From 09f30ce612f9df6508e2dafe0abb8fe0f448e9cf Mon Sep 17 00:00:00 2001
From: Nicolas Capponi <nicolas.capponi@forgerock.com>
Date: Wed, 27 Nov 2013 17:31:22 +0000
Subject: [PATCH] OpenDJ 3 : config framework
---
opendj-admin/src/main/resources/stylesheets/property-types/ip-address-mask.xsl | 41
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectEqualsDNCertificateMapperConfiguration.xml | 55
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryDNVirtualAttributeConfiguration.xml | 75
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDVirtualAttributeConfiguration.xml | 75
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectDNToUserAttributeCertificateMapperConfiguration.xml | 93
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationDomainConfiguration.xml | 549
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeCleanupPluginConfiguration.xml | 126
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PKCS11KeyManagerProviderConfiguration.xml | 63
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXConnectionHandlerConfiguration.xml | 179
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MD5PasswordStorageSchemeConfiguration.xml | 69
opendj-admin/src/main/resources/stylesheets/preprocessor.xsl | 1258 +
opendj-admin/src/main/resources/stylesheets/ldapMOProfile.xsl | 113
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeTypeDescriptionAttributeSyntaxConfiguration.xml | 85
opendj-admin/src/main/resources/stylesheets/admin-cli.xsd | 88
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRotationPolicyConfiguration.xml | 65
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogAccountStatusNotificationHandlerConfiguration.xml | 148
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConfigFileHandlerBackendConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedDebugLogPublisherConfiguration.xml | 271
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBIndexConfiguration.xml | 232
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RequestFilteringQOSPolicyConfiguration.xml | 208
opendj-admin/src/main/resources/stylesheets/property-types/string.xsl | 51
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDPluginConfiguration.xml | 79
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFBackendConfiguration.xml | 102
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalSASLMechanismHandlerConfiguration.xml | 139
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueCharactersPasswordValidatorConfiguration.xml | 97
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LengthBasedPasswordValidatorConfiguration.xml | 114
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WhoAmIExtendedOperationHandlerConfiguration.xml | 56
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ProfilerPluginConfiguration.xml | 191
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogFilteringCriteriaConfiguration.xml | 476
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileSystemEntryCacheConfiguration.xml | 304
opendj-admin/src/main/resources/com/forgerock/opendj/ldap/admin.properties | 290
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeSyntaxConfiguration.xml | 83
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IsMemberOfVirtualAttributeConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRetentionPolicyConfiguration.xml | 67
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedKeyManagerProviderConfiguration.xml | 128
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtendedOperationHandlerConfiguration.xml | 86
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RC4PasswordStorageSchemeConfiguration.xml | 59
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DictionaryPasswordValidatorConfiguration.xml | 198
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StructuralObjectClassVirtualAttributeConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ChangeNumberControlPluginConfiguration.xml | 75
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReferentialIntegrityPluginConfiguration.xml | 264
opendj-admin/src/main/resources/stylesheets/property-types/attribute-type.xsl | 42
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordExpirationTimeVirtualAttributeConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFConnectionHandlerConfiguration.xml | 104
opendj-admin/src/main/resources/stylesheets/java-utilities.xsl | 378
opendj-admin/src/main/resources/stylesheets/property-types/aggregation.xsl | 288
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileCountLogRetentionPolicyConfiguration.xml | 65
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SoftReferenceEntryCacheConfiguration.xml | 78
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollectiveAttributeSubentriesVirtualAttributeConfiguration.xml | 70
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CountryStringAttributeSyntaxConfiguration.xml | 76
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicySubentryVirtualAttributeConfiguration.xml | 70
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowElementConfiguration.xml | 93
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RepeatedCharactersPasswordValidatorConfiguration.xml | 101
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StartTLSExtendedOperationHandlerConfiguration.xml | 56
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNUserConfiguration.xml | 74
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlowfishPasswordStorageSchemeConfiguration.xml | 59
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustStoreBackendConfiguration.xml | 123
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ParallelWorkQueueConfiguration.xml | 91
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/QOSPolicyConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SevenBitCleanPluginConfiguration.xml | 120
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedTrustManagerProviderConfiguration.xml | 127
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DirectoryStringAttributeSyntaxConfiguration.xml | 78
opendj-admin/src/main/resources/stylesheets/property-types/java-class.xsl | 52
opendj-admin/src/main/resources/stylesheets/conditions.xsl | 96
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPConnectionHandlerConfiguration.xml | 607
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAuditLogPublisherConfiguration.xml | 288
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptoManagerConfiguration.xml | 312
opendj-admin/src/main/resources/stylesheets/property-types/aci.xsl | 41
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueAttributePluginConfiguration.xml | 109
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SchemaBackendConfiguration.xml | 122
opendj-admin/src/main/resources/stylesheets/property-types/password.xsl | 38
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SASLMechanismHandlerConfiguration.xml | 91
opendj-admin/src/main/resources/stylesheets/package-info.xsl | 94
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FingerprintCertificateMapperConfiguration.xml | 123
opendj-admin/src/main/resources/stylesheets/property-types.xsl | 637
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordGeneratorConfiguration.xml | 91
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupConfiguration.xml | 301
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SNMPConnectionHandlerConfiguration.xml | 348
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubschemaSubentryVirtualAttributeConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationSynchronizationProviderConfiguration.xml | 127
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA384PasswordStorageSchemeConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateMapperConfiguration.xml | 88
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FIFOEntryCacheConfiguration.xml | 133
opendj-admin/src/main/resources/stylesheets/property-types/integer.xsl | 58
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogPublisherConfiguration.xml | 195
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FixedTimeLogRotationPolicyConfiguration.xml | 73
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupPluginConfiguration.xml | 84
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyConfiguration.xml | 942 +
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogPublisherConfiguration.xml | 147
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TimeLimitLogRotationPolicyConfiguration.xml | 64
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustManagerProviderConfiguration.xml | 84
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginRootConfiguration.xml | 1670 ++
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugTargetConfiguration.xml | 249
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UserDefinedVirtualAttributeConfiguration.xml | 73
opendj-admin/src/main/resources/stylesheets/property-types/ip-address.xsl | 41
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClientConnectionMonitorProviderConfiguration.xml | 55
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRotationPolicyConfiguration.xml | 67
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RandomPasswordGeneratorConfiguration.xml | 119
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPConnectionHandlerConfiguration.xml | 574
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Base64PasswordStorageSchemeConfiguration.xml | 64
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AuthenticationPolicyConfiguration.xml | 67
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPPassThroughAuthenticationPolicyConfiguration.xml | 664 +
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AdministrationConnectorConfiguration.xml | 229
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptPasswordStorageSchemeConfiguration.xml | 120
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtensionConfiguration.xml | 90
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StackTraceMonitorProviderConfiguration.xml | 55
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RegularExpressionIdentityMapperConfiguration.xml | 190
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClearPasswordStorageSchemeConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPAttributeDescriptionListPluginConfiguration.xml | 76
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAccountStatusNotificationHandlerConfiguration.xml | 209
opendj-admin/src/main/resources/stylesheets/property-types/extensible-matching-rule-type.xsl | 42
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogPublisherConfiguration.xml | 79
opendj-admin/src/main/resources/stylesheets/property-types/duration.xsl | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ResourceLimitsQOSPolicyConfiguration.xml | 275
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA1PasswordStorageSchemeConfiguration.xml | 60
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TripleDESPasswordStorageSchemeConfiguration.xml | 59
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CharacterSetPasswordValidatorConfiguration.xml | 199
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualAttributeConfiguration.xml | 276
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginConfiguration.xml | 411
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SystemInfoMonitorProviderConfiguration.xml | 55
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXAlertHandlerConfiguration.xml | 53
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemberVirtualAttributeConfiguration.xml | 106
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StaticGroupImplementationConfiguration.xml | 57
opendj-admin/src/main/resources/stylesheets/xml.xsd | 146
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TraditionalWorkQueueConfiguration.xml | 115
opendj-admin/src/main/resources/stylesheets/serverMO.xsl | 420
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DigestMD5SASLMechanismHandlerConfiguration.xml | 211
opendj-admin/src/main/resources/stylesheets/property-types/boolean.xsl | 41
opendj-admin/src/main/resources/stylesheets/abbreviations.xsl | 61
opendj-admin/src/main/resources/stylesheets/admin-preprocessor.xsd | 121
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackendConfiguration.xml | 172
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationServerConfiguration.xml | 331
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryUsageMonitorProviderConfiguration.xml | 54
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootConfiguration.xml | 488
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedMD5PasswordStorageSchemeConfiguration.xml | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryBackendConfiguration.xml | 64
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackupBackendConfiguration.xml | 85
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TelephoneNumberAttributeSyntaxConfiguration.xml | 71
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VersionMonitorProviderConfiguration.xml | 54
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NullBackendConfiguration.xml | 75
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SimilarityBasedPasswordValidatorConfiguration.xml | 84
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AnonymousSASLMechanismHandlerConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyStateExtendedOperationHandlerConfiguration.xml | 58
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheConfiguration.xml | 102
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LastModPluginConfiguration.xml | 70
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MatchingRuleConfiguration.xml | 86
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualStaticGroupImplementationConfiguration.xml | 61
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordValidatorConfiguration.xml | 96
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SHA1PasswordStorageSchemeConfiguration.xml | 61
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugLogPublisherConfiguration.xml | 253
opendj-admin/src/main/resources/stylesheets/manifestMO.xsl | 52
opendj-admin/src/main/resources/stylesheets/property-types/dn.xsl | 48
opendj-admin/src/main/resources/stylesheets/clientMO.xsl | 511
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Package.xml | 578
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PlainSASLMechanismHandlerConfiguration.xml | 95
opendj-admin/src/main/resources/stylesheets/metaMO.xsl | 2027 +++
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAccessLogPublisherConfiguration.xml | 366
opendj-admin/src/main/resources/stylesheets/property-types/size.xsl | 58
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GoverningStructureRuleVirtualAttributeConfiguration.xml | 69
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetSymmetricKeyExtendedOperationHandlerConfiguration.xml | 58
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowConfiguration.xml | 107
opendj-admin/src/main/resources/stylesheets/admin.xsd | 2243 +++
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DseeCompatAccessControlHandlerConfiguration.xml | 83
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CramMD5SASLMechanismHandlerConfiguration.xml | 100
opendj-admin/src/main/resources/stylesheets/admin-ldap.xsd | 88
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AlertHandlerConfiguration.xml | 146
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateAttributeSyntaxConfiguration.xml | 75
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HasSubordinatesVirtualAttributeConfiguration.xml | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PBKDF2PasswordStorageSchemeConfiguration.xml | 78
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRetentionPolicyConfiguration.xml | 65
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA512PasswordStorageSchemeConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetConnectionIdExtendedOperationHandlerConfiguration.xml | 57
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GSSAPISASLMechanismHandlerConfiguration.xml | 252
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AESPasswordStorageSchemeConfiguration.xml | 59
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordModifyExtendedOperationHandlerConfiguration.xml | 97
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccountStatusNotificationHandlerConfiguration.xml | 90
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollationMatchingRuleConfiguration.xml | 126
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FractionalLDIFImportPluginConfiguration.xml | 50
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorBackendConfiguration.xml | 60
opendj-admin/src/main/resources/stylesheets/cliMOProfile.xsl | 77
opendj-admin/src/main/resources/stylesheets/property-types/oid.xsl | 38
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NumSubordinatesVirtualAttributeConfiguration.xml | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBBackendConfiguration.xml | 1078 +
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA256PasswordStorageSchemeConfiguration.xml | 62
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConnectionHandlerConfiguration.xml | 89
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDSEBackendConfiguration.xml | 88
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SynchronizationProviderConfiguration.xml | 98
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FreeDiskSpaceLogRetentionPolicyConfiguration.xml | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectAttributeToUserAttributeCertificateMapperConfiguration.xml | 104
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GlobalConfiguration.xml | 926 +
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPAccessLogPublisherConfiguration.xml | 59
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JPEGAttributeSyntaxConfiguration.xml | 71
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DynamicGroupImplementationConfiguration.xml | 52
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntityTagVirtualAttributeConfiguration.xml | 125
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExactMatchIdentityMapperConfiguration.xml | 112
opendj-admin/src/main/resources/stylesheets/property-types/enumeration.xsl | 105
opendj-admin/src/main/resources/com/forgerock/opendj/ldap/protocol.properties | 889 +
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNConfiguration.xml | 229
opendj-admin/src/main/resources/stylesheets/messagesMO.xsl | 225
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheMonitorProviderConfiguration.xml | 55
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyImportPluginConfiguration.xml | 159
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAlertHandlerConfiguration.xml | 130
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessControlHandlerConfiguration.xml | 99
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBVLVIndexConfiguration.xml | 232
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SambaPasswordPluginConfiguration.xml | 120
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalBackendWorkflowElementConfiguration.xml | 68
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedHTTPAccessLogPublisherConfiguration.xml | 361
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IdentityMapperConfiguration.xml | 90
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CancelExtendedOperationHandlerConfiguration.xml | 60
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkQueueConfiguration.xml | 78
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalChangelogDomainConfiguration.xml | 113
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeValuePasswordValidatorConfiguration.xml | 146
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlindTrustManagerProviderConfiguration.xml | 58
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GroupImplementationConfiguration.xml | 88
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordStorageSchemeConfiguration.xml | 89
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/KeyManagerProviderConfiguration.xml | 92
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorProviderConfiguration.xml | 85
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedErrorLogPublisherConfiguration.xml | 271
opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TaskBackendConfiguration.xml | 133
opendj-admin/src/main/resources/stylesheets/text-utilities.xsl | 187
220 files changed, 39,528 insertions(+), 0 deletions(-)
diff --git a/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/admin.properties b/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/admin.properties
new file mode 100644
index 0000000..288d7c5
--- /dev/null
+++ b/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/admin.properties
@@ -0,0 +1,290 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2006-2009 Sun Microsystems, Inc.
+
+
+#
+# Format string definitions
+#
+# Keys must be formatted as follows:
+#
+# [SEVERITY]_[DESCRIPTION]_[ORDINAL]
+#
+# where:
+#
+# SEVERITY is one of:
+# [INFO, MILD_WARN, SEVERE_WARN, MILD_ERR, SEVERE_ERR, FATAL_ERR, DEBUG, NOTICE]
+#
+# DESCRIPTION is an upper case string providing a hint as to the context of
+# the message in upper case with the underscore ('_') character serving as
+# word separator
+#
+# ORDINAL is an integer unique among other ordinals in this file
+#
+SEVERE_ERR_ADMIN_CANNOT_GET_LISTENER_BASE_1=An error occurred while trying to \
+ retrieve relation configuration entry %s: %s
+SEVERE_ERR_ADMIN_CANNOT_GET_MANAGED_OBJECT_3=An error occurred while trying \
+ to retrieve the managed object configuration entry %s: %s
+SEVERE_ERR_ADMIN_MANAGED_OBJECT_DOES_NOT_EXIST_4=The managed object \
+ configuration entry %s does not appear to exist in the Directory Server \
+ configuration. This is a required entry
+SEVERE_ERR_ADMIN_MANAGED_OBJECT_DECODING_PROBLEM_5=An error occurred while \
+ trying to decode the managed object configuration entry %s: %s
+SEVERE_ERR_ADMIN_CANNOT_INSTANTIATE_CLASS_6=The Directory Server was unable \
+ to load class %s and use it to create a component instance as defined in \
+ configuration entry %s. The error that occurred was: %s. This component \
+ will be disabled
+SEVERE_ERR_ADMIN_CANNOT_OPEN_JAR_FILE_9=The Directory Server jar file %s in \
+ directory %s cannot be loaded because an unexpected error occurred while \
+ trying to open the file for reading: %s
+MILD_ERR_ADMIN_NO_EXTENSIONS_DIR_12=The extensions directory %s does not \
+ exist, therefore no extensions will be loaded
+SEVERE_ERR_ADMIN_EXTENSIONS_DIR_NOT_DIRECTORY_13=Unable to read the Directory \
+ Server extensions because the extensions directory %s exists but is not a \
+ directory
+SEVERE_ERR_ADMIN_EXTENSIONS_CANNOT_LIST_FILES_14=Unable to read the Directory \
+ Server extensions from directory %s because an unexpected error occurred \
+ while trying to list the files in that directory: %s
+FATAL_ERR_ADMIN_CANNOT_FIND_CORE_MANIFEST_15=The core administration manifest \
+ file %s cannot be located
+SEVERE_ERR_ADMIN_CANNOT_READ_EXTENSION_MANIFEST_17=The administration \
+ manifest file %s associated with the extension %s cannot be loaded because an \
+ unexpected error occurred while trying to read it: %s
+INFO_ADMIN_TOOL_DESCRIPTION_18=This utility can be used to perform operations \
+ in the Directory Server administration framework
+INFO_ADMIN_SUBCMD_CREATE_GROUP_DESCRIPTION_19=Create a new server group
+INFO_ADMIN_ARG_DESCRIPTION_DESCRIPTION_20=The server group description. If \
+ not specified, the description will be empty
+INFO_ADMIN_SUBCMD_MODIFY_GROUP_DESCRIPTION_21=Modify a server group's \
+ properties
+INFO_ADMIN_ARG_NEW_DESCRIPTION_DESCRIPTION_22=If specified, the new \
+ description
+INFO_ADMIN_ARG_NEW_GROUPNAME_DESCRIPTION_23=If specified, the new server \
+ group's identifier
+INFO_ADMIN_SUBCMD_DELETE_GROUP_DESCRIPTION_24=Delete an existing server group
+INFO_ADMIN_SUBCMD_LIST_GROUPS_DESCRIPTION_25=List server groups that have \
+ been defined
+INFO_ADMIN_SUBCMD_ADD_TO_GROUP_DESCRIPTION_26=Add a server to a server group
+INFO_ADMIN_ARG_ADD_MEMBERNAME_DESCRIPTION_27=The server to add. This is a \
+ required argument
+INFO_ADMIN_SUBCMD_REMOVE_FROM_GROUP_DESCRIPTION_28=Remove a server from a \
+ server group
+INFO_ADMIN_ARG_REMOVE_MEMBERNAME_DESCRIPTION_29=The server to remove. This is \
+ a required argument
+INFO_ADMIN_SUBCMD_LIST_MEMBERS_DESCRIPTION_30=List servers of the specified \
+ server group
+INFO_ADMIN_SUBCMD_LIST_MEMBERSHIP_DESCRIPTION_31=List server groups in which \
+ the specified server is a member
+FATAL_ERR_ADMIN_CANNOT_CONNECT_TO_ADS_32=Could not connect to %s. Check that \
+ the server is running and that the provided credentials are valid
+INFO_ADMIN_SUBCMD_CREATE_ADS_DESCRIPTION_33=Create a new ADS DN
+INFO_ADMIN_SUBCMD_DELETE_ADS_DESCRIPTION_34=Delete an existing ADS DN
+FATAL_ERR_ADMIN_MISSING_HOSTNAME_35=The host name is missing
+FATAL_ERR_ADMIN_NOVALID_HOSTNAME_36=The host name is not valid
+FATAL_ERR_ADMIN_MISSING_IPATH_37=The installation path is missing
+FATAL_ERR_ADMIN_NOVALID_IPATH_38=The installation path is not valid
+FATAL_ERR_ADMIN_ACCESS_PERMISSION_39=An access permission error occurs
+FATAL_ERR_ADMIN_ALREADY_REGISTERED_40=The entity is already registered
+FATAL_ERR_ADMIN_BROKEN_INSTALL_41=The administrative repository is broken
+FATAL_ERR_ADMIN_NOT_YET_REGISTERED_42=The entity is not yet registered
+FATAL_ERR_ADMIN_MISSING_PORT_43=The port is missing
+FATAL_ERR_ADMIN_NOVALID_PORT_44=The port is not valid
+FATAL_ERR_ADMIN_MISSING_NAME_45=The name is missing
+FATAL_ERR_ADMIN_MISSING_ADMIN_UID_46=The administration UID is missing
+FATAL_ERR_ADMIN_MISSING_ADMIN_PASSWORD_47=The administrator password is \
+ missing
+FATAL_ERR_ADMIN_ERROR_UNEXPECTED_48=An unexpected error occurs
+INFO_ADMIN_ERROR_49=[error]
+INFO_ADMIN_SUCCESSFUL_50=The operation has been successfully completed
+INFO_ADMIN_SUCCESSFUL_NOP_51=The operation has been successfully completed, \
+ but no action was required
+SEVERE_ERR_ADMIN_NO_MESSAGE_52=
+INFO_ADMIN_ARG_CREATE_GROUP_GROUPNAME_DESCRIPTION_53=The new group's \
+ identifier. This is a required argument
+INFO_ADMIN_ARG_GROUPNAME_DESCRIPTION_54=The group's identifier. This is a \
+ required argument
+INFO_ADMIN_ARG_MEMBERNAME_DESCRIPTION_55=The member's identifier. This is a \
+ required argument
+INFO_ADMIN_ARG_BACKENDNAME_DESCRIPTION_56=The name of the backend in which \
+ the admin data will be stored
+SEVERE_ERR_ADMIN_UNABLE_TO_REGISTER_LISTENER_57=Unable to register an \
+ add/delete listener against the entry "%s" because it does not exist in the \
+ configuration
+INFO_ADMIN_SUBCMD_REGISTER_SERVER_DESCRIPTION_58=Register a server into the \
+ administrative domain
+INFO_ADMIN_SUBCMD_UNREGISTER_SERVER_DESCRIPTION_59=Unregister a server from \
+ the administrative domain
+INFO_ADMIN_SUBCMD_LIST_SERVER_PROPS_DESCRIPTION_61=Describes server \
+ properties
+INFO_ADMIN_SUBCMD_LIST_SERVERS_DESCRIPTION_62=List servers that have been \
+ defined
+INFO_ADMIN_SUBCMD_GET_SERVER_PROPERTIES_DESCRIPTION_63=Shows server \
+ properties
+INFO_ADMIN_SUBCMD_SET_SERVER_PROPERTIES_DESCRIPTION_64=Modifies server \
+ properties
+INFO_ADMIN_ARG_SERVERID_DESCRIPTION_65=The registered server's unique \
+ identifier. This is a required argument
+FATAL_ERR_ADMIN_SERVER_NOT_REGISTERED_66=The provided serverId is not \
+ registered
+INFO_ADMIN_SUBCMD_CREATE_ADMIN_USER_DESCRIPTION_67=Creates a new \
+ administrator
+INFO_ADMIN_SUBCMD_DELETE_ADMIN_USER_DESCRIPTION_68=Deletes an existing \
+ administrator
+INFO_ADMIN_SUBCMD_LIST_ADMIN_USER_DESCRIPTION_69=Lists administrators that \
+ have been defined
+INFO_ADMIN_SUBCMD_GET_ADMIN_USER_PROPERTIES_DESCRIPTION_70=Shows \
+ administrator's properties
+INFO_ADMIN_SUBCMD_SET_ADMIN_USER_PROPERTIES_DESCRIPTION_71=Modifies \
+ administrator's properties
+INFO_ADMIN_SUBCMD_LIST_ADMIN_USER_PROPERTIES_DESCRIPTION_72=Describes \
+ administrator's properties
+INFO_ADMIN_ARG_USERID_DESCRIPTION_73=The administrator's unique identifier. \
+ This is a required argument
+SEVERE_ERR_OPERATION_REJECTED_DEFAULT_74=Reason unknown
+SEVERE_ERR_SERVER_CONSTRAINT_EXCEPTION_75=A configuration exception \
+ occurred while evaluating a constraint: %s
+SEVERE_ERR_DECODING_EXCEPTION_NO_TYPE_INFO_82=The %s could \
+ be found but did not contain any type information (e.g. missing object \
+ classes in LDAP)
+SEVERE_ERR_DECODING_EXCEPTION_WRONG_TYPE_INFO_83=The %s could \
+ be found but did not contain the expected type information (e.g. incorrect \
+ object classes in LDAP)
+SEVERE_ERR_DECODING_EXCEPTION_ABSTRACT_TYPE_INFO_84=The %s \
+ could be found but its type resolved to an abstract managed object \
+ definition
+SEVERE_ERR_DEFAULT_BEHAVIOR_PROPERTY_EXCEPTION_86=The default values \
+ for the "%s" property could not be determined
+SEVERE_ERR_ILLEGAL_PROPERTY_VALUE_EXCEPTION_87=The value "%s" is not \
+ a valid value for the "%s" property, which must have the following \
+ syntax: %s
+SEVERE_ERR_ILLEGAL_PROPERTY_VALUE_STRING_EXCEPTION_88=The string value \
+ "%s" is not a valid value for the "%s" property, which must have the \
+ following syntax: %s
+SEVERE_ERR_PROPERTY_IS_MANDATORY_EXCEPTION_89=The "%s" property must be \
+ specified as it is mandatory
+SEVERE_ERR_PROPERTY_IS_READ_ONLY_EXCEPTION_90=The "%s" property must not \
+ be modified as it is read-only
+SEVERE_ERR_PROPERTY_IS_SINGLE_VALUED_EXCEPTION_91=The "%s" property \
+ must not contain more than one value
+SEVERE_ERR_UNKNOWN_PROPERTY_DEFINITION_EXCEPTION_92=An internal error \
+ occurred while processing property "%s": unknown property type "%s"
+SEVERE_ERR_AUTHENTICATION_EXCEPTION_DEFAULT_93=Authentication failure
+SEVERE_ERR_AUTHENTICATION_NOT_SUPPORTED_EXCEPTION_DEFAULT_94=The \
+ requested authentication mechanism is not supported by the server
+SEVERE_ERR_AUTHORIZATION_EXCEPTION_DEFAULT_95=Authorization failure
+SEVERE_ERR_COMMUNICATION_EXCEPTION_DEFAULT_96=A communication problem \
+ occurred while contacting the server
+SEVERE_ERR_OPERATION_REJECTED_EXCEPTION_SINGLE_97=The operation was rejected \
+ for the following reason: %s
+SEVERE_ERR_OPERATION_REJECTED_EXCEPTION_PLURAL_98=The operation was rejected \
+ for the following reasons: %s
+SEVERE_ERR_CONCURRENT_MODIFICATION_EXCEPTION_DEFAULT_99=The operation could \
+ not be performed because a conflicting change has already occurred. There \
+ may be another client administration tool in use
+SEVERE_ERR_MANAGED_OBJECT_DECODING_EXCEPTION_SINGLE_100=The %s could not \
+ be decoded due to the following reason: %s
+SEVERE_ERR_MANAGED_OBJECT_DECODING_EXCEPTION_PLURAL_101=The %s could not \
+ be decoded due to the following reasons: %s
+SEVERE_ERR_ILLEGAL_MANAGED_OBJECT_NAME_EXCEPTION_EMPTY_102=Empty managed \
+ object names are not permitted
+SEVERE_ERR_ILLEGAL_MANAGED_OBJECT_NAME_EXCEPTION_BLANK_103=Blank managed \
+ object names are not permitted
+SEVERE_ERR_ILLEGAL_MANAGED_OBJECT_NAME_EXCEPTION_SYNTAX_104=The managed \
+ object name "%s" is not a valid value for the naming property "%s", \
+ which must have the following syntax: %s
+SEVERE_ERR_ILLEGAL_MANAGED_OBJECT_NAME_EXCEPTION_OTHER_105=The managed \
+ object name "%s" is not permitted
+SEVERE_ERR_MANAGED_OBJECT_ALREADY_EXISTS_EXCEPTION_106=The managed object \
+ could not be created because there is an existing managed object with \
+ the same name
+SEVERE_ERR_MANAGED_OBJECT_NOT_FOUND_EXCEPTION_107=The requested managed \
+ object could not be found
+SEVERE_ERR_MISSING_MANDATORY_PROPERTIES_EXCEPTION_SINGLE_108=The "%s" \
+ property is mandatory
+SEVERE_ERR_MISSING_MANDATORY_PROPERTIES_EXCEPTION_PLURAL_109=The following \
+ properties are mandatory: %s
+SEVERE_ERR_PROPERTY_NOT_FOUND_EXCEPTION_110=The property "%s" was not \
+ recognized
+SEVERE_ERR_COMMUNICATION_EXCEPTION_DEFAULT_CAUSE_111=A communication problem \
+ occurred while contacting the server: %s
+SEVERE_ERR_CONSTRAINT_VIOLATION_EXCEPTION_SINGLE_112=The following \
+ constraint violation occurred: %s
+SEVERE_ERR_CONSTRAINT_VIOLATION_EXCEPTION_PLURAL_113=The following \
+ constraint violations occurred: %s
+SEVERE_ERR_SERVER_REFINT_DANGLING_REFERENCE_114=The value "%s" in \
+ property "%s" in the %s in entry "%s" refers to a non-existent %s \
+ in entry "%s"
+SEVERE_ERR_SERVER_REFINT_TARGET_DISABLED_116=The value "%s" in \
+ property "%s" in the %s in entry "%s" refers to a disabled %s in \
+ entry "%s"
+SEVERE_ERR_SERVER_REFINT_CANNOT_DELETE_117=The %s in entry "%s" \
+ cannot be deleted because it is referenced by the "%s" property \
+ of the %s in entry "%s"
+SEVERE_ERR_SERVER_REFINT_CANNOT_DISABLE_118=The %s in entry "%s" \
+ cannot be disabled because it is referenced by the "%s" property \
+ of the %s in entry "%s"
+SEVERE_ERR_CLASS_LOADER_CANNOT_READ_MANIFEST_FILE_120=An unexpected \
+ error occurred while reading the manifest file: %s
+SEVERE_ERR_CLASS_LOADER_CANNOT_LOAD_CLASS_121=An error occurred while \
+ attempting to load class "%s": %s
+SEVERE_ERR_CLASS_LOADER_CANNOT_FIND_GET_INSTANCE_METHOD_122=Unable to \
+ to find the getInstance() method in the managed object definition \
+ class "%s": %s
+SEVERE_ERR_CLASS_LOADER_CANNOT_INVOKE_GET_INSTANCE_METHOD_123=Unable to \
+ to invoke the getInstance() method in the managed object definition \
+ class "%s": %s
+SEVERE_ERR_CLASS_LOADER_CANNOT_INITIALIZE_DEFN_124=Unable initialize the \
+ "%s" managed object definition in class "%s": %s
+SEVERE_ERR_CLASS_LOADER_CANNOT_LOAD_EXTENSION_125=The extension "%s" \
+ with manifest file %s cannot be loaded because an unexpected error \
+ occurred while trying to initialize it: %s
+FATAL_ERR_CLASS_LOADER_CANNOT_LOAD_CORE_126=The core administration \
+ classes could not be loaded from manifest file %s because an unexpected \
+ error occurred: %s
+SEVERE_ERR_CLIENT_REFINT_TARGET_DANGLING_REFERENCE_127=The %s "%s" referenced in \
+ property "%s" does not exist
+SEVERE_ERR_CLIENT_REFINT_TARGET_INVALID_128=The %s "%s" referenced in \
+ property "%s" exists but has an invalid configuration: %s
+SEVERE_ERR_CLIENT_REFINT_TARGET_DISABLED_129=The %s "%s" referenced in \
+ property "%s" is disabled
+SEVERE_ERR_CLIENT_REFINT_CANNOT_DELETE_WITH_NAME_130=The "%s" property \
+ in the %s called "%s" references this %s
+SEVERE_ERR_CLIENT_REFINT_CANNOT_DELETE_WITHOUT_NAME_131=The "%s" property \
+ in the %s references this %s
+SEVERE_ERR_CLIENT_REFINT_CANNOT_DISABLE_WITH_NAME_132=This %s cannot be \
+ disabled because it is referenced by the "%s" property in the %s called "%s"
+SEVERE_ERR_CLIENT_REFINT_CANNOT_DISABLE_WITHOUT_NAME_133=This %s cannot be \
+ disabled because it is referenced by the "%s" property in the %s
+SEVERE_ERR_REFINT_UNABLE_TO_EVALUATE_TARGET_CONDITION_134=An error occurred \
+ while attempting to determine if the %s in entry %s is enabled: %s
+SEVERE_ERR_ADMIN_CERTIFICATE_GENERATION_135=The administration connector \
+self-signed certificate cannot be generated because the following error \
+occurred: %s
+SEVERE_ERR_ADMIN_CERTIFICATE_GENERATION_MISSING_FILES_136=The administration \
+connector self-signed certificate cannot be generated because the following \
+files are missing: %s
+SEVERE_WARN_ADMIN_SET_PERMISSIONS_FAILED_137=Failed to set permissions \
+ on file %s
+FATAL_ERR_ADMIN_MERGING_138=The registry information of the servers could not \
+ be merged
+
diff --git a/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/protocol.properties b/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/protocol.properties
new file mode 100644
index 0000000..36c6e0b
--- /dev/null
+++ b/opendj-admin/src/main/resources/com/forgerock/opendj/ldap/protocol.properties
@@ -0,0 +1,889 @@
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License, Version 1.0 only
+# (the "License"). You may not use this file except in compliance
+# with the License.
+#
+# You can obtain a copy of the license at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE
+# or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at
+# trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+# add the following below this CDDL HEADER, with the fields enclosed
+# by brackets "[]" replaced with your own identifying information:
+# Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+# Copyright 2006-2009 Sun Microsystems, Inc.
+# Portions copyright 2013 ForgeRock AS
+
+
+#
+# Format string definitions
+#
+# Keys must be formatted as follows:
+#
+# [SEVERITY]_[DESCRIPTION]_[ORDINAL]
+#
+# where:
+#
+# SEVERITY is one of:
+# [INFO, MILD_WARN, SEVERE_WARN, MILD_ERR, SEVERE_ERR, FATAL_ERR, DEBUG, NOTICE]
+#
+# DESCRIPTION is an upper case string providing a hint as to the context of
+# the message in upper case with the underscore ('_') character serving as
+# word separator
+#
+# ORDINAL is an integer unique among other ordinals in this file
+#
+ERR_ASN1_TRUCATED_TYPE_BYTE_1=Cannot decode the ASN.1 element because an \
+ unexpected end of file was reached while reading the type byte
+ERR_ASN1_TRUNCATED_LENGTH_BYTE_2=Cannot decode the ASN.1 element because \
+ an unexpected end of file was reached while reading the first length byte
+ERR_ASN1_INVALID_NUM_LENGTH_BYTES_3=Cannot decode the ASN.1 element \
+ because it contained a multi-byte length with an invalid number of bytes (%d)
+ERR_ASN1_TRUNCATED_LENGTH_BYTES_4=Cannot decode the ASN.1 element because \
+ an unexpected end of file was reached while reading a multi-byte length of \
+ %d bytes
+ERR_ASN1_BOOLEAN_TRUNCATED_VALUE_5=Cannot decode the ASN.1 boolean \
+ element of because an unexpected end of file was reached while reading value \
+ bytes (%d)
+ERR_ASN1_BOOLEAN_INVALID_LENGTH_6=Cannot decode the ASN.1 \
+ boolean element because the decoded value length was not exactly one byte \
+ (decoded length was %d)
+ERR_ASN1_NULL_INVALID_LENGTH_8=Cannot decode the ASN.1 null element \
+ because the decoded value length was not exactly zero bytes \
+ (decoded length was %d)
+ERR_ASN1_OCTET_STRING_TRUNCATED_VALUE_9=Cannot decode the ASN.1 octet \
+ string element of because an unexpected end of file was reached while reading \
+ value bytes (%d)
+ERR_ASN1_INTEGER_TRUNCATED_VALUE_10=Cannot decode the ASN.1 integer \
+ element of because an unexpected end of file was reached while reading \
+ value bytes (%d)
+ERR_ASN1_INTEGER_INVALID_LENGTH_11=Cannot decode the \
+ provided ASN.1 integer element because the length of the \
+ element value was not between one and four bytes (actual length was %d)
+ERR_ASN1_SEQUENCE_READ_NOT_STARTED_12=Cannot decode the end of the ASN.1 \
+ sequence or set because the start of the sequence was not read
+ERR_ASN1_SKIP_TRUNCATED_VALUE_14=Cannot skip the ASN.1 element of because \
+ an unexpected end of file was reached while reading value bytes (%d)
+ERR_ASN1_SEQUENCE_SET_TRUNCATED_VALUE_15=Cannot decode the ASN.1 sequence \
+ or set element of because an unexpected end of file was reached while reading \
+ value bytes (%d)
+ERR_LDAP_MESSAGE_DECODE_NULL_45=Cannot decode the provided ASN.1 \
+ sequence as an LDAP message because the sequence was null
+ERR_LDAP_MESSAGE_DECODE_MESSAGE_ID_47=Cannot decode the provided ASN.1 \
+ sequence as an LDAP message because the first element of the sequence could \
+ not be decoded as an integer message ID: %s
+ERR_LDAP_MESSAGE_DECODE_PROTOCOL_OP_48=Cannot decode the provided ASN.1 \
+ sequence as an LDAP message because the second element of the sequence could \
+ not be decoded as the protocol op: %s
+ERR_LDAP_MESSAGE_DECODE_CONTROLS_49=Cannot decode the provided ASN.1 \
+ sequence as an LDAP message because the third element of the sequence could \
+ not be decoded as the set of controls: %s
+ERR_LDAP_CONTROL_DECODE_SEQUENCE_51=Cannot decode the provided ASN.1 \
+ element as an LDAP control because the element could not be decoded as a \
+ sequence: %s
+ERR_LDAP_CONTROL_DECODE_OID_53=Cannot decode the provided ASN.1 element \
+ as an LDAP control because the OID could not be decoded as a string: %s
+ERR_LDAP_CONTROL_DECODE_CRITICALITY_54=Cannot decode the provided ASN.1 \
+ element as an LDAP control because the criticality could not be decoded as \
+ Boolean value: %s
+ERR_LDAP_CONTROL_DECODE_VALUE_55=Cannot decode the provided ASN.1 \
+ element as an LDAP control because the value could not be decoded as an octet \
+ string: %s
+ERR_LDAP_CONTROL_DECODE_CONTROLS_SEQUENCE_58=Cannot decode the provided \
+ ASN.1 element as a set of LDAP controls because the element could not be \
+ decoded as a sequence: %s
+ERR_LDAP_ABANDON_REQUEST_DECODE_ID_59=Cannot decode the provided ASN.1 \
+ element as an LDAP abandon request protocol op because a problem occurred \
+ while trying to obtain the message ID of the operation to abandon: %s
+ERR_LDAP_RESULT_DECODE_SEQUENCE_60=Cannot decode the provided ASN.1 \
+ element as an LDAP result protocol op because a problem occurred while trying \
+ to parse the result sequence: %s
+ERR_LDAP_RESULT_DECODE_RESULT_CODE_62=Cannot decode the provided ASN.1 \
+ element as an LDAP result protocol op because the first element in the result \
+ sequence could not be decoded as an integer result code: %s
+ERR_LDAP_RESULT_DECODE_MATCHED_DN_63=Cannot decode the provided ASN.1 \
+ element as an LDAP result protocol op because the second element in the \
+ result sequence could not be decoded as the matched DN: %s
+ERR_LDAP_RESULT_DECODE_ERROR_MESSAGE_64=Cannot decode the provided ASN.1 \
+ element as an LDAP result protocol op because the third element in the result \
+ sequence could not be decoded as the error message: %s
+ERR_LDAP_RESULT_DECODE_REFERRALS_65=Cannot decode the provided ASN.1 \
+ element as an LDAP result protocol op because the fourth element in the \
+ result sequence could not be decoded as a set of referral URLs: %s
+ERR_LDAP_BIND_RESULT_DECODE_SERVER_SASL_CREDENTIALS_67=Cannot decode the \
+ provided ASN.1 element as an LDAP bind response protocol op because the final \
+ element in the result sequence could not be decoded as the server SASL \
+ credentials: %s
+ERR_LDAP_EXTENDED_RESULT_DECODE_OID_71=Cannot decode the provided ASN.1 \
+ element as an LDAP bind response protocol op because the response OID could \
+ not be decoded: %s
+ERR_LDAP_EXTENDED_RESULT_DECODE_VALUE_72=Cannot decode the provided \
+ ASN.1 element as an LDAP bind response protocol op because the response value \
+ could not be decoded: %s
+ERR_LDAP_UNBIND_DECODE_74=Cannot decode the provided ASN.1 element as an \
+ LDAP unbind request protocol op: %s
+ERR_LDAP_BIND_REQUEST_DECODE_SEQUENCE_75=Cannot decode the provided \
+ ASN.1 element as an LDAP bind request protocol op because the element could \
+ not be decoded as a sequence: %s
+ERR_LDAP_BIND_REQUEST_DECODE_VERSION_77=Cannot decode the provided ASN.1 \
+ element as an LDAP bind request protocol op because the protocol version \
+ could not be decoded as an integer: %s
+ERR_LDAP_BIND_REQUEST_DECODE_DN_78=Cannot decode the provided ASN.1 \
+ element as an LDAP bind request protocol op because the bind DN could not be \
+ properly decoded: %s
+ERR_LDAP_BIND_REQUEST_DECODE_PASSWORD_79=Cannot decode the provided \
+ ASN.1 element as an LDAP bind request protocol op because the password to use \
+ for simple authentication could not be decoded: %s
+ERR_LDAP_BIND_REQUEST_DECODE_SASL_INFO_80=Cannot decode the provided \
+ ASN.1 element as an LDAP bind request protocol op because the SASL \
+ authentication information could not be decoded: %s
+ERR_LDAP_BIND_REQUEST_DECODE_INVALID_CRED_TYPE_81=Cannot decode the \
+ provided ASN.1 element as an LDAP bind request protocol op because the \
+ authentication info element had an invalid BER type (expected 80 or A3, got \
+ %x)
+ERR_LDAP_BIND_REQUEST_DECODE_CREDENTIALS_82=Cannot decode the provided \
+ ASN.1 element as an LDAP bind request protocol op because an unexpected error \
+ occurred while trying to decode the authentication info element: %s
+ERR_LDAP_COMPARE_REQUEST_DECODE_SEQUENCE_83=Cannot decode the provided \
+ ASN.1 element as an LDAP compare request protocol op because the element \
+ could not be decoded as a sequence: %s
+ERR_LDAP_COMPARE_REQUEST_DECODE_DN_85=Cannot decode the provided ASN.1 \
+ element as an LDAP compare request protocol op because the target DN could \
+ not be properly decoded: %s
+ERR_LDAP_COMPARE_REQUEST_DECODE_AVA_86=Cannot decode the provided ASN.1 \
+ element as an LDAP compare request protocol op because the attribute value \
+ assertion could not be decoded as a sequence: %s
+ERR_LDAP_COMPARE_REQUEST_DECODE_TYPE_88=Cannot decode the provided ASN.1 \
+ element as an LDAP compare request protocol op because the attribute type \
+ could not be properly decoded: %s
+ERR_LDAP_COMPARE_REQUEST_DECODE_VALUE_89=Cannot decode the provided \
+ ASN.1 element as an LDAP compare request protocol op because the assertion \
+ value could not be properly decoded: %s
+ERR_LDAP_DELETE_REQUEST_DECODE_DN_90=Cannot decode the provided ASN.1 \
+ element as an LDAP delete request protocol op because the target DN could not \
+ be properly decoded: %s
+ERR_LDAP_EXTENDED_REQUEST_DECODE_SEQUENCE_91=Cannot decode the provided \
+ ASN.1 element as an LDAP extended request protocol op because the element \
+ could not be decoded as a sequence: %s
+ERR_LDAP_EXTENDED_REQUEST_DECODE_OID_93=Cannot decode the provided ASN.1 \
+ element as an LDAP extended request protocol op because the OID could not be \
+ properly decoded: %s
+ERR_LDAP_EXTENDED_REQUEST_DECODE_VALUE_94=Cannot decode the provided \
+ ASN.1 element as an LDAP extended request protocol op because the value could \
+ not be properly decoded: %s
+ERR_LDAP_MODIFY_DN_REQUEST_DECODE_SEQUENCE_95=Cannot decode the provided \
+ ASN.1 element as an LDAP modify DN request protocol op because the element \
+ could not be decoded as a sequence: %s
+ERR_LDAP_MODIFY_DN_REQUEST_DECODE_DN_97=Cannot decode the provided ASN.1 \
+ element as an LDAP modify DN request protocol op because the entry DN could \
+ not be properly decoded: %s
+ERR_LDAP_MODIFY_DN_REQUEST_DECODE_NEW_RDN_98=Cannot decode the provided \
+ ASN.1 element as an LDAP modify DN request protocol op because the new RDN \
+ could not be properly decoded: %s
+ERR_LDAP_MODIFY_DN_REQUEST_DECODE_DELETE_OLD_RDN_99=Cannot decode the \
+ provided ASN.1 element as an LDAP modify DN request protocol op because the \
+ deleteOldRDN flag could not be properly decoded: %s
+ERR_LDAP_MODIFY_DN_REQUEST_DECODE_NEW_SUPERIOR_100=Cannot decode the \
+ provided ASN.1 element as an LDAP modify DN request protocol op because the \
+ new superior DN could not be properly decoded: %s
+ERR_LDAP_ATTRIBUTE_DECODE_SEQUENCE_101=Cannot decode the provided ASN.1 \
+ element as an LDAP attribute because the element could not be decoded as a \
+ sequence: %s
+ERR_LDAP_ATTRIBUTE_DECODE_TYPE_103=Cannot decode the provided ASN.1 \
+ element as an LDAP attribute because the attribute type could not be decoded: \
+ %s
+ERR_LDAP_ATTRIBUTE_DECODE_VALUES_104=Cannot decode the provided ASN.1 \
+ element as an LDAP attribute because the set of values could not be decoded: \
+ %s
+ERR_LDAP_ADD_REQUEST_DECODE_SEQUENCE_105=Cannot decode the provided \
+ ASN.1 element as an LDAP add request protocol op because the element could \
+ not be decoded as a sequence: %s
+ERR_LDAP_ADD_REQUEST_DECODE_DN_107=Cannot decode the provided ASN.1 \
+ element as an LDAP add request protocol op because the entry DN could not be \
+ decoded: %s
+ERR_LDAP_ADD_REQUEST_DECODE_ATTRS_108=Cannot decode the provided ASN.1 \
+ element as an LDAP add request protocol op because the set of attributes \
+ could not be decoded: %s
+ERR_LDAP_MODIFICATION_DECODE_SEQUENCE_109=Cannot decode the provided \
+ ASN.1 element as an LDAP modification because the element could not be \
+ decoded as a sequence: %s
+ERR_LDAP_MODIFICATION_DECODE_INVALID_MOD_TYPE_111=Cannot decode the \
+ provided ASN.1 element as an LDAP modification because it contained an \
+ invalid modification type (%d)
+ERR_LDAP_MODIFICATION_DECODE_MOD_TYPE_112=Cannot decode the provided \
+ ASN.1 element as an LDAP modification because the modification type could not \
+ be decoded: %s
+ERR_LDAP_MODIFICATION_DECODE_ATTR_113=Cannot decode the provided ASN.1 \
+ element as an LDAP modification because the attribute could not be decoded: \
+ %s
+ERR_LDAP_MODIFY_REQUEST_DECODE_SEQUENCE_114=Cannot decode the provided \
+ ASN.1 element as an LDAP modify request protocol op because the element could \
+ not be decoded as a sequence: %s
+ERR_LDAP_MODIFY_REQUEST_DECODE_DN_116=Cannot decode the provided ASN.1 \
+ element as an LDAP modify request protocol op because the entry DN could not \
+ be decoded: %s
+ERR_LDAP_MODIFY_REQUEST_DECODE_MODS_117=Cannot decode the provided ASN.1 \
+ element as an LDAP modify request protocol op because the set of \
+ modifications could not be decoded: %s
+ERR_LDAP_SEARCH_ENTRY_DECODE_SEQUENCE_118=Cannot decode the provided \
+ ASN.1 element as an LDAP search result entry protocol op because the element \
+ could not be decoded as a sequence: %s
+ERR_LDAP_SEARCH_ENTRY_DECODE_DN_120=Cannot decode the provided ASN.1 \
+ element as an LDAP search result entry protocol op because the entry DN could \
+ not be decoded: %s
+ERR_LDAP_SEARCH_ENTRY_DECODE_ATTRS_121=Cannot decode the provided ASN.1 \
+ element as an LDAP search result entry protocol op because the set of \
+ attributes could not be decoded: %s
+ERR_LDAP_SEARCH_REFERENCE_DECODE_SEQUENCE_122=Cannot decode the provided \
+ ASN.1 element as an LDAP search result reference protocol op because the \
+ element could not be decoded as a sequence: %s
+ERR_LDAP_SEARCH_REFERENCE_DECODE_URLS_123=Cannot decode the provided \
+ ASN.1 element as an LDAP search result reference protocol op because a \
+ problem occurred while trying to decode the sequence elements as referral \
+ URLs: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_SEQUENCE_124=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the element could \
+ not be decoded as a sequence: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_BASE_126=Cannot decode the provided ASN.1 \
+ element as an LDAP search request protocol op because the base DN could not \
+ be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_INVALID_SCOPE_127=Cannot decode the \
+ provided ASN.1 element as an LDAP search request protocol op because the \
+ provided scope value (%d) is invalid
+ERR_LDAP_SEARCH_REQUEST_DECODE_SCOPE_128=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the scope could \
+ not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_INVALID_DEREF_129=Cannot decode the \
+ provided ASN.1 element as an LDAP search request protocol op because the \
+ provided alias dereferencing policy value (%d) is invalid
+ERR_LDAP_SEARCH_REQUEST_DECODE_DEREF_130=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the alias \
+ dereferencing policy could not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_SIZE_LIMIT_131=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the size limit \
+ could not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_TIME_LIMIT_132=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the time limit \
+ could not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_TYPES_ONLY_133=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the typesOnly \
+ flag could not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_FILTER_134=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the filter could \
+ not be decoded: %s
+ERR_LDAP_SEARCH_REQUEST_DECODE_ATTRIBUTES_135=Cannot decode the provided \
+ ASN.1 element as an LDAP search request protocol op because the requested \
+ attribute set could not be decoded: %s
+ERR_LDAP_PROTOCOL_OP_DECODE_NULL_136=Cannot decode the provided ASN.1 \
+ element as an LDAP protocol op because the element was null
+ERR_LDAP_PROTOCOL_OP_DECODE_INVALID_TYPE_137=Cannot decode the provided \
+ ASN.1 element as an LDAP protocol op because the element had an invalid BER \
+ type (%x) for an LDAP protocol op
+ERR_LDAP_FILTER_DECODE_NULL_138=Cannot decode the provided ASN.1 element \
+ as an LDAP search filter because the element was null
+ERR_LDAP_FILTER_DECODE_INVALID_TYPE_139=Cannot decode the provided ASN.1 \
+ element as an LDAP search filter because the element had an invalid BER type \
+ (%x) for a search filter
+ERR_LDAP_FILTER_DECODE_COMPOUND_COMPONENTS_141=Cannot decode the \
+ provided ASN.1 element as an LDAP search filter because an unexpected error \
+ occurred while trying to decode one of the compound filter components: %s
+ERR_LDAP_FILTER_DECODE_NOT_COMPONENT_143=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because the NOT component element \
+ could not be decoded as an LDAP filter: %s
+ERR_LDAP_FILTER_DECODE_TV_SEQUENCE_144=Cannot decode the provided ASN.1 \
+ element as an LDAP search filter because the element could not be decoded as \
+ a type-and-value sequence: %s
+ERR_LDAP_FILTER_DECODE_TV_TYPE_146=Cannot decode the provided ASN.1 \
+ element as an LDAP search filter because the attribute type could not be \
+ decoded from the type-and-value sequence: %s
+ERR_LDAP_FILTER_DECODE_TV_VALUE_147=Cannot decode the provided ASN.1 \
+ element as an LDAP search filter because the assertion value could not be \
+ decoded from the type-and-value sequence: %s
+ERR_LDAP_FILTER_DECODE_SUBSTRING_SEQUENCE_148=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because the element could not be \
+ decoded as a substring sequence: %s
+ERR_LDAP_FILTER_DECODE_SUBSTRING_TYPE_150=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because the attribute type could not \
+ be decoded from the substring sequence: %s
+ERR_LDAP_FILTER_DECODE_SUBSTRING_ELEMENTS_151=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because the substring value sequence \
+ could not be decoded: %s
+ERR_LDAP_FILTER_DECODE_SUBSTRING_NO_SUBELEMENTS_152=Cannot decode the \
+ provided ASN.1 element as an LDAP search filter because the substring value \
+ sequence did not contain any elements
+ERR_LDAP_FILTER_DECODE_SUBSTRING_VALUES_154=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because a problem occurred while \
+ trying to parse the substring value elements: %s
+ERR_LDAP_FILTER_DECODE_PRESENCE_TYPE_155=Cannot decode the provided \
+ ASN.1 element as an LDAP search filter because the element could not be \
+ decoded as the presence attribute type: %s
+ERR_LDAP_FILTER_DECODE_EXTENSIBLE_SEQUENCE_156=Cannot decode the \
+ provided ASN.1 element as an LDAP search filter because the element could not \
+ be decoded as an extensible matching sequence: %s
+ERR_LDAP_FILTER_DECODE_EXTENSIBLE_ELEMENTS_158=Cannot decode the \
+ provided ASN.1 element as an LDAP search filter because a problem occurred \
+ while trying to parse the extensible match sequence elements: %s
+ERR_LDAP_CLIENT_SEND_RESPONSE_NO_RESULT_CODE_159=The server attempted to \
+ send a response to the %s operation (conn=%d, op=%d), but the operation did \
+ not have a result code. This could indicate that the operation did not \
+ complete properly or that it is one that is not allowed to have a response. \
+ Using a generic 'Operations Error' response
+ERR_LDAP_CLIENT_SEND_RESPONSE_INVALID_OP_160=The server attempted to \
+ send a response to the %s operation (conn=%d, op=%d), but this type of \
+ operation is not allowed to have responses. Backtrace: %s
+INFO_LDAP_CLIENT_GENERIC_NOTICE_OF_DISCONNECTION_165=The Directory Server is \
+ closing the connection to this client
+MILD_WARN_CLIENT_DISCONNECT_IN_PROGRESS_166=The Directory Server is \
+ currently in the process of closing this client connection
+ERR_LDAP_CLIENT_DECODE_MAX_REQUEST_SIZE_EXCEEDED_168=The client sent a \
+ request to the Directory Server with an ASN.1 element value length of %d \
+ bytes. This exceeds the maximum allowed request size of %d bytes, so \
+ processing cannot continue on this connection
+FATAL_ERR_LDAP_CONNHANDLER_OPEN_SELECTOR_FAILED_177=The LDAP connection \
+ handler defined in configuration entry %s was unable to open a selector to \
+ allow it to multiplex the associated accept sockets: %s. This connection \
+ handler will be disabled
+ERR_LDAP_CONNHANDLER_CREATE_CHANNEL_FAILED_178=The LDAP connection \
+ handler defined in configuration entry %s was unable to create a server \
+ socket channel to accept connections on %s:%d: %s. The Directory Server \
+ will not listen for new connections on that address
+FATAL_ERR_LDAP_CONNHANDLER_NO_ACCEPTORS_179=The LDAP connection handler \
+ defined in configuration entry %s was unable to create any of the socket \
+ channels on any of the configured addresses. This connection handler will be \
+ disabled
+ERR_CONNHANDLER_DENIED_CLIENT_180=The connection attempt from \
+ client %s to %s has been rejected because the client was included in one of \
+ the denied address ranges
+ERR_CONNHANDLER_DISALLOWED_CLIENT_181=The connection attempt from \
+ client %s to %s has been rejected because the client was not included in one \
+ of the allowed address ranges
+INFO_CONNHANDLER_UNABLE_TO_REGISTER_CLIENT_182=An internal error \
+ prevented the Directory Server from properly registering the client \
+ connection from %s to %s with an appropriate request handler: %s
+ERR_CONNHANDLER_CANNOT_ACCEPT_CONNECTION_183=The %s defined in \
+ configuration entry %s was unable to accept a new client connection: %s
+FATAL_ERR_CONNHANDLER_CONSECUTIVE_ACCEPT_FAILURES_184=The %s defined in \
+ configuration entry %s has experienced consecutive failures while trying to \
+ accept client connections: %s. This connection handler will be disabled
+FATAL_ERR_LDAP_CONNHANDLER_UNCAUGHT_ERROR_185=The LDAP connection handler \
+ defined in configuration entry %s caught an unexpected error while trying to \
+ listen for new connections: %s. This connection handler will be disabled
+FATAL_ERR_LDAP_REQHANDLER_OPEN_SELECTOR_FAILED_186=%s was unable to open a \
+ selector to multiplex reads from clients: %s. This request handler cannot \
+ continue processing
+FATAL_ERR_LDAP_REQHANDLER_CANNOT_REGISTER_187=%s was unable to register this \
+ client connection with the selector: %s
+FATAL_ERR_LDAP_REQHANDLER_REJECT_DUE_TO_SHUTDOWN_188=This connection could \
+ not be registered with a request handler because the Directory Server is \
+ shutting down
+FATAL_ERR_LDAP_REQHANDLER_DEREGISTER_DUE_TO_SHUTDOWN_190=This client \
+ connection is being deregistered from the associated request handler because \
+ the Directory Server is shutting down
+ERR_LDAP_FILTER_STRING_NULL_192=Cannot decode the provided string as an \
+ LDAP search filter because the string was null
+ERR_LDAP_FILTER_UNCAUGHT_EXCEPTION_193=Cannot decode the provided string \
+ %s as an LDAP search filter because an unexpected exception was thrown during \
+ processing: %s
+ERR_LDAP_FILTER_MISMATCHED_PARENTHESES_194=The provided search filter \
+ "%s" had mismatched parentheses around the portion between positions %d and \
+ %d
+ERR_LDAP_FILTER_NO_EQUAL_SIGN_195=The provided search filter "%s" was \
+ missing an equal sign in the suspected simple filter component between \
+ positions %d and %d
+ERR_LDAP_FILTER_INVALID_ESCAPED_BYTE_196=The provided search filter "%s" \
+ had an invalid escaped byte value at position %d. A backslash in a value \
+ must be followed by two hexadecimal characters that define the byte that has \
+ been encoded
+ERR_LDAP_FILTER_COMPOUND_MISSING_PARENTHESES_197=The provided search \
+ filter "%s" could not be decoded because the compound filter between \
+ positions %d and %d did not start with an open parenthesis and end with a \
+ close parenthesis (they might be parentheses for different filter components)
+ERR_LDAP_FILTER_NO_CORRESPONDING_OPEN_PARENTHESIS_198=The provided \
+ search filter "%s" could not be decoded because the closing parenthesis at \
+ position %d did not have a corresponding open parenthesis
+ERR_LDAP_FILTER_NO_CORRESPONDING_CLOSE_PARENTHESIS_199=The provided \
+ search filter "%s" could not be decoded because the opening parenthesis at \
+ position %d did not have a corresponding close parenthesis
+ERR_LDAP_FILTER_SUBSTRING_NO_ASTERISKS_200=The provided search filter \
+ "%s" could not be decoded because the assumed substring filter value between \
+ positions %d and %d did not have any asterisk wildcard characters
+ERR_LDAP_FILTER_EXTENSIBLE_MATCH_NO_COLON_201=The provided search filter \
+ "%s" could not be decoded because the extensible match component starting at \
+ position %d did not have a colon to denote the end of the attribute type name
+ERR_LDAP_DISCONNECT_DUE_TO_INVALID_REQUEST_TYPE_202=Terminating this \
+ connection because the client sent an invalid message of type %s (LDAP \
+ message ID %d) that is not allowed for request messages
+ERR_LDAP_DISCONNECT_DUE_TO_PROCESSING_FAILURE_203=An unexpected \
+ failure occurred while trying to process a request of type %s (LDAP message \
+ ID %d): %s. The client connection will be terminated
+ERR_LDAP_INVALID_BIND_AUTH_TYPE_204=The bind request message (LDAP \
+ message ID %d) included an invalid authentication type of %s. This is a \
+ protocol error, and this connection will be terminated as per RFC 2251 \
+ section 4.2.3
+ERR_LDAP_DISCONNECT_DUE_TO_BIND_PROTOCOL_ERROR_205=This client \
+ connection is being terminated because a protocol error occurred while trying \
+ to process a bind request. The LDAP message ID was %d and the error message \
+ for the bind response was %s
+ERR_LDAPV2_SKIPPING_EXTENDED_RESPONSE_206=An extended response message \
+ would have been sent to an LDAPv2 client (connection ID=%d, operation ID=%d): \
+ %s. LDAPv2 does not allow extended operations, so this response will not be \
+ sent
+ERR_LDAPV2_SKIPPING_SEARCH_REFERENCE_207=A search performed by an LDAPv2 \
+ client (connection ID=%d, operation ID=%d) would have included a search \
+ result reference %s. Referrals are not allowed for LDAPv2 clients, so this \
+ search reference will not be sent
+ERR_LDAPV2_REFERRAL_RESULT_CHANGED_208=The original result code for this \
+ message was 10 but this result is not allowed for LDAPv2 clients
+ERR_LDAPV2_REFERRALS_OMITTED_209=The response included one or more \
+ referrals, which are not allowed for LDAPv2 clients. The referrals included \
+ were: %s
+ERR_LDAPV2_CLIENTS_NOT_ALLOWED_210=The Directory Server has been \
+ configured to deny access to LDAPv2 clients. This connection will be closed
+ERR_LDAPV2_EXTENDED_REQUEST_NOT_ALLOWED_211=The client with connection \
+ ID %d authenticated to the Directory Server using LDAPv2, but attempted to \
+ send an extended operation request (LDAP message ID %d), which is not allowed \
+ for LDAPv2 clients. The connection will be terminated
+ERR_LDAP_STATS_INVALID_MONITOR_INITIALIZATION_212=An attempt was made to \
+ initialize the LDAP statistics monitor provider as defined in configuration \
+ entry %s. This monitor provider should only be dynamically created within \
+ the Directory Server itself and not from within the configuration
+ERR_LDAP_REQHANDLER_UNEXPECTED_SELECT_EXCEPTION_213=The LDAP request \
+ handler thread "%s" encountered an unexpected error that would have caused \
+ the thread to die: %s. The error has been caught and the request handler \
+ should continue operating as normal
+ERR_CONNHANDLER_REJECTED_BY_SERVER_214=The attempt to register this \
+ connection with the Directory Server was rejected. This might indicate that \
+ the server already has the maximum allowed number of concurrent connections \
+ established, or that it is in a restricted access mode
+INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT_216=TCP port on \
+ which this connection handler can accept client connections. Changes to this \
+ configuration attribute will not take effect until the connection handler is \
+ disabled and re-enabled, or until the Directory Server is restarted
+INFO_LDAP_CONNHANDLER_DESCRIPTION_ALLOW_STARTTLS_227=Indicates whether this \
+ connection handler should allow clients to use the StartTLS extended \
+ operation to initiate secure communication over a non-SSL LDAP connection. \
+ This can not be used if SSL is enabled for the connection handler. Changes \
+ to this configuration attribute will take effect immediately for LDAP clients
+INFO_LDAP_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME_229=Nickname of the \
+ certificate that the connection handler should use when \
+ accepting SSL-based connections or performing StartTLS negotiation. Changes \
+ to this configuration attribute will not take effect until the connection \
+ handler is disabled and re-enabled, or until the Directory Server is \
+ restarted
+ERR_INTERNAL_CANNOT_DECODE_DN_264=An unexpected error occurred while \
+ trying to decode the DN %s used for internal operations as a root user: %s
+ERR_LDAP_TLS_EXISTING_SECURITY_PROVIDER_271=The TLS connection security \
+ provider cannot be enabled on this client connection because it is already \
+ using the %s provider. StartTLS can only be used on clear-text connections
+ERR_LDAP_TLS_STARTTLS_NOT_ALLOWED_272=StartTLS cannot be enabled on this \
+ LDAP client connection because the corresponding LDAP connection handler is \
+ configured to reject StartTLS requests. The use of StartTLS can be enabled \
+ using the ds-cfg-allow-start-tls configuration attribute
+ERR_LDAP_TLS_CANNOT_CREATE_TLS_PROVIDER_273=An error occurred while \
+ attempting to create a TLS connection security provider for this client \
+ connection for use with StartTLS: %s
+NOTICE_CONNHANDLER_STARTED_LISTENING_276=Started listening for new \
+ connections on %s
+NOTICE_CONNHANDLER_STOPPED_LISTENING_277=Stopped listening for new \
+ connections on %s
+ERR_LDAP_PAGED_RESULTS_DECODE_NULL_278=Cannot decode the provided ASN.1 \
+ element as an LDAP paged results control value because the element is null
+ERR_LDAP_PAGED_RESULTS_DECODE_SEQUENCE_279=Cannot decode the provided \
+ ASN.1 element as an LDAP paged results control value because the element \
+ could not be decoded as a sequence: %s
+ERR_LDAP_PAGED_RESULTS_DECODE_SIZE_281=Cannot decode the provided ASN.1 \
+ element as an LDAP paged results control value because the size element could \
+ not be properly decoded: %s
+ERR_LDAP_PAGED_RESULTS_DECODE_COOKIE_282=Cannot decode the provided \
+ ASN.1 element as an LDAP paged results control value because the cookie could \
+ not be properly decoded: %s
+ERR_LDAPASSERT_NO_CONTROL_VALUE_283=Cannot decode the provided LDAP \
+ assertion control because the control does not have a value
+ERR_PREREADREQ_NO_CONTROL_VALUE_285=Cannot decode the provided LDAP \
+ pre-read request control because the control does not have a value
+ERR_PREREADREQ_CANNOT_DECODE_VALUE_286=Cannot decode the provided LDAP \
+ pre-read request control because an error occurred while trying to decode the \
+ control value: %s
+ERR_POSTREADREQ_NO_CONTROL_VALUE_287=Cannot decode the provided LDAP \
+ post-read request control because the control does not have a value
+ERR_POSTREADREQ_CANNOT_DECODE_VALUE_288=Cannot decode the provided LDAP \
+ post-read request control because an error occurred while trying to decode \
+ the control value: %s
+ERR_PREREADRESP_NO_CONTROL_VALUE_289=Cannot decode the provided LDAP \
+ pre-read response control because the control does not have a value
+ERR_PREREADRESP_CANNOT_DECODE_VALUE_290=Cannot decode the provided LDAP \
+ pre-read response control because an error occurred while trying to decode \
+ the control value: %s
+ERR_POSTREADRESP_NO_CONTROL_VALUE_291=Cannot decode the provided LDAP \
+ post-read response control because the control does not have a value
+ERR_POSTREADRESP_CANNOT_DECODE_VALUE_292=Cannot decode the provided LDAP \
+ post-read response control because an error occurred while trying to decode \
+ the control value: %s
+ERR_PROXYAUTH1_NO_CONTROL_VALUE_293=Cannot decode the provided proxied \
+ authorization V1 control because it does not have a value
+ERR_PROXYAUTH1_CANNOT_DECODE_VALUE_295=Cannot decode the provided \
+ proxied authorization V1 control because an error occurred while attempting \
+ to decode the control value: %s
+ERR_PROXYAUTH1_NO_SUCH_USER_296=User %s specified in the proxied \
+ authorization V1 control does not exist in the Directory Server
+ERR_PROXYAUTH2_NO_CONTROL_VALUE_297=Cannot decode the provided proxied \
+ authorization V2 control because it does not have a value
+ERR_PROXYAUTH2_NO_IDENTITY_MAPPER_299=Unable to process proxied \
+ authorization V2 control because it contains an authorization ID based on a \
+ username and no proxied authorization identity mapper is configured in the \
+ Directory Server
+ERR_PROXYAUTH2_INVALID_AUTHZID_300=The authorization ID "%s" contained \
+ in the proxied authorization V2 control is invalid because it does not start \
+ with "dn:" to indicate a user DN or "u:" to indicate a username
+ERR_PROXYAUTH2_NO_SUCH_USER_301=User %s specified in the proxied \
+ authorization V2 control does not exist in the Directory Server
+ERR_PSEARCH_CHANGETYPES_INVALID_TYPE_302=The provided integer value %d \
+ does not correspond to any persistent search change type
+ERR_PSEARCH_CHANGETYPES_NO_TYPES_303=The provided integer value \
+ indicated that there were no persistent search change types, which is not \
+ allowed
+ERR_PSEARCH_CHANGETYPES_INVALID_TYPES_304=The provided integer value %d \
+ was outside the range of acceptable values for an encoded change type set
+ERR_PSEARCH_NO_CONTROL_VALUE_305=Cannot decode the provided persistent \
+ search control because it does not have a value
+ERR_PSEARCH_CANNOT_DECODE_VALUE_307=Cannot decode the provided \
+ persistent search control because an error occurred while attempting to \
+ decode the control value: %s
+ERR_ECN_NO_CONTROL_VALUE_308=Cannot decode the provided entry change \
+ notification control because it does not have a value
+ERR_ECN_ILLEGAL_PREVIOUS_DN_310=Cannot decode the provided entry change \
+ notification control because it contains a previous DN element but had a \
+ change type of %s. The previous DN element can only be provided with the \
+ modify DN change type
+ERR_ECN_INVALID_ELEMENT_TYPE_311=Cannot decode the provided entry change \
+ notification control because the second element in the value sequence has an \
+ invalid type of %s that is not appropriate for either a previous DN or a \
+ change number
+ERR_ECN_CANNOT_DECODE_VALUE_312=Cannot decode the provided entry change \
+ notification control because an error occurred while attempting to decode the \
+ control value: %s
+ERR_AUTHZIDRESP_NO_CONTROL_VALUE_313=Cannot decode the provided \
+ authorization identity response control because it does not have a value
+ERR_LDAP_INTERMEDIATE_RESPONSE_DECODE_SEQUENCE_314=Cannot decode the \
+ provided ASN.1 element as an LDAP intermediate response protocol op because \
+ the element could not be decoded as a sequence: %s
+ERR_LDAP_INTERMEDIATE_RESPONSE_CANNOT_DECODE_OID_316=An error occurred \
+ while attempting to decode the intermediate response OID: %s
+ERR_LDAP_INTERMEDIATE_RESPONSE_CANNOT_DECODE_VALUE_317=An error occurred \
+ while attempting to decode the intermediate response value: %s
+ERR_MVFILTER_INVALID_LDAP_FILTER_TYPE_321=The provided LDAP filter \
+ "%s" cannot be used as a matched values filter because filters of type %s are \
+ not allowed for use in matched values filters
+ERR_MVFILTER_INVALID_DN_ATTRIBUTES_FLAG_322=The provided LDAP filter \
+ "%s" cannot be used as a matched values filter because it is an extensible \
+ match filter that contains the dnAttributes flag, which is not allowed for \
+ matched values filters
+ERR_MVFILTER_CANNOT_DECODE_AVA_324=An error occurred while attempting \
+ to decode the attribute value assertion in the provided matched values \
+ filter: %s
+ERR_MVFILTER_NO_SUBSTRING_ELEMENTS_326=The provided matched values \
+ filter could not be decoded because there were no subInitial, subAny, or \
+ subFinal components in the substring filter
+ERR_MVFILTER_CANNOT_DECODE_SUBSTRINGS_330=The provided matched values \
+ filter could not be decoded because an error occurred while decoding the \
+ substring filter component: %s
+ERR_MVFILTER_CANNOT_DECODE_PRESENT_TYPE_331=The provided matched \
+ values filter could not be decoded because an error occurred while decoding \
+ the presence filter component: %s
+ERR_MVFILTER_CANNOT_DECODE_EXTENSIBLE_MATCH_337=The provided matched \
+ values filter could not be decoded because an error occurred while decoding \
+ the extensible match filter component: %s
+ERR_MVFILTER_INVALID_ELEMENT_TYPE_338=The provided matched values \
+ filter could not be decoded because it had an invalid BER type of %s
+ERR_MATCHEDVALUES_NO_CONTROL_VALUE_339=Cannot decode the provided \
+ matched values control because it does not have a value
+ERR_MATCHEDVALUES_CANNOT_DECODE_VALUE_AS_SEQUENCE_340=Cannot decode \
+ the provided matched values control because an error occurred while \
+ attempting to decode the value as an ASN.1 sequence: %s
+ERR_MATCHEDVALUES_NO_FILTERS_341=Cannot decode the provided matched \
+ values control because the control value does not specify any filters for use \
+ in matching attribute values
+ERR_PWEXPIRED_CONTROL_INVALID_VALUE_342=Cannot decode the provided \
+ control as a password expired control because the provided control had a \
+ value that could not be parsed as an integer
+ERR_PWEXPIRING_NO_CONTROL_VALUE_343=Cannot decode the provided \
+ password expiring control because it does not have a value
+ERR_PWEXPIRING_CANNOT_DECODE_SECONDS_UNTIL_EXPIRATION_344=Cannot \
+ decode the provided control as a password expiring control because an error \
+ occurred while attempting to decode the number of seconds until expiration: \
+ %s
+MILD_WARN_LDAP_CLIENT_DUPLICATE_MESSAGE_ID_345=The Directory Server is \
+ already processing another request on the same client connection with the \
+ same message ID of %d
+MILD_WARN_LDAP_CLIENT_CANNOT_ENQUEUE_346=The Directory Server encountered an \
+ unexpected error while attempting to add the client request to the work \
+ queue: %s
+INFO_JMX_CONNHANDLER_DESCRIPTION_LISTEN_PORT_347=TCP port on \
+ which this connection handler may accept administrative connections. Changes \
+ to this configuration attribute will not take effect until the connection \
+ handler is disabled and re-enabled, or until the Directory Server is \
+ restarted
+INFO_JMX_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME_352=Nickname \
+ of the certificate that the connection handler should use when accepting \
+ SSL-based connections or performing StartTLS negotiation. Changes to this \
+ configuration attribute will not take effect until the connection handler is \
+ disabled and re-enabled, or until the Directory Server is restarted
+ERR_PWPOLICYREQ_CONTROL_HAS_VALUE_354=Cannot decode the provided \
+ control as a password policy request control because the provided control had \
+ a value but the password policy request control should not have a value
+ERR_PWPOLICYRES_NO_CONTROL_VALUE_355=Cannot decode the provided \
+ password policy response control because it does not have a value
+ERR_PWPOLICYRES_INVALID_WARNING_TYPE_356=Cannot decode the provided \
+ password policy response control because the warning element has an invalid \
+ type of %s
+ERR_PWPOLICYRES_INVALID_ERROR_TYPE_357=Cannot decode the provided \
+ password policy response control because the error element has an invalid \
+ type of %d
+ERR_PWPOLICYRES_DECODE_ERROR_359=Cannot decode the provided password \
+ policy response control: %s
+INFO_PWPERRTYPE_DESCRIPTION_PASSWORD_EXPIRED_360=passwordExpired
+INFO_PWPERRTYPE_DESCRIPTION_ACCOUNT_LOCKED_361=accountLocked
+INFO_PWPERRTYPE_DESCRIPTION_CHANGE_AFTER_RESET_362=changeAfterReset
+INFO_PWPERRTYPE_DESCRIPTION_PASSWORD_MOD_NOT_ALLOWED_363=passwordModNotAllowed
+INFO_PWPERRTYPE_DESCRIPTION_MUST_SUPPLY_OLD_PASSWORD_364=mustSupplyOldPassword
+INFO_PWPERRTYPE_DESCRIPTION_INSUFFICIENT_PASSWORD_QUALITY_365=insufficientPasswordQuality
+INFO_PWPERRTYPE_DESCRIPTION_PASSWORD_TOO_SHORT_366=passwordTooShort
+INFO_PWPERRTYPE_DESCRIPTION_PASSWORD_TOO_YOUNG_367=passwordTooYoung
+INFO_PWPERRTYPE_DESCRIPTION_PASSWORD_IN_HISTORY_368=passwordInHistory
+INFO_PWPWARNTYPE_DESCRIPTION_TIME_BEFORE_EXPIRATION_369=timeBeforeExpiration
+INFO_PWPWARNTYPE_DESCRIPTION_GRACE_LOGINS_REMAINING_370=graceAuthNsRemaining
+ERR_PROXYAUTH1_CANNOT_LOCK_USER_371=Unable to obtain a lock on user \
+ entry %s for the proxied authorization V1 control validation
+ERR_PROXYAUTH1_UNUSABLE_ACCOUNT_372=Use of the proxied authorization V1 \
+ control for user %s is not allowed by the password policy configuration
+ERR_PROXYAUTH2_CANNOT_LOCK_USER_373=Unable to obtain a lock on user \
+ entry %s for the proxied authorization V2 control validation
+ERR_PROXYAUTH2_UNUSABLE_ACCOUNT_374=Use of the proxied authorization V2 \
+ control for user %s is not allowed by the password policy configuration
+ERR_ACCTUSABLEREQ_CONTROL_HAS_VALUE_375=Cannot decode the provided \
+ control as an account availability request control because the provided \
+ control had a value but the account availability request control should not \
+ have a value
+ERR_ACCTUSABLERES_NO_CONTROL_VALUE_376=Cannot decode the provided \
+ account availability response control because it does not have a value
+ERR_ACCTUSABLERES_UNKNOWN_VALUE_ELEMENT_TYPE_378=The account \
+ availability response control had an unknown ACCOUNT_USABLE_RESPONSE element \
+ type of %s
+ERR_ACCTUSABLERES_DECODE_ERROR_379=Cannot decode the provided account \
+ availability response control: %s
+ERR_ADDRESSMASK_PREFIX_DECODE_ERROR_380=Cannot decode the provided \
+ address mask prefix because an invalid value was specified. The permitted \
+ values for IPv4are 0 to32 and for IPv6 0 to128
+ERR_ADDRESSMASK_WILDCARD_DECODE_ERROR_381=Cannot decode the provided \
+ address mask because an prefix mask was specified with an wild card "*" match \
+ character
+ERR_ADDRESSMASK_FORMAT_DECODE_ERROR_382=Cannot decode the provided \
+ address mask because the it has an invalid format
+ERR_LDAP_ATTRIBUTE_DUPLICATE_VALUES_384=The provided LDAP attribute %s \
+ contains duplicate values
+ERR_LDAP_FILTER_UNKNOWN_MATCHING_RULE_385=The provided LDAP search \
+ filter references unknown matching rule %s
+ERR_LDAP_FILTER_VALUE_WITH_NO_ATTR_OR_MR_386=The provided LDAP search \
+ filter has an assertion value but does not include either an attribute type \
+ or a matching rule ID
+FATAL_ERR_LDAP_REQHANDLER_DETECTED_JVM_ISSUE_CR6322825_387=Unable to call \
+ select() in the LDAP connection handler: %s. It appears that your JVM may \
+ be susceptible to the issue described at \
+ http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6322825, and it is unable \
+ to handle LDAP requests in its current configuration. Please upgrade to a \
+ newer JVM that does not exhibit this behavior (Java 5.0 Update 8 or higher) \
+ or set the number of available file descriptors to a value greater than or \
+ equal to 8193 (e.g., by issuing the command 'ulimit -n 8193') before starting \
+ the Directory Server
+ERR_PROXYAUTH1_CONTROL_NOT_CRITICAL_388=Unwilling to process the request \
+ because it contains a proxied authorization V1 control which is not marked \
+ critical. The proxied authorization control must always have a criticality \
+ of "true"
+ERR_PROXYAUTH2_CONTROL_NOT_CRITICAL_389=Unwilling to process the request \
+ because it contains a proxied authorