-thread-count" advanced="true">
    <adm:synopsis>
      Specifies the number of threads that will be used for concurrent
      Specifies the number of threads that is used for concurrent
      processing during an LDIF import.
    </adm:synopsis>
    <adm:description>
      This should generally be a small multiple (e.g., 2x) of the number
      This should generally be a small multiple (for example, 2x) of the number
      of CPUs in the system for a traditional system, or equal to the
      number of CPU strands for a CMT system.
    </adm:description>
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes will not take effect for any import that may already
          Changes do not take effect for any import that may already
          be in progress.
        </adm:synopsis>
      </adm:none>
@@ -394,7 +394,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="1" />
      <adm:integer lower-limit="1" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -404,7 +404,7 @@
  </adm:property>
  <adm:property name="index-entry-limit">
    <adm:synopsis>
      Specifies the maximum number of entries that will be allowed to
      Specifies the maximum number of entries that is allowed to
      match a given index key before that particular index key is no
      longer maintained.
    </adm:synopsis>
@@ -418,7 +418,7 @@
      <adm:none>
        <adm:synopsis>
          If any index keys have already reached this limit, indexes
          will need to be rebuilt before they will be allowed to use the
          need to be rebuilt before they are allowed to use the
          new limit.
        </adm:synopsis>
      </adm:none>
@@ -429,7 +429,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="0" />
      <adm:integer lower-limit="0" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -445,12 +445,12 @@
    <adm:description>
      They should be expressed as three-digit octal values, which is the
      traditional representation for UNIX file permissions. The three
      digits represent the permissions that will be available for the
      digits represent the permissions that are available for the
      directory's owner, group members, and other users (in that order),
      and each digit is the octal representation of the read, write, and
      execute bits. Note that this only impacts permissions on the
      database directory and not on the files written into that
      directory. On UNIX systems, the user's umask will control
      directory. On UNIX systems, the user's umask controls
      permissions given to the database files.
    </adm:description>
    <adm:requires-admin-action>
@@ -481,13 +481,13 @@
  </adm:property>
  <adm:property name="preload-time-limit" advanced="true">
    <adm:synopsis>
      Specifies the length of time that the backend will be allowed to
      Specifies the length of time that the backend is allowed to
      spend "pre-loading" data when it is initialized.
    </adm:synopsis>
    <adm:description>
      The pre-load process may be used to pre-populate the database
      cache so that it can be more quickly available when the server is
      processing requests. A duration of zero means there will be no
      The pre-load process is used to pre-populate the database
      cache, so that it can be more quickly available when the server is
      processing requests. A duration of zero means there is no
      pre-load.
    </adm:description>
    <adm:default-behavior>
@@ -496,7 +496,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:duration base-unit="ms" lower-limit="0" />
      <adm:duration base-unit="ms" lower-limit="0" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -520,7 +520,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="0" />
      <adm:integer lower-limit="0" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -545,7 +545,7 @@
      </adm:defined>
    </adm:default-behavior>
    <adm:syntax>
      <adm:integer lower-limit="0" />
      <adm:integer lower-limit="0" upper-limit="2147483647" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
@@ -555,13 +555,13 @@
  </adm:property>
  <adm:property name="db-cache-percent">
    <adm:synopsis>
      The percentage of JVM memory to allocate to the database cache.
      Specifies the percentage of JVM memory to allocate to the database cache.
    </adm:synopsis>
    <adm:description>
      Specifies the percentage of memory available to the JVM that
      should be used for caching database contents. Note that this will
      only be used if the value of the db-cache-size property is set to
      "0 MB". Otherwise, the value of that property will be used instead
      should be used for caching database contents. Note that this is
      only used if the value of the db-cache-size property is set to
      "0 MB". Otherwise, the value of that property is used instead
      to control the cache size configuration.
    </adm:description>
    <adm:default-behavior>
@@ -605,12 +605,12 @@
  <adm:property name="db-cleaner-min-utilization" advanced="true">
    <adm:synopsis>
      Specifies the minimum percentage of "live" data that the database
      cleaner will attempt to keep in database log files.
      cleaner attempts to keep in database log files.
    </adm:synopsis>
    <adm:description>
      If the amount of live data in any database log file drops below
      this percentage, then the cleaner will move the remaining live
      data in that file to the end of the database and will delete the
      this percentage, then the cleaner moves the remaining live
      data in that file to the end of the database and deletes the
      original file in order to keep the database relatively compact.
    </adm:description>
    <adm:default-behavior>
@@ -629,12 +629,12 @@
  </adm:property>
  <adm:property name="db-run-cleaner" advanced="true">
    <adm:synopsis>
      This indicates whether the database cleaner threads should be
      Indicates whether the database cleaner threads should be
      enabled.
    </adm:synopsis>
    <adm:description>
      The cleaner threads will be used to periodically compact the
      database by identifying database files with a low (i.e., less than
      The cleaner threads are used to periodically compact the
      database by identifying database files with a low (that is, less than
      the amount specified by the db-cleaner-min-utilization property)
      percentage of live data, moving the remaining live data to the end
      of the log and deleting that file.
@@ -660,10 +660,9 @@
      information will be evicted first).
    </adm:synopsis>
    <adm:description>
      If the value of this configuration property is set to "false",
      then eviction will prefer to keep internal nodes of the underlying
      If set to "false", then the eviction keeps internal nodes of the underlying
      Btree in the cache over leaf notes, even if the leaf nodes have
      been accessed more recently, which may be a better configuration
      been accessed more recently. This may be a better configuration
      for databases in which only a very small portion of the data is
      cached.
    </adm:description>
@@ -723,8 +722,7 @@
  </adm:property>
  <adm:property name="db-log-file-max" advanced="true">
    <adm:synopsis>
      Specifies the maximum size that may be used for a database log
      file.
      Specifies the maximum size for a database log file.
    </adm:synopsis>
    <adm:requires-admin-action>
      <adm:component-restart />
@@ -749,7 +747,7 @@
      the same directory as the database log directory.
    </adm:synopsis>
    <adm:description>
      This file will contain information about the internal processing
      This file contains information about the internal processing
      performed by the underlying database.
    </adm:description>
    <adm:requires-admin-action>
@@ -772,7 +770,7 @@
  <adm:property name="db-logging-level" advanced="true">
    <adm:TODO>Use an enumeration</adm:TODO>
    <adm:synopsis>
      This specifies the log level that should be used by the database
      Specifies the log level that should be used by the database
      when it is writing information into the je.info file.
    </adm:synopsis>
    <adm:description>
@@ -800,13 +798,13 @@
  <adm:property name="db-checkpointer-bytes-interval" advanced="true">
    <adm:synopsis>
      Specifies the maximum number of bytes that may be written to the
      database before it will be forced to perform a checkpoint.
      database before it is forced to perform a checkpoint.
    </adm:synopsis>
    <adm:description>
      This can be used to bound the recovery time that may be required
      if the database environment is opened without having been properly
      closed. If this property is set to a non-zero value, the
      checkpointer wakeup interval is not used. To use time based
      checkpointer wakeup interval is not used. To use time-based
      checkpointing, set this property to zero.
    </adm:description>
    <adm:requires-admin-action>
@@ -833,7 +831,7 @@
      checkpoints.
    </adm:synopsis>
    <adm:description>
      Note that this will only be used if the value of the checkpointer
      Note that this is only used if the value of the checkpointer
      bytes interval is zero.
    </adm:description>
    <adm:requires-admin-action>
@@ -855,8 +853,7 @@
  </adm:property>
  <adm:property name="db-num-lock-tables" advanced="true">
    <adm:synopsis>
      This specifies the number of lock tables that should be used by
      the underlying database.
      Specifies the number of lock tables that are used by the underlying database.
    </adm:synopsis>
    <adm:description>
      This can be particularly important to help improve scalability by
@@ -912,7 +909,7 @@
    </adm:synopsis>
    <adm:description>
      Setting the value of this configuration attribute to "true" may
      improve write performance but could cause some number of the most
      improve write performance but could cause the most
      recent changes to be lost if the OpenDS Directory Server or the
      underlying JVM exits abnormally, or if an OS or hardware failure
      occurs (a behavior similar to running with transaction durability
@@ -939,11 +936,11 @@
    </adm:synopsis>
    <adm:description>
      If this value is set to "false", then all data written to disk
      will be synchronously flushed to persistent storage and thereby
      is synchronously flushed to persistent storage and thereby
      providing full durability. If it is set to "true", then data may
      be cached for a period of time by the underlying operating system
      before actually being written to disk. This may improve
      performance, but could cause some number of the most recent
      performance, but could cause the most recent
      changes to be lost in the event of an underlying OS or hardware
      failure (but not in the case that the OpenDS Directory Server or
      the JVM exits abnormally).
@@ -970,10 +967,10 @@
    </adm:synopsis>
    <adm:description>
      Any Berkeley DB Java Edition property can be specified using the
      following form: property-name=property-value Refer to OpenDS
      following form: property-name=property-value. Refer to OpenDS
      documentation for further information on related properties, their
      implications and range values. The definitive identification of
      all the property parameters available in the example.properties
      implications, and range values. The definitive identification of
      all the property parameters is available in the example.properties
      file of Berkeley DB Java Edition distribution.
    </adm:description>
    <adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/MemoryBackendConfiguration.xml

