From fd2092b89bfd222d23d01576baf4a283e7e1c62a Mon Sep 17 00:00:00 2001
From: neil_a_wilson <neil_a_wilson@localhost>
Date: Thu, 06 Sep 2007 01:14:54 +0000
Subject: [PATCH] Update password storage scheme references in the server so that they use DNs rather than storage scheme names.  This will allow better consistency in the configuration, since all other references between configuration objects are DN-based, and it will work better with the upcoming aggregation support. It also eliminates the need to know the storage scheme name, which is not obvious from looking at the configuration entry for the storage scheme, and can actually vary in some implementations depending on whether it's used with a user password or auth password syntax attribute.

---
 opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml |   44 +++++++++++++++++++-------------------------
 1 files changed, 19 insertions(+), 25 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
index 8f91647..d19b8e0 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyConfiguration.xml
@@ -65,54 +65,48 @@
     </adm:profile>
   </adm:property>
 
-  <adm:property name="default-password-storage-scheme" mandatory="true"
+  <adm:property name="default-password-storage-scheme-dn" mandatory="true"
     multi-valued="true">
     <adm:synopsis>
-      Specifies the password storage scheme (or set of schemes) that
-      will be used to encode clear-text passwords.
+      Specifies the DNs of the configuration entries for the password storage
+      schemes that will be used to encode clear-text passwords for this
+      password policy.
     </adm:synopsis>
-    <adm:description>
-      Specifies the password storage scheme (or set of schemes) that
-      will be used to encode clear-text passwords. If multiple default
-      storage schemes are defined for a password policy, then the same
-      password will be encoded using all of those schemes. Changes to
-      this configuration attribute will take effect immediately.
-    </adm:description>
     <adm:syntax>
-      <adm:string />
+      <adm:dn>
+        <adm:base>cn=password storage schemes,cn=config</adm:base>
+      </adm:dn>
     </adm:syntax>
     <adm:profile name="ldap">
       <ldap:attribute>
         <ldap:oid>1.3.6.1.4.1.26027.1.1.178</ldap:oid>
-        <ldap:name>ds-cfg-default-password-storage-scheme</ldap:name>
+        <ldap:name>ds-cfg-default-password-storage-scheme-dn</ldap:name>
       </ldap:attribute>
     </adm:profile>
   </adm:property>
 
-  <adm:property name="deprecated-password-storage-scheme"
+  <adm:property name="deprecated-password-storage-scheme-dn"
     mandatory="false" multi-valued="true">
     <adm:synopsis>
-      Specifies the password storage scheme (or set of schemes) that
-      should be considered deprecated.
+      Specifies the DNs of the configuration entries for password storage
+      schemes that will be considered deprecated for this password policy.  If a
+      user with this password policy authenticates to the server and his/her
+      password is encoded with any deprecated schemes, then those values will
+      be removed and replaced with values encoded using the default password
+      storage scheme(s).
     </adm:synopsis>
-    <adm:description>
-      Specifies the password storage scheme (or set of schemes) that
-      should be considered deprecated. If an authenticating user has a
-      password encoded with one of these schemes, those passwords will
-      be removed and replaced with passwords encoded using the default
-      schemes. Changes to this configuration attribute will take effect
-      immediately.
-    </adm:description>
     <adm:default-behavior>
       <adm:undefined />
     </adm:default-behavior>
     <adm:syntax>
-      <adm:string />
+      <adm:dn>
+        <adm:base>cn=password storage schemes,cn=config</adm:base>
+      </adm:dn>
     </adm:syntax>
     <adm:profile name="ldap">
       <ldap:attribute>
         <ldap:oid>1.3.6.1.4.1.26027.1.1.179</ldap:oid>
-        <ldap:name>ds-cfg-deprecated-password-storage-scheme</ldap:name>
+        <ldap:name>ds-cfg-deprecated-password-storage-scheme-dn</ldap:name>
       </ldap:attribute>
     </adm:profile>
   </adm:property>

--
Gitblit v1.10.0