From a9708916f4d9379375064ac29c0cde7118b8e04b Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Sat, 23 Jun 2007 22:23:18 +0000
Subject: [PATCH] Migrate the core configuration to the admin framework.
---
opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml | 410 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 410 insertions(+), 0 deletions(-)
diff --git a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
index 806de72..c59e367 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
@@ -37,6 +37,7 @@
.
</adm:synopsis>
<adm:tag name="core"/>
+
<adm:profile name="ldap">
<ldap:object-class>
<ldap:oid>1.3.6.1.4.1.26027.1.2.13</ldap:oid>
@@ -44,6 +45,7 @@
<ldap:superior>top</ldap:superior>
</ldap:object-class>
</adm:profile>
+
<adm:property name="check-schema" mandatory="true">
<adm:synopsis>
Indicates whether schema enforcement is active.
@@ -66,4 +68,412 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+
+ <adm:property name="default-password-policy" mandatory="true">
+ <adm:synopsis>
+ Specifies the DN of the configuration entry for the password policy that
+ will be in effect for users whose entries do not specify an alternate
+ password policy (either via a real or virtual attribute).
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:dn>
+ <adm:base>cn=Password Policies,cn=config</adm:base>
+ </adm:dn>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.202</ldap:oid>
+ <ldap:name>ds-cfg-default-password-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="add-missing-rdn-attributes" mandatory="false">
+ <adm:synopsis>
+ Indicates whether the Directory Server should automatically add any
+ attribute values contained in the entry's RDN into that entry when
+ processing an add request.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ true
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.142</ldap:oid>
+ <ldap:name>ds-cfg-add-missing-rdn-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="allow-attribute-name-exceptions" mandatory="false">
+ <adm:synopsis>
+ Indicates whether the Directory Server should allow the use of underscores
+ in attribute names, and should allow attribute names to begin with
+ numeric digits (both of which are violations of the LDAP standards).
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ false
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.5</ldap:oid>
+ <ldap:name>ds-cfg-allow-attribute-name-exceptions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="invalid-attribute-syntax-behavior" mandatory="false">
+ <adm:synopsis>
+ Specifies how the Directory Server should handle operations which would
+ result in an attribute value that violates the associated attribute
+ syntax.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ reject
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="accept">
+ <adm:synopsis>
+ The Directory Server will silently accept attribute values that are
+ invalid according to their associated syntax. Matching operations
+ targeting those values may not behave as expected.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reject">
+ <adm:synopsis>
+ The Directory Server will reject attribute values that are invalid
+ according to their associated syntax.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warn">
+ <adm:synopsis>
+ The Directory Server will accept attribute values that are invalid
+ according to their associated syntax, but will also log a warning
+ message to the error log. Matching operations targeting those
+ values may not behave as expected.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.44</ldap:oid>
+ <ldap:name>ds-cfg-invalid-attribute-syntax-behavior</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="server-error-result-code" mandatory="false">
+ <adm:synopsis>
+ Specifies the numeric value of the result code that should be used for
+ cases in which request processing fails due to an internal server error.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ 80
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.143</ldap:oid>
+ <ldap:name>ds-cfg-server-error-result-code</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="single-structural-objectclass-behavior" mandatory="false">
+ <adm:synopsis>
+ Specifies how the Directory Server should handle operations which would
+ result in an entry without any structural object class, or that would
+ result in an entry containing multiple structural classes.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ reject
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="accept">
+ <adm:synopsis>
+ The Directory Server will silently accept entries that do not
+ contain exactly one structural object class. Certain schema
+ features that depend on the entry's structural class may not behave
+ as expected.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reject">
+ <adm:synopsis>
+ The Directory Server will reject entries that do not contain exactly
+ one structural object class.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warn">
+ <adm:synopsis>
+ The Directory Server will accept entries that do not contain exactly
+ one structural object class, but will also log a warning message to
+ the error log. Certain schema features that depend on the entry's
+ structural class may not behave
+ as expected.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.117</ldap:oid>
+ <ldap:name>ds-cfg-single-structural-objectclass-behavior</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="notify-abandoned-operations" mandatory="false">
+ <adm:synopsis>