@@ -23,14 +23,16 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="memory-backend" plural-name="memory-backends"
  package="org.opends.server.admin.std" extends="backend"
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The memory backend provides a Directory Server backend
    The 
    <adm:user-friendly-name />
    provides a Directory Server backend
    implementation that stores entries in memory.
  </adm:synopsis>
  <adm:description>

 opends/src/admin/defn/org/opends/server/admin/std/MonitorBackendConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="monitor-backend"
  plural-name="monitor-backends" package="org.opends.server.admin.std"
@@ -31,7 +31,9 @@
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The monitor backend allows clients to access the information made
    The 
    <adm:user-friendly-name />
    allows clients to access the information made
    available by Directory Server monitor providers.
  </adm:synopsis>
  <adm:profile name="ldap">

 opends/src/admin/defn/org/opends/server/admin/std/PasswordModifyExtendedOperationHandlerConfiguration.xml

@@ -34,15 +34,15 @@
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provides the ability for end users to change their own passwords, or
    for administrators to reset user passwords.
    allows end users to change their own passwords, or 
    administrators to reset user passwords.
  </adm:synopsis>
  <adm:description>
    The password modify extended operation is defined in RFC 3062. It
    includes the ability for users to provide their current password for
    further confirmation of their identity when changing the password,
    and it also includes the ability to generate a new password if the
    user doesn't provide one.
    user does not provide one.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -67,9 +67,8 @@
      conjunction with the password modify extended operation.
    </adm:synopsis>
    <adm:description>
      This property will be used to identify a user based on an
      authorization ID in the 'u:' form. Changes to this property will
      take effect immediately.
      This property is used to identify a user based on an
      authorization ID in the 'u:' form. Changes to this property take effect immediately.
    </adm:description>
    <adm:syntax>
      <adm:aggregation relation-name="identity-mapper"

 opends/src/admin/defn/org/opends/server/admin/std/SMTPAccountStatusNotificationHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="smtp-account-status-notification-handler"
  plural-name="smtp-account-status-notification-handlers"
@@ -32,8 +32,9 @@
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    is an account status notification handler that can be used to send
    is a notification handler that sends
    email messages to end users and/or administrators whenever an
    account status notification is generated.
  </adm:synopsis>
@@ -59,21 +60,20 @@
  <adm:property name="email-address-attribute-type"
    multi-valued="true">
    <adm:synopsis>
      Specifies which attribute in user entries may be used to obtain
      the email address to use when notifying the end user.
      Specifies which attribute in the user's entries may be used to obtain
      the email address when notifying the end user.
    </adm:synopsis>
    <adm:description>
      Multiple attributes can be specified as separate values, and in
      that case all email addresses identified in all such values will
      receive the notification.
      You can specify more than one email address as separate values. In this case,
      the OpenDS server sends a notification to all email addresses identified.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          If no email address attribute types are specified, then no
          attempt will be made to send email notification messages to
          attempt is made to send email notification messages to
          end users. Only those users specified in the set of additional
          recipient addresses will be sent the notification messages.
          recipient addresses are sent the notification messages.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
@@ -88,7 +88,7 @@
  </adm:property>
  <adm:property name="recipient-address" multi-valued="true">
    <adm:synopsis>
      Specifies an email address to which notification messages will be
      Specifies an email address to which notification messages are
      sent, either instead of or in addition to the end user for whom
      the notification has been generated.
    </adm:synopsis>
@@ -101,7 +101,7 @@
        <adm:synopsis>
          If no additional recipient addresses are specified, then only
          the end users that are the subjects of the account status
          notifications will receive the notification messages.
          notifications receive the notification messages.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
@@ -120,7 +120,7 @@
      Indicates whether an email notification message should be
      generated and sent to the set of notification recipients even if
      the user entry does not contain any values for any of the email
      address attributes (and therefore it will not be possible to
      address attributes (that is, in cases when it is not be possible to
      notify the end user).
    </adm:synopsis>
    <adm:description>
@@ -146,8 +146,8 @@
  </adm:property>
  <adm:property name="sender-address" mandatory="true">
    <adm:synopsis>
      Specifies the e-mail address from which the message will be sent.
      Note that this does not necessarily have to be a legitimate e-mail
      Specifies the email address from which the message is sent.
      Note that this does not necessarily have to be a legitimate email
      address.
    </adm:synopsis>
    <adm:syntax>
@@ -171,7 +171,7 @@
      subject that should be used for the associated notification
      message. If an email message is generated for an account status
      notification type for which no subject is defined, then that
      message will be given a generic subject.
      message is given a generic subject.
    </adm:description>
    <adm:syntax>
      <adm:string />
@@ -185,8 +185,8 @@
  <adm:property name="message-template-file" mandatory="true"
    multi-valued="true">
    <adm:synopsis>
      Specifies the path to the file containing the message template
      that is to be used to generate the email notification messages.
      Specifies the path to the file containing the message template 
      to generate the email notification messages.
    </adm:synopsis>
    <adm:description>
      The values for this property should begin with the name of an
@@ -194,7 +194,7 @@
      to the template file that should be used for that notification
      type. If an account status notification has a notification type
      that is not associated with a message template file, then no email
      message will be generated for that notification.
      message is generated for that notification.
    </adm:description>
    <adm:syntax>
      <adm:string />

 opends/src/admin/defn/org/opends/server/admin/std/SMTPAlertHandlerConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="smtp-alert-handler"
  plural-name="smtp-alert-handlers"
@@ -53,7 +53,7 @@
  </adm:property-override>
  <adm:property name="sender-address" mandatory="true">
    <adm:synopsis>
      Specifies the e-mail address to use as the sender for messages
      Specifies the email address to use as the sender for messages
      generated by this alert handler.
    </adm:synopsis>
    <adm:syntax>
@@ -68,7 +68,7 @@
  <adm:property name="recipient-address" mandatory="true"
    multi-valued="true">
    <adm:synopsis>
      Specifies an e-mail address to which the messages should be sent.
      Specifies an email address to which the messages should be sent.
    </adm:synopsis>
    <adm:description>
      Multiple values may be provided if there should be more than one
@@ -85,15 +85,15 @@
  </adm:property>
  <adm:property name="message-subject" mandatory="true">
    <adm:synopsis>
      Specifies the subject that should be used for e-mail messages
      Specifies the subject that should be used for email messages
      generated by this alert handler.
    </adm:synopsis>
    <adm:description>
      The token "%%%%alert-type%%%%" will be dynamically replaced with
      the alert type string. The token "%%%%alert-id%%%%" will be
      The token "%%%%alert-type%%%%" is dynamically replaced with
      the alert type string. The token "%%%%alert-id%%%%" is
      dynamically replaced with the alert ID value. The token
      "%%%%alert-message%%%%" will be dynamically replaced with the
      alert message. The token "\\n" will be replaced with an
      "%%%%alert-message%%%%" is dynamically replaced with the
      alert message. The token "\\n" is replaced with an
      end-of-line marker.
    </adm:description>
    <adm:syntax>
@@ -107,15 +107,15 @@
  </adm:property>
  <adm:property name="message-body" mandatory="true">
    <adm:synopsis>
      Specifies the body that should be used for e-mail messages
      Specifies the body that should be used for email messages
      generated by this alert handler.
    </adm:synopsis>
    <adm:description>
      The token "%%%%alert-type%%%%" will be dynamically replaced with
      the alert type string. The token "%%%%alert-id%%%%" will be
      The token "%%%%alert-type%%%%" is dynamically replaced with
      the alert type string. The token "%%%%alert-id%%%%" is
      dynamically replaced with the alert ID value. The token
      "%%%%alert-message%%%%" will be dynamically replaced with the
      alert message. The token "\\n" will be replaced with an
      "%%%%alert-message%%%%" is dynamically replaced with the
      alert message. The token "\\n" is replaced with an
      end-of-line marker.
    </adm:description>
    <adm:syntax>

 opends/src/admin/defn/org/opends/server/admin/std/SchemaBackendConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="schema-backend" plural-name="schema-backends"
  package="org.opends.server.admin.std" extends="backend"
@@ -38,12 +38,12 @@
    structure rules that it contains.
  </adm:synopsis>
  <adm:description>
    The server will allow modify operations in this backend to alter the
    The server allows "modify" operations in this backend to alter the
    server schema definitions. The configuration entry for this backend
    is based on the ds-cfg-schema-backend structural object class. Note
    that any attribute types included in this entry that are not
    included in this object class (or the parent ds-cfg-backend class)
    will appear directly in the schema entry.
    appears directly in the schema entry.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>
@@ -68,18 +68,18 @@
  <adm:property name="schema-entry-dn" advanced="true"
    multi-valued="true">
    <adm:synopsis>
      This defines the base DNs of the subtrees in which the schema
      information will be published, in addition to the value included
      Defines the base DNs of the subtrees in which the schema
      information is published in addition to the value included
      in the base-dn property.
    </adm:synopsis>
    <adm:description>
      The value provided in the base-dn property is the only one that
      will appear in the subschemaSubentry operational attribute of the
      appears in the subschemaSubentry operational attribute of the
      server's root DSE (which is necessary because that is a
      single-valued attribute) and as a virtual attribute in other
      entries, but the schema-entry-dn attribute may be used to make the
      schema information available in other locations as well in case
      certain client applications have been hard-coded to expect the
      entries. The schema-entry-dn attribute may be used to make the
      schema information available in other locations to accommodate 
      certain client applications that have been hard-coded to expect the
      schema to reside in a specific location.
    </adm:description>
    <adm:default-behavior>
@@ -105,7 +105,7 @@
      This may provide compatibility with some applications that expect
      schema attributes like attributeTypes and objectClasses to be
      included by default even if they are not requested. Note that the
      ldapSyntaxes attribute will always be treated as operational in
      ldapSyntaxes attribute is always treated as operational in
      order to avoid problems with attempts to modify the schema over
      protocol.
    </adm:description>

 opends/src/admin/defn/org/opends/server/admin/std/SoftReferenceEntryCacheConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="soft-reference-entry-cache"
  plural-name="soft-reference-entry-caches"
@@ -31,9 +31,10 @@
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    is a Directory Server entry cache implementation that uses soft
    references to manage objects in a way that will allow them to be
    references to manage objects to allow them to be
    freed if the JVM is running low on memory.
  </adm:synopsis>
  <adm:profile name="ldap">
@@ -53,7 +54,7 @@
  </adm:property-override>
  <adm:property name="lock-timeout" advanced="true">
    <adm:synopsis>
      The length of time in milliseconds to wait while attempting to
      Specifies the length of time in milliseconds to wait while attempting to
      acquire a read or write lock.
    </adm:synopsis>
    <adm:default-behavior>

 opends/src/admin/defn/org/opends/server/admin/std/StaticGroupImplementationConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="static-group-implementation"
  plural-name="static-group-implementations"
@@ -38,9 +38,8 @@
    group.
  </adm:synopsis>
  <adm:description>
    Note that it is possible to nest static groups, which can be
    accomplished by including the DN of a nested group in the member
    list for the parent group.
    Note that it is possible to nest static groups by including the DN of a 
    nested group in the member list for the parent group.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>

 opends/src/admin/defn/org/opends/server/admin/std/TaskBackendConfiguration.xml

@@ -23,29 +23,26 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="task-backend" plural-name="task-backends"
  package="org.opends.server.admin.std" extends="backend"
  advanced="true" xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The task backend provides a mechanism for processing tasks in the
    The Task Backend provides a mechanism for scheduling tasks in the
    OpenDS Directory Server. Tasks are intended to provide access to
    certain types of administrative functions in the server that may not
    otherwise be convenient to perform remotely.
    be convenient to perform remotely.
  </adm:synopsis>
  <adm:description>
    Tasks that are currently available for use provide the ability to
    backup and restore backends, to import and export LDIF files, and to
    stop and restart the server. The details of the task to perform are
    held in an entry that is added below the root of the task backend,
    and then the task backend is responsible for decoding that task
    entry and ensuring that it is processed as requested. Tasks may be
    invoked immediately, but they may also be scheduled for execution at
    some future time. It is also expected that task backend will be
    given the ability to process recurring tasks, which can be used to
    help ensure that maintenance operations (e.g., backups) are
    OpenDS supports tasks to backup and restore backends, to import and export LDIF 
    files, and to stop and restart the server. The details of a task are
    in an entry that is below the root of the Task Backend. The Task Backend 
    is responsible for decoding that task entry and ensuring that it is processed 
    as requested. Tasks may be invoked immediately, but they may also be scheduled for execution at
    some future time. The task backend can also process recurring tasks to
    ensure that maintenance operations (for example, backups) are
    performed automatically on a regular basis.
  </adm:description>
  <adm:profile name="ldap">
@@ -72,11 +69,11 @@
  </adm:property-override>
  <adm:property name="task-backing-file" mandatory="true">
    <adm:synopsis>
      This specifies the path to the backing file for storing
      Specifies the path to the backing file for storing
      information about the tasks configured in the server.
    </adm:synopsis>
    <adm:description>
      It may be either an absolute path or a path that is relative to
      It may be either an absolute path or a relative path to
      the base of the OpenDS Directory Server instance.
    </adm:description>
    <adm:syntax>
@@ -90,7 +87,7 @@
  </adm:property>
  <adm:property name="task-retention-time">
    <adm:synopsis>
      This specifies the length of time that task entries should be
      Specifies the length of time that task entries should be
      retained after processing on the associated task has been
      completed.
    </adm:synopsis>
@@ -110,14 +107,14 @@
  </adm:property>
  <adm:property name="notification-sender-address">
    <adm:synopsis>
      This specifies the e-mail address to use as the sender (i.e.,
      "From:") address for notification mail messages generated when a
      task completes execution.
      Specifies the email address to use as the sender (that is,
      the "From:" address) address for notification mail messages generated 
      when a task completes execution.
    </adm:synopsis>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          The default sender address used will be
          The default sender address used is
          "opends-task-notification@" followed by the canonical address
          of the system on which the server is running.
        </adm:synopsis>

 opends/src/admin/defn/org/opends/server/admin/std/TrustStoreBackendConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="trust-store-backend"
  plural-name="trust-store-backends" extends="backend"
@@ -97,14 +97,14 @@
    <adm:requires-admin-action>
      <adm:none>
        <adm:synopsis>
          Changes to this property will take effect the next time that
          Changes to this property take effect the next time that
          the key manager is accessed.
        </adm:synopsis>
      </adm:none>
    </adm:requires-admin-action>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>The JVM default value will be used.</adm:synopsis>
        <adm:synopsis>The JVM default value is used.</adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
    <adm:syntax>

 opends/src/admin/defn/org/opends/server/admin/std/VirtualStaticGroupImplementationConfiguration.xml

@@ -23,7 +23,7 @@
  ! CDDL HEADER END
  !
  !
  !      Portions Copyright 2007 Sun Microsystems, Inc.
  !      Portions Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="virtual-static-group-implementation"
  plural-name="virtual-static-group-implementations"
@@ -39,7 +39,7 @@
  </adm:synopsis>
  <adm:description>
    The primary benefit of virtual static groups is that they make it
    possible to present other types of groups (e.g., dynamic groups) as
    possible to present other types of groups (for example, dynamic groups) as
    if they were static groups for the benefit of applications that do
    not support alternate grouping mechanisms.
  </adm:description>

			@@ -23,7 +23,7 @@
			! CDDL HEADER END
			!
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! Portions Copyright 2007-2008 Sun Microsystems, Inc.
			! -->
			<adm:managed-object name="access-control-handler"
			plural-name="access-control-handlers"
			@@ -33,8 +33,18 @@
			xmlns:cli="http://www.opends.org/admin-cli">
			<adm:synopsis>
			<adm:user-friendly-plural-name />
			manage the application-wide access-control.
			manage the application-wide access control. The OpenDS access control
			handler is defined through an extensible interface, so that alternate
			implementations can be created. Only one access control handler may be
			active in the server at any given time.
			</adm:synopsis>
			<adm:description>
			Note that OpenDS also has a privilege subsystem, which may have an impact
			on what clients may be allowed to do in the server. For example, any user
			with the bypass-acl privilege is not subject to access control
			checking regardless of whether the access control implementation is
			enabled.
			</adm:description>
			<adm:tag name="security" />
			<adm:profile name="ldap">
			<ldap:object-class>
			@@ -47,9 +57,12 @@
			</adm:profile>
			<adm:property name="enabled" mandatory="true">
			<adm:synopsis>
			Indicate whether the
			Indicates whether the
			<adm:user-friendly-name />
			is enabled for use.
			is enabled. If set to FALSE, then no access control is enforced, and any
			client (including unauthenticated or anonymous clients) could be allowed to perform any
			operation if not subject to other restrictions, such as those enforced by the privilege
			subsystem.
			</adm:synopsis>
			<adm:syntax>
			<adm:boolean />
			@@ -62,10 +75,13 @@
			</adm:property>
			<adm:property name="java-class" mandatory="true">
			<adm:synopsis>
			The fully-qualified name of the Java class that provides the
			Specifies the fully-qualified name of the Java class that provides the
			<adm:user-friendly-name />
			implementation.
			</adm:synopsis>
			<adm:requires-admin-action>
			<adm:component-restart />
			</adm:requires-admin-action>
			<adm:syntax>
			<adm:java-class>
			<adm:instance-of>

			@@ -23,20 +23,21 @@
			! CDDL HEADER END
			!
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! Portions Copyright 2007-2008 Sun Microsystems, Inc.
			! -->
			<adm:managed-object name="backup-backend" plural-name="backup-backends"
			package="org.opends.server.admin.std" extends="backend"
			advanced="true" xmlns:adm="http://www.opends.org/admin"
			xmlns:ldap="http://www.opends.org/admin-ldap">
			<adm:synopsis>
			The backup backend provides read-only access to the set of backups
			that are available for the OpenDS Directory Server.
			The
			<adm:user-friendly-name />
			provides read-only access to the set of backups
			that are available for the OpenDS Directory Server.
			</adm:synopsis>
			<adm:description>
			The backup backend is provided as a convenience feature that makes
			it easier to determine what backups are available to be restored if
			necessary.
			It is provided as a convenience feature that makes it easier to determine what
			backups are available to be restored if necessary.
			</adm:description>
			<adm:profile name="ldap">
			<ldap:object-class>
			@@ -65,8 +66,8 @@
			backups for a particular backend.
			</adm:synopsis>
			<adm:description>
			This is a multivalued property, and each value may specify a
			different backup directory if desired (e.g., one for each backend
			This is a multivalued property. Each value may specify a
			different backup directory if desired (one for each backend
			for which backups are taken). Values may be either absolute paths
			or paths that are relative to the base of the OpenDS Directory
			Server installation.

			@@ -34,7 +34,9 @@
			Global Configurations
			</adm:user-friendly-plural-name>
			<adm:synopsis>
			The global configuration contains properties that affect the overall
			The
			<adm:user-friendly-name />
			contains properties that affect the overall
			operation of the
			<adm:product-name />
			.
			@@ -51,8 +53,8 @@
			Indicates whether schema enforcement is active.
			</adm:synopsis>
			<adm:description>
			When schema enforcement is activate the Directory Server will
			ensure that all operations result in entries that are valid
			When schema enforcement is activated, the Directory Server
			ensures that all operations result in entries are valid
			according to the defined server schema. It is strongly recommended
			that this option be left enabled to prevent the inadvertent
			addition of invalid data into the server.
			@@ -73,7 +75,7 @@
			</adm:property>
			<adm:property name="default-password-policy" mandatory="true">
			<adm:synopsis>
			Specifies the name of the password policy that will be in effect
			Specifies the name of the password policy that is in effect
			for users whose entries do not specify an alternate password
			policy (either via a real or virtual attribute).
			</adm:synopsis>
			@@ -109,8 +111,8 @@
			<adm:property name="allow-attribute-name-exceptions"
			advanced="true">
			<adm:synopsis>
			Indicates whether the Directory Server should allow the use of
			underscores in attribute names, and should allow attribute names
			Indicates whether the Directory Server should allow underscores
			in attribute names and allow attribute names
			to begin with numeric digits (both of which are violations of the
			LDAP standards).
			</adm:synopsis>
			@@ -131,9 +133,8 @@
			<adm:property name="invalid-attribute-syntax-behavior"
			advanced="true">
			<adm:synopsis>
			Specifies how the Directory Server should handle operations which
			would result in an attribute value that violates the associated
			attribute syntax.
			Specifies how the Directory Server should handle operations whenever
			an attribute value violates the associated attribute syntax.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:defined>
			@@ -144,7 +145,7 @@
			<adm:enumeration>
			<adm:value name="accept">
			<adm:synopsis>
			The Directory Server will silently accept attribute values
			The Directory Server silently accepts attribute values
			that are invalid according to their associated syntax.
			Matching operations targeting those values may not behave as
			expected.
			@@ -152,15 +153,15 @@
			</adm:value>
			<adm:value name="reject">
			<adm:synopsis>
			The Directory Server will reject attribute values that are
			The Directory Server rejects attribute values that are
			invalid according to their associated syntax.
			</adm:synopsis>
			</adm:value>
			<adm:value name="warn">
			<adm:synopsis>
			The Directory Server will accept attribute values that are
			invalid according to their associated syntax, but will also
			log a warning message to the error log. Matching operations
			The Directory Server accepts attribute values that are
			invalid according to their associated syntax, but also
			logs a warning message to the error log. Matching operations
			targeting those values may not behave as expected.
			</adm:synopsis>
			</adm:value>
			@@ -174,9 +175,8 @@
			</adm:property>
			<adm:property name="server-error-result-code" advanced="true">
			<adm:synopsis>
			Specifies the numeric value of the result code that should be used
			for cases in which request processing fails due to an internal
			server error.
			Specifies the numeric value of the result code when request
			processing fails due to an internal server error.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:defined>
			@@ -195,9 +195,8 @@
			<adm:property name="single-structural-objectclass-behavior"
			advanced="true">
			<adm:synopsis>
			Specifies how the Directory Server should handle operations which
			would result in an entry without any structural object class, or
			that would result in an entry containing multiple structural
			Specifies how the Directory Server should handle operations an entry does
			not contain a structural object class or contains multiple structural
			classes.
			</adm:synopsis>
			<adm:default-behavior>
			@@ -209,7 +208,7 @@
			<adm:enumeration>
			<adm:value name="accept">
			<adm:synopsis>
			The Directory Server will silently accept entries that do
			The Directory Server silently accepts entries that do
			not contain exactly one structural object class. Certain
			schema features that depend on the entry's structural class
			may not behave as expected.
			@@ -217,14 +216,14 @@
			</adm:value>
			<adm:value name="reject">
			<adm:synopsis>
			The Directory Server will reject entries that do not contain
			The Directory Server rejects entries that do not contain
			exactly one structural object class.
			</adm:synopsis>
			</adm:value>
			<adm:value name="warn">
			<adm:synopsis>
			The Directory Server will accept entries that do not contain
			exactly one structural object class, but will also log a
			The Directory Server accepts entries that do not contain
			exactly one structural object class, but also logs a
			warning message to the error log. Certain schema features
			that depend on the entry's structural class may not behave
			as expected.
			@@ -268,11 +267,10 @@
			<adm:property name="size-limit">
			<adm:synopsis>
			Specifies the maximum number of entries that the Directory Server
			should return to the client in the course of processing a search
			operation.
			should return to the client durin a search operation.
			</adm:synopsis>
			<adm:description>
			A value of 0 indicates that no size limit will be enforced. Note
			A value of 0 indicates that no size limit is enforced. Note
			that this is the default server-wide limit, but it may be
			overridden on a per-user basis using the ds-rlim-size-limit
			operational attribute.
			@@ -297,7 +295,7 @@
			should spend processing a search operation.
			</adm:synopsis>
			<adm:description>
			A value of 0 seconds indicates that no time limit will be
			A value of 0 seconds indicates that no time limit is
			enforced. Note that this is the default server-wide time limit,
			but it may be overridden on a per-user basis using the
			ds-rlim-time-limit operational attribute.
			@@ -319,7 +317,7 @@
			<adm:property name="proxied-authorization-identity-mapper"
			mandatory="true">
			<adm:synopsis>
			Specifies the name of the identity mapper that will be used to map
			Specifies the name of the identity mapper to map
			authorization ID values (using the "u:" form) provided in the
			proxied authorization control to the corresponding user entry.
			</adm:synopsis>
			@@ -346,8 +344,8 @@
			</adm:property>
			<adm:property name="writability-mode">
			<adm:synopsis>
			Specifies which kinds of write operations the Directory Server
			should attempt to process.
			Specifies the kinds of write operations the Directory Server
			can process.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:defined>
			@@ -358,22 +356,22 @@
			<adm:enumeration>
			<adm:value name="enabled">
			<adm:synopsis>
			The Directory Server will attempt to process all write
			The Directory Server attempts to process all write
			operations that are requested of it, regardless of their
			origin.
			</adm:synopsis>
			</adm:value>
			<adm:value name="disabled">
			<adm:synopsis>
			The Directory Server will reject all write operations that
			The Directory Server rejects all write operations that
			are requested of it, regardless of their origin.
			</adm:synopsis>
			</adm:value>
			<adm:value name="internal-only">
			<adm:synopsis>
			The Directory Server will attempt to process write
			The Directory Server attempts to process write
			operations requested as internal operations or through
			synchronization, but will reject any such operations
			synchronization, but rejects any such operations
			requested from external clients.
			</adm:synopsis>
			</adm:value>
			@@ -389,7 +387,7 @@
			<adm:synopsis>
			Indicates whether the Directory Server should reject any request
			(other than bind or StartTLS requests) received from a client that
			has not yet authenticated, whose last authentication attempt was
			has not yet been authenticated, whose last authentication attempt was
			unsuccessful, or whose last authentication attempt used anonymous
			authentication.
			</adm:synopsis>
			@@ -443,7 +441,7 @@
			This includes any entry that the server must examine in the course
			of processing the request, regardless of whether it actually
			matches the search criteria. A value of 0 indicates that no
			lookthrough limit will be enforced. Note that this is the default
			lookthrough limit is enforced. Note that this is the default
			server-wide limit, but it may be overridden on a per-user basis
			using the ds-rlim-lookthrough-limit operational attribute.
			</adm:description>
			@@ -464,7 +462,7 @@
			<adm:property name="smtp-server" multi-valued="true">
			<adm:synopsis>
			Specifies the address (and optional port number) for a mail server
			that can be used to send e-mail messages via SMTP.
			that can be used to send email messages via SMTP.
			</adm:synopsis>
			<adm:description>
			It may be an IP address or resolvable hostname, optionally
			@@ -473,9 +471,7 @@
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			If no values are defined, then it will not be possible to take
			advantage of server features that may provide the ability to
			send e-mail via SMTP.
			If no values are defined, then the server cannot send email via SMTP.
			</adm:synopsis>
			</adm:alias>
			</adm:default-behavior>
			@@ -505,12 +501,12 @@
			</adm:synopsis>
			<adm:description>
			Any attempt to invoke a task not included in the list of allowed
			tasks will be rejected.
			tasks is rejected.
			</adm:description>
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			If no values are defined, then the server will not allow any
			If no values are defined, then the server does not allow any
			tasks to be invoked.
			</adm:synopsis>
			</adm:alias>
			@@ -530,14 +526,14 @@
			the server.
			</adm:synopsis>
			<adm:description>
			If a privilege is disabled, then it will be assumed that all
			clients (including unauthenticated clients) will have that
			If a privilege is disabled, then it is assumed that all
			clients (including unauthenticated clients) have that
			privilege.
			</adm:description>
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			If no values are defined, then the server will enforce all
			If no values are defined, then the server enforces all
			privileges.
			</adm:synopsis>
			</adm:alias>
			@@ -681,7 +677,7 @@
			<adm:description>
			Note that these messages may include information that could
			potentially be used by an attacker. If this option is disabled,
			then these messages will appear only in the server's access log.
			then these messages appears only in the server's access log.
			</adm:description>
			<adm:default-behavior>
			<adm:defined>
			@@ -703,8 +699,7 @@
			remain established since its last completed operation.
			</adm:synopsis>
			<adm:description>
			A value of "0 seconds" indicates that no idle time limit will be
			enforced.
			A value of "0 seconds" indicates that no idle time limit is enforced.
			</adm:description>
			<adm:default-behavior>
			<adm:defined>
			@@ -726,7 +721,7 @@
			configuration whenever the startup process completes successfully.
			</adm:synopsis>
			<adm:description>
			This can ensure that the server provides a "last known good"
			This ensures that the server provides a "last known good"
			configuration, which can be used as a reference (or copied into
			the active config) if the server fails to start with the current
			"active" configuration.
			@@ -758,15 +753,15 @@
			<adm:enumeration>
			<adm:value name="auto">
			<adm:synopsis>
			In the "auto" configuration mode there is no workflow
			In the "auto" configuration mode, there is no workflow
			configuration. The workflows are created automatically based
			on the backend configuration. There will be one workflow per
			on the backend configuration. There is one workflow per
			backend base DN.
			</adm:synopsis>
			</adm:value>
			<adm:value name="manual">
			<adm:synopsis>
			In the "manual" configuration mode each workflow is created
			In the "manual" configuration mode, each workflow is created
			according to its description in the configuration.
			</adm:synopsis>
			</adm:value>
			@@ -780,7 +775,7 @@
			</adm:property>
			<adm:property name="etime-resolution" mandatory="false">
			<adm:synopsis>
			The resolution to use for operation elapsed processing time (etime)
			Specifies the resolution to use for operation elapsed processing time (etime)
			measurements.
			</adm:synopsis>
			<adm:default-behavior>

			@@ -80,7 +80,7 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this property will take effect immediately, but
			Changes to this property take effect immediately, but
			only for subsequent attempts to access the key manager
			provider for associated client connections.
			</adm:synopsis>

			@@ -36,7 +36,7 @@
			is used to interact with clients using LDAP.
			</adm:synopsis>
			<adm:description>
			In particular, it provides full support for LDAPv3 and limited
			It provides full support for LDAPv3 and limited
			support for LDAPv2.
			</adm:description>
			<adm:constraint>
			@@ -126,7 +126,7 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this property will take effect immediately, but
			Changes to this property take effect immediately, but
			only for subsequent attempts to access the key manager
			provider for associated client connections.
			</adm:synopsis>
			@@ -176,7 +176,7 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this property will take effect immediately, but
			Changes to this property take effect immediately, but
			only for subsequent attempts to access the trust manager
			provider for associated client connections.
			</adm:synopsis>
			@@ -226,7 +226,7 @@
			Multiple addresses may be provided as separate values for this
			attribute. If no values are provided, then the
			<adm:user-friendly-name />
			will listen on all interfaces.
			listens on all interfaces.
			</adm:description>
			<adm:requires-admin-action>
			<adm:component-restart />
			@@ -247,14 +247,14 @@
			</adm:property>
			<adm:property name="allow-ldap-v2">
			<adm:synopsis>
			Indicates whether connections from LDAPv2 clients will be allowed.
			Indicates whether connections from LDAPv2 clients are allowed.
			</adm:synopsis>
			<adm:description>
			If LDAPv2 clients will be allowed, then only a minimal degree of
			special support will be provided for them to ensure that
			LDAPv3-specific protocol elements (e.g., Configuration Guide 25
			If LDAPv2 clients are allowed, then only a minimal degree of
			special support are provided for them to ensure that
			LDAPv3-specific protocol elements (for example, Configuration Guide 25
			controls, extended response messages, intermediate response
			messages, referrals, etc.) are not sent to an LDAPv2 client.
			messages, referrals) are not sent to an LDAPv2 client.
			</adm:description>
			<adm:default-behavior>
			<adm:defined>
			@@ -279,7 +279,7 @@
			<adm:description>
			If enabled, the
			<adm:user-friendly-name />
			will maintain statistics about the number and types of operations
			maintains statistics about the number and types of operations
			requested over LDAP and the amount of data sent and received.
			</adm:description>
			<adm:default-behavior>
			@@ -303,7 +303,7 @@
			should use TCP keep-alive.
			</adm:synopsis>
			<adm:description>
			If enabled, the SO_KEEPALIVE socket option to indicate that TCP
			If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP
			keepalive messages should periodically be sent to the client to
			verify that the associated connection is still valid. This may
			also help prevent cases in which intermediate network hardware
			@@ -333,13 +333,13 @@
			should use TCP no-delay.
			</adm:synopsis>
			<adm:description>
			If enabled, the TCP_NODELAY socket option will be used to ensure
			If enabled, the TCP_NODELAY socket option is used to ensure
			that response messages to the client are sent immediately rather
			than potentially waiting to determine whether additional response
			messages can be sent in the same packet. In most cases, using the
			TCP_NODELAY socket option will provide better performance and
			TCP_NODELAY socket option provides better performance and
			lower response times, but disabling it may help for some cases in
			which the server will send a large number of entries to a client
			which the server sends a large number of entries to a client
			in response to a search request.
			</adm:description>
			<adm:default-behavior>
			@@ -363,7 +363,7 @@
			should reuse socket descriptors.
			</adm:synopsis>
			<adm:description>
			If enabled, the SO_REUSEADDR socket option will be used on the
			If enabled, the SO_REUSEADDR socket option is used on the
			server listen socket to potentially allow the reuse of socket
			descriptors for clients in a TIME_WAIT state. This may help the
			server avoid temporarily running out of socket descriptors in
			@@ -415,15 +415,13 @@
			<adm:property name="max-request-size" advanced="true">
			<adm:synopsis>
			Specifies the size of the largest LDAP request message that will
			be allowed by this
			<adm:user-friendly-name />
			.
			be allowed by this LDAP Connection handler.
			</adm:synopsis>
			<adm:description>
			This property is analogous to the maxBERSize configuration
			attribute of the Sun Java System Directory Server. This can help
			prevent denial-of-service attacks by clients that indicate they
			will send extremely large requests to the server causing it to
			send extremely large requests to the server causing it to
			attempt to allocate large amounts of memory.
			</adm:description>
			<adm:default-behavior>
			@@ -442,7 +440,7 @@
			</adm:property>
			<adm:property name="num-request-handlers" advanced="true">
			<adm:synopsis>
			Specifies the number of request handlers that will be used to read
			Specifies the number of request handlers that are used to read
			requests from clients.
			</adm:synopsis>
			<adm:description>
			@@ -450,7 +448,7 @@
			<adm:user-friendly-name />
			uses one thread to accept new connections from clients, but uses
			one or more additional threads to read requests from existing
			client connections. This can help ensure that new requests are
			client connections. This ensures that new requests are
			read efficiently and that the connection handler itself does not
			become a bottleneck when the server is under heavy load from many
			clients at the same time.
			@@ -474,14 +472,14 @@
			</adm:property>
			<adm:property name="allow-start-tls">
			<adm:synopsis>
			Indicates whether clients will be allowed to use StartTLS.
			Indicates whether clients are allowed to use StartTLS.
			</adm:synopsis>
			<adm:description>
			If enabled, the
			<adm:user-friendly-name />
			will allow clients to use the StartTLS extended operation to
			allows clients to use the StartTLS extended operation to
			initiate secure communication over an otherwise insecure channel.
			Note that this will only be allowed if the
			Note that this is only allowed if the
			<adm:user-friendly-name />
			is not configured to use SSL, and if the server is configured with
			a valid key manager provider and a valid trust manager provider.
			@@ -521,22 +519,22 @@
			<adm:enumeration>
			<adm:value name="disabled">
			<adm:synopsis>
			Clients will not be required to provide their own
			Clients are not required to provide their own
			certificates when performing SSL negotiation.
			</adm:synopsis>
			</adm:value>
			<adm:value name="optional">
			<adm:synopsis>
			Clients will be requested to provide their own certificates
			when performing SSL negotiation, but will still accept the
			Clients are requested to provide their own certificates
			when performing SSL negotiation, but still accept the
			connection even if the client does not provide a
			certificate.
			</adm:synopsis>
			</adm:value>
			<adm:value name="required">
			<adm:synopsis>
			Clients will be required to provide their own certificates
			when performing SSL negotiation, and will be refused access
			Clients are required to provide their own certificates
			when performing SSL negotiation and are refused access
			if the do not provide a certificate.
			</adm:synopsis>
			</adm:value>
			@@ -551,13 +549,13 @@
			<adm:property name="accept-backlog" advanced="true">
			<adm:synopsis>
			Specifies the maximum number of pending connection attempts that
			will be allowed to queue up in the accept backlog before the
			are allowed to queue up in the accept backlog before the
			server starts rejecting new connection attempts.
			</adm:synopsis>
			<adm:description>
			This is primarily an issue for cases in which a large number of
			connections are established to the server in a very short period
			of time (e.g., a benchmark utility that creates a large number of
			of time (for example, a benchmark utility that creates a large number of
			client threads that each have their own connection to the server)
			and the connection handler is unable to keep up with the rate at
			which the new connections are established.
			@@ -583,14 +581,14 @@
			</adm:property>
			<adm:property name="ssl-protocol" multi-valued="true">
			<adm:synopsis>
			Specifies the names of the SSL protocols that will be allowed for
			Specifies the names of the SSL protocols that are allowed for
			use in SSL or StartTLS communication.
			</adm:synopsis>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this property will take effect immediately but will
			only impact new SSL/TLS-based sessions created after the
			Changes to this property take effect immediately but only
			impact new SSL/TLS-based sessions created after the
			change.
			</adm:synopsis>
			</adm:none>
			@@ -614,13 +612,13 @@
			</adm:property>
			<adm:property name="ssl-cipher-suite" multi-valued="true">
			<adm:synopsis>
			Specifies the names of the SSL cipher suites that will be allowed
			Specifies the names of the SSL cipher suites that are allowed
			for use in SSL or StartTLS communication.
			</adm:synopsis>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this property will take effect immediately but will
			Changes to this property take effect immediately but will
			only impact new SSL/TLS-based sessions created after the
			change.
			</adm:synopsis>
			@@ -650,7 +648,7 @@
			</adm:synopsis>
			<adm:description>
			If an attempt to write data to a client takes longer than this
			length of time, then the client connection will be terminated.
			length of time, then the client connection is terminated.
			</adm:description>
			<adm:default-behavior>
			<adm:defined>

			@@ -23,18 +23,20 @@
			! CDDL HEADER END
			!
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! Portions Copyright 2007-2008 Sun Microsystems, Inc.
			! -->
			<adm:managed-object name="ldif-backend" plural-name="ldif-backends"
			package="org.opends.server.admin.std" extends="backend"
			xmlns:adm="http://www.opends.org/admin"
			xmlns:ldap="http://www.opends.org/admin-ldap">
			<adm:synopsis>
			The LDIF backend provides a mechanism for interacting with data
			The
			<adm:user-friendly-name />
			provides a mechanism for interacting with data
			stored in an LDIF file.
			</adm:synopsis>
			<adm:description>
			All basic LDAP operations are supported in the LDIF backend,
			All basic LDAP operations are supported in the LDIF backend
			although it has minimal support for custom controls.
			</adm:description>
			<adm:profile name="ldap">
			@@ -59,7 +61,7 @@
			</adm:property-override>
			<adm:property name="ldif-file" mandatory="true">
			<adm:synopsis>
			This specifies the path to the LDIF file containing the data for
			Specifies the path to the LDIF file containing the data for
			this backend.
			</adm:synopsis>
			<adm:requires-admin-action>
			@@ -76,7 +78,7 @@
			</adm:property>
			<adm:property name="is-private-backend">
			<adm:synopsis>
			This indicates whether the backend should be considered a private
			Indicates whether the backend should be considered a private
			backend, which indicates that it is used for storing operational
			data rather than user-defined information.
			</adm:synopsis>

			@@ -31,8 +31,9 @@
			xmlns:ldap="http://www.opends.org/admin-ldap"
			xmlns:cli="http://www.opends.org/admin-cli">
			<adm:synopsis>
			The primary backend provided by the OpenDS Directory Server uses the
			Berkeley DB Java Edition to store user-provided data in a local
			The
			<adm:user-friendly-name />
			uses the Berkeley DB Java Edition to store user-provided data in a local
			repository.
			</adm:synopsis>
			<adm:description>
			@@ -139,7 +140,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="0" />
			<adm:integer lower-limit="0" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -150,7 +151,7 @@
			<adm:property name="db-directory" mandatory="true">
			<adm:TODO>Default this to the db/backend-id</adm:TODO>
			<adm:synopsis>
			Specifies the path to the filesystem directory that will be used
			Specifies the path to the filesystem directory that is used
			to hold the Berkeley DB Java Edition database files containing the
			data for this backend.
			</adm:synopsis>
			@@ -191,8 +192,8 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this setting will only take effect for writes that
			occur after the change is made. It will not be retroactively
			Changes to this setting take effect only for writes that
			occur after the change is made. It is not retroactively
			applied to existing data.
			</adm:synopsis>
			</adm:none>
			@@ -219,14 +220,14 @@
			<adm:description>
			Note that this property applies only to the entries themselves and
			does not impact the index data. Further, the effectiveness of the
			compression will be based on the type of data contained in the
			compression is based on the type of data contained in the
			entry.
			</adm:description>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes to this setting will only take effect for writes that
			occur after the change is made. It will not be retroactively
			Changes to this setting take effect only for writes that
			occur after the change is made. It is not retroactively
			applied to existing data.
			</adm:synopsis>
			</adm:none>
			@@ -253,7 +254,7 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes will not take effect for any import that may already
			Changes do not take effect for any import that may already
			be in progress.
			</adm:synopsis>
			</adm:none>
			@@ -290,7 +291,7 @@
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes will not take effect for any import that may already
			Changes do not take effect for any import that may already
			be in progress.
			</adm:synopsis>
			</adm:none>
			@@ -311,13 +312,13 @@
			</adm:property>
			<adm:property name="import-queue-size" advanced="true">
			<adm:synopsis>
			Specifies the size (in number of entries) of the queue that will
			be used to hold the entries read during an LDIF import.
			Specifies the size (in number of entries) of the queue that is
			used to hold the entries read during an LDIF import.
			</adm:synopsis>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes will not take effect for any import that may already
			Changes do not take effect for any import that may already
			be in progress.
			</adm:synopsis>
			</adm:none>
			@@ -328,7 +329,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="1" />
			<adm:integer lower-limit="1" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -338,20 +339,19 @@
			</adm:property>
			<adm:property name="import-temp-directory" mandatory="true">
			<adm:synopsis>
			Specifies the location of the directory that will be used for the
			files used to hold temporary information that will be used during
			the index post-processing phase of an LDIF import.
			Specifies the location of the directory that is used to hold
			temporary information during the index post-processing phase of an LDIF import.
			</adm:synopsis>
			<adm:description>
			The specified directory will only be used while an import is in
			progress and the files created in this directory will be deleted
			The specified directory is only used while an import is in
			progress and the files created in this directory are deleted
			as they are processed. It may be an absolute path or one that is
			relative to the instance root directory.
			</adm:description>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes will not take effect for any import that may already
			Changes do not take effect for any import that may already
			be in progress.
			</adm:synopsis>
			</adm:none>
			@@ -372,18 +372,18 @@
			</adm:property>
			<adm:property name="import-thread-count" advanced="true">
			<adm:synopsis>
			Specifies the number of threads that will be used for concurrent
			Specifies the number of threads that is used for concurrent
			processing during an LDIF import.
			</adm:synopsis>
			<adm:description>
			This should generally be a small multiple (e.g., 2x) of the number
			This should generally be a small multiple (for example, 2x) of the number
			of CPUs in the system for a traditional system, or equal to the
			number of CPU strands for a CMT system.
			</adm:description>
			<adm:requires-admin-action>
			<adm:none>
			<adm:synopsis>
			Changes will not take effect for any import that may already
			Changes do not take effect for any import that may already
			be in progress.
			</adm:synopsis>
			</adm:none>
			@@ -394,7 +394,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="1" />
			<adm:integer lower-limit="1" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -404,7 +404,7 @@
			</adm:property>
			<adm:property name="index-entry-limit">
			<adm:synopsis>
			Specifies the maximum number of entries that will be allowed to
			Specifies the maximum number of entries that is allowed to
			match a given index key before that particular index key is no
			longer maintained.
			</adm:synopsis>
			@@ -418,7 +418,7 @@
			<adm:none>
			<adm:synopsis>
			If any index keys have already reached this limit, indexes
			will need to be rebuilt before they will be allowed to use the
			need to be rebuilt before they are allowed to use the
			new limit.
			</adm:synopsis>
			</adm:none>
			@@ -429,7 +429,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="0" />
			<adm:integer lower-limit="0" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -445,12 +445,12 @@
			<adm:description>
			They should be expressed as three-digit octal values, which is the
			traditional representation for UNIX file permissions. The three
			digits represent the permissions that will be available for the
			digits represent the permissions that are available for the
			directory's owner, group members, and other users (in that order),
			and each digit is the octal representation of the read, write, and
			execute bits. Note that this only impacts permissions on the
			database directory and not on the files written into that
			directory. On UNIX systems, the user's umask will control
			directory. On UNIX systems, the user's umask controls
			permissions given to the database files.
			</adm:description>
			<adm:requires-admin-action>
			@@ -481,13 +481,13 @@
			</adm:property>
			<adm:property name="preload-time-limit" advanced="true">
			<adm:synopsis>
			Specifies the length of time that the backend will be allowed to
			Specifies the length of time that the backend is allowed to
			spend "pre-loading" data when it is initialized.
			</adm:synopsis>
			<adm:description>
			The pre-load process may be used to pre-populate the database
			cache so that it can be more quickly available when the server is
			processing requests. A duration of zero means there will be no
			The pre-load process is used to pre-populate the database
			cache, so that it can be more quickly available when the server is
			processing requests. A duration of zero means there is no
			pre-load.
			</adm:description>
			<adm:default-behavior>
			@@ -496,7 +496,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:duration base-unit="ms" lower-limit="0" />
			<adm:duration base-unit="ms" lower-limit="0" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -520,7 +520,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="0" />
			<adm:integer lower-limit="0" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -545,7 +545,7 @@
			</adm:defined>
			</adm:default-behavior>
			<adm:syntax>
			<adm:integer lower-limit="0" />
			<adm:integer lower-limit="0" upper-limit="2147483647" />
			</adm:syntax>
			<adm:profile name="ldap">
			<ldap:attribute>
			@@ -555,13 +555,13 @@
			</adm:property>
			<adm:property name="db-cache-percent">
			<adm:synopsis>
			The percentage of JVM memory to allocate to the database cache.
			Specifies the percentage of JVM memory to allocate to the database cache.
			</adm:synopsis>
			<adm:description>
			Specifies the percentage of memory available to the JVM that
			should be used for caching database contents. Note that this will
			only be used if the value of the db-cache-size property is set to
			"0 MB". Otherwise, the value of that property will be used instead
			should be used for caching database contents. Note that this is
			only used if the value of the db-cache-size property is set to
			"0 MB". Otherwise, the value of that property is used instead
			to control the cache size configuration.
			</adm:description>
			<adm:default-behavior>
			@@ -605,12 +605,12 @@
			<adm:property name="db-cleaner-min-utilization" advanced="true">
			<adm:synopsis>
			Specifies the minimum percentage of "live" data that the database
			cleaner will attempt to keep in database log files.
			cleaner attempts to keep in database log files.
			</adm:synopsis>
			<adm:description>
			If the amount of live data in any database log file drops below
			this percentage, then the cleaner will move the remaining live
			data in that file to the end of the database and will delete the
			this percentage, then the cleaner moves the remaining live
			data in that file to the end of the database and deletes the
			original file in order to keep the database relatively compact.
			</adm:description>
			<adm:default-behavior>
			@@ -629,12 +629,12 @@
			</adm:property>
			<adm:property name="db-run-cleaner" advanced="true">
			<adm:synopsis>
			This indicates whether the database cleaner threads should be
			Indicates whether the database cleaner threads should be
			enabled.
			</adm:synopsis>
			<adm:description>
			The cleaner threads will be used to periodically compact the
			database by identifying database files with a low (i.e., less than
			The cleaner threads are used to periodically compact the
			database by identifying database files with a low (that is, less than
			the amount specified by the db-cleaner-min-utilization property)
			percentage of live data, moving the remaining live data to the end
			of the log and deleting that file.
			@@ -660,10 +660,9 @@
			information will be evicted first).
			</adm:synopsis>
			<adm:description>
			If the value of this configuration property is set to "false",
			then eviction will prefer to keep internal nodes of the underlying
			If set to "false", then the eviction keeps internal nodes of the underlying
			Btree in the cache over leaf notes, even if the leaf nodes have
			been accessed more recently, which may be a better configuration
			been accessed more recently. This may be a better configuration
			for databases in which only a very small portion of the data is
			cached.
			</adm:description>
			@@ -723,8 +722,7 @@
			</adm:property>
			<adm:property name="db-log-file-max" advanced="true">
			<adm:synopsis>
			Specifies the maximum size that may be used for a database log
			file.
			Specifies the maximum size for a database log file.
			</adm:synopsis>
			<adm:requires-admin-action>
			<adm:component-restart />
			@@ -749,7 +747,7 @@
			the same directory as the database log directory.
			</adm:synopsis>
			<adm:description>
			This file will contain information about the internal processing
			This file contains information about the internal processing
			performed by the underlying database.
			</adm:description>
			<adm:requires-admin-action>
			@@ -772,7 +770,7 @@
			<adm:property name="db-logging-level" advanced="true">
			<adm:TODO>Use an enumeration</adm:TODO>
			<adm:synopsis>
			This specifies the log level that should be used by the database
			Specifies the log level that should be used by the database
			when it is writing information into the je.info file.
			</adm:synopsis>
			<adm:description>
			@@ -800,13 +798,13 @@
			<adm:property name="db-checkpointer-bytes-interval" advanced="true">
			<adm:synopsis>
			Specifies the maximum number of bytes that may be written to the
			database before it will be forced to perform a checkpoint.
			database before it is forced to perform a checkpoint.
			</adm:synopsis>
			<adm:description>
			This can be used to bound the recovery time that may be required
			if the database environment is opened without having been properly
			closed. If this property is set to a non-zero value, the
			checkpointer wakeup interval is not used. To use time based
			checkpointer wakeup interval is not used. To use time-based
			checkpointing, set this property to zero.
			</adm:description>
			<adm:requires-admin-action>
			@@ -833,7 +831,7 @@
			checkpoints.
			</adm:synopsis>
			<adm:description>
			Note that this will only be used if the value of the checkpointer
			Note that this is only used if the value of the checkpointer
			bytes interval is zero.
			</adm:description>
			<adm:requires-admin-action>
			@@ -855,8 +853,7 @@
			</adm:property>
			<adm:property name="db-num-lock-tables" advanced="true">
			<adm:synopsis>
			This specifies the number of lock tables that should be used by
			the underlying database.
			Specifies the number of lock tables that are used by the underlying database.
			</adm:synopsis>
			<adm:description>
			This can be particularly important to help improve scalability by
			@@ -912,7 +909,7 @@
			</adm:synopsis>
			<adm:description>
			Setting the value of this configuration attribute to "true" may
			improve write performance but could cause some number of the most
			improve write performance but could cause the most
			recent changes to be lost if the OpenDS Directory Server or the
			underlying JVM exits abnormally, or if an OS or hardware failure
			occurs (a behavior similar to running with transaction durability
			@@ -939,11 +936,11 @@
			</adm:synopsis>
			<adm:description>
			If this value is set to "false", then all data written to disk
			will be synchronously flushed to persistent storage and thereby
			is synchronously flushed to persistent storage and thereby
			providing full durability. If it is set to "true", then data may
			be cached for a period of time by the underlying operating system
			before actually being written to disk. This may improve
			performance, but could cause some number of the most recent
			performance, but could cause the most recent
			changes to be lost in the event of an underlying OS or hardware
			failure (but not in the case that the OpenDS Directory Server or
			the JVM exits abnormally).
			@@ -970,10 +967,10 @@
			</adm:synopsis>
			<adm:description>
			Any Berkeley DB Java Edition property can be specified using the
			following form: property-name=property-value Refer to OpenDS
			following form: property-name=property-value. Refer to OpenDS
			documentation for further information on related properties, their
			implications and range values. The definitive identification of
			all the property parameters available in the example.properties
			implications, and range values. The definitive identification of
			all the property parameters is available in the example.properties
			file of Berkeley DB Java Edition distribution.
			</adm:description>
			<adm:default-behavior>

			@@ -23,14 +23,16 @@
			! CDDL HEADER END
			!
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! Portions Copyright 2007-2008 Sun Microsystems, Inc.
			! -->
			<adm:managed-object name="memory-backend" plural-name="memory-backends"
			package="org.opends.server.admin.std" extends="backend"
			xmlns:adm="http://www.opends.org/admin"
			xmlns:ldap="http://www.opends.org/admin-ldap">
			<adm:synopsis>
			The memory backend provides a Directory Server backend
			The
			<adm:user-friendly-name />
			provides a Directory Server backend
			implementation that stores entries in memory.
			</adm:synopsis>
			<adm:description>

			@@ -34,15 +34,15 @@
			<adm:synopsis>
			The
			<adm:user-friendly-name />
			provides the ability for end users to change their own passwords, or
			for administrators to reset user passwords.
			allows end users to change their own passwords, or
			administrators to reset user passwords.
			</adm:synopsis>
			<adm:description>
			The password modify extended operation is defined in RFC 3062. It
			includes the ability for users to provide their current password for
			further confirmation of their identity when changing the password,
			and it also includes the ability to generate a new password if the
			user doesn't provide one.
			user does not provide one.
			</adm:description>
			<adm:profile name="ldap">
			<ldap:object-class>
			@@ -67,9 +67,8 @@
			conjunction with the password modify extended operation.
			</adm:synopsis>
			<adm:description>
			This property will be used to identify a user based on an
			authorization ID in the 'u:' form. Changes to this property will
			take effect immediately.
			This property is used to identify a user based on an
			authorization ID in the 'u:' form. Changes to this property take effect immediately.
			</adm:description>
			<adm:syntax>
			<adm:aggregation relation-name="identity-mapper"

			@@ -23,29 +23,26 @@
			! CDDL HEADER END
			!
			!
			! Portions Copyright 2007 Sun Microsystems, Inc.
			! Portions Copyright 2007-2008 Sun Microsystems, Inc.
			! -->
			<adm:managed-object name="task-backend" plural-name="task-backends"
			package="org.opends.server.admin.std" extends="backend"
			advanced="true" xmlns:adm="http://www.opends.org/admin"
			xmlns:ldap="http://www.opends.org/admin-ldap">
			<adm:synopsis>
			The task backend provides a mechanism for processing tasks in the
			The Task Backend provides a mechanism for scheduling tasks in the
			OpenDS Directory Server. Tasks are intended to provide access to
			certain types of administrative functions in the server that may not
			otherwise be convenient to perform remotely.
			be convenient to perform remotely.
			</adm:synopsis>
			<adm:description>
			Tasks that are currently available for use provide the ability to
			backup and restore backends, to import and export LDIF files, and to
			stop and restart the server. The details of the task to perform are
			held in an entry that is added below the root of the task backend,
			and then the task backend is responsible for decoding that task
			entry and ensuring that it is processed as requested. Tasks may be
			invoked immediately, but they may also be scheduled for execution at
			some future time. It is also expected that task backend will be
			given the ability to process recurring tasks, which can be used to
			help ensure that maintenance operations (e.g., backups) are
			OpenDS supports tasks to backup and restore backends, to import and export LDIF
			files, and to stop and restart the server. The details of a task are
			in an entry that is below the root of the Task Backend. The Task Backend
			is responsible for decoding that task entry and ensuring that it is processed
			as requested. Tasks may be invoked immediately, but they may also be scheduled for execution at
			some future time. The task backend can also process recurring tasks to
			ensure that maintenance operations (for example, backups) are
			performed automatically on a regular basis.
			</adm:description>
			<adm:profile name="ldap">
			@@ -72,11 +69,11 @@
			</adm:property-override>
			<adm:property name="task-backing-file" mandatory="true">
			<adm:synopsis>
			This specifies the path to the backing file for storing
			Specifies the path to the backing file for storing
			information about the tasks configured in the server.
			</adm:synopsis>
			<adm:description>
			It may be either an absolute path or a path that is relative to
			It may be either an absolute path or a relative path to
			the base of the OpenDS Directory Server instance.
			</adm:description>
			<adm:syntax>
			@@ -90,7 +87,7 @@
			</adm:property>
			<adm:property name="task-retention-time">
			<adm:synopsis>
			This specifies the length of time that task entries should be
			Specifies the length of time that task entries should be
			retained after processing on the associated task has been
			completed.
			</adm:synopsis>
			@@ -110,14 +107,14 @@
			</adm:property>
			<adm:property name="notification-sender-address">
			<adm:synopsis>
			This specifies the e-mail address to use as the sender (i.e.,
			"From:") address for notification mail messages generated when a
			task completes execution.
			Specifies the email address to use as the sender (that is,
			the "From:" address) address for notification mail messages generated
			when a task completes execution.
			</adm:synopsis>
			<adm:default-behavior>
			<adm:alias>
			<adm:synopsis>
			The default sender address used will be
			The default sender address used is
			"opends-task-notification@" followed by the canonical address
			of the system on which the server is running.
			</adm:synopsis>