From a791a43de44115e6e7f9de49a88cc2d452eb91a4 Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sun, 29 Jul 2007 21:30:06 +0000
Subject: [PATCH] Implement support for restricting the set of tasks that can be invoked in the server.  A new configuration attribute, ds-cfg-allowed-task, is now available in the cn=config entry, and any attempt to invoke a task whose fully-qualified class name is not included in this attribute will be rejected.

---
 opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
index f9901c5..e57546f 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
@@ -501,5 +501,30 @@
     </adm:profile>
   </adm:property>
 
+  <adm:property name="allowed-task" mandatory="false" multi-valued="true">
+    <adm:synopsis>
+      Specifies the fully-qualified name of a Java class that may be invoked in
+      the server.  Any attempt to invoke a task not included in the list of
+      allowed tasks will be rejected.
+    </adm:synopsis>
+    <adm:default-behavior>
+      <adm:alias>
+        <adm:synopsis>
+          If no values are defined, then the server will not allow any tasks to
+          be invoked.
+        </adm:synopsis>
+      </adm:alias>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:string />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:oid>1.3.6.1.4.1.26027.1.1.454</ldap:oid>
+        <ldap:name>ds-cfg-allowed-task</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
+
 </adm:managed-object>
 

--
Gitblit v1.10.0