+ Indicates whether the Directory Server should send a response to any
+ operation that is interrupted via an abandon request. The LDAP
+ specification states that abandoned operations should not receive any
+ response, but this may cause problems with client applications that
+ always expect to receive a response to each request.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ false
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.71</ldap:oid>
+ <ldap:name>ds-cfg-notify-abandoned-operations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="size-limit" mandatory="false">
+ <adm:synopsis>
+ Specifies the maximum number of entries that the Directory Server should
+ return to the client in the course of processing a search operation. A
+ value of 0 indicates that no size limit will be enforced. Note that this
+ is the default server-wide limit, but it may be overridden on a per-user
+ basis using the ds-rlim-size-limit operational attribute.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ 1000
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.118</ldap:oid>
+ <ldap:name>ds-cfg-size-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="time-limit" mandatory="false">
+ <adm:synopsis>
+ Specifies the maximum length of time that the Directory Server should
+ spend procesing a search operation. A value of 0 seconds indicates that
+ no time limit will be enforced. Note that this is the default server-wide
+ time limit, but it may be overridden on a per-user basis using the
+ ds-rlim-time-limit operational attribute.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ 60 seconds
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.150</ldap:oid>
+ <ldap:name>ds-cfg-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="proxied-authorization-identity-mapper-dn"
+ mandatory="true">
+ <adm:synopsis>
+ Specifies the DN of the configuration entry for the identity mapper that
+ will be used to map authorization ID values (using the "u:" form) provided
+ in the proxied authorization control to the corresponding user entry.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:dn>
+ <adm:base>cn=Identity Mappers,cn=config</adm:base>
+ </adm:dn>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.149</ldap:oid>
+ <ldap:name>ds-cfg-proxied-authorization-identity-mapper-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="writability-mode" mandatory="false">
+ <adm:synopsis>
+ Specifies which kinds of write operations the Directory Server should
+ attempt to process.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ enabled
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="enabled">
+ <adm:synopsis>
+ The Directory Server will attempt to process all write operations
+ that are requested of it, regardless of their origin.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="disabled">
+ <adm:synopsis>
+ The Directory Server will reject all write operations that are
+ requested of it, regardless of their origin.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="internal-only">
+ <adm:synopsis>
+ The Directory Server will attempt to process write operations
+ requested as internal operations or through synchronization, but
+ will reject any such operations requested from external clients.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.161</ldap:oid>
+ <ldap:name>ds-cfg-writability-mode</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="reject-unauthenticated-requests" mandatory="false">
+ <adm:synopsis>
+ Indicates whether the Directory Server should reject any request (other
+ than bind or StartTLS requests) received from a client that has not yet
+ authenticated, whose last authentication attempt was unsuccessful, or
+ whose last authentication attempt used anonymous authentication.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ false
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.301</ldap:oid>
+ <ldap:name>ds-cfg-reject-unauthenticated-requests</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="bind-with-dn-requires-password" mandatory="false">
+ <adm:synopsis>
+ Indicates whether the Directory Server should reject any simple bind
+ request that contains a DN but no password. Although such bind requests
+ are technically allowed by the LDAPv3 specification (and should be treated
+ as anonymous simple authentication), they may introduce security problems
+ in applications that do not verify that the client actually provided a
+ password.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ true
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.163</ldap:oid>
+ <ldap:name>ds-cfg-bind-with-dn-requires-password</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="lookthrough-limit" mandatory="false">
+ <adm:synopsis>
+ Specifies the maximum number of entries that the Directory Server should
+ "look through" in the course of processing a search request. This
+ includes any entry that the server must examine in the course of
+ processing the request, regardless of whether it actually matches the
+ search criteria. A value of 0 indicates that no lookthrough limit will
+ be enforced. Note that this is the default server-wide limit, but it may
+ be overridden on a per-user basis using the ds-rlim-lookthrough-limit
+ operational attribute.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ 5000
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:oid>1.3.6.1.4.1.26027.1.1.285</ldap:oid>
+ <ldap:name>ds-cfg-lookthrough-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
</adm:managed-object>
+
--
Gitblit v1.10.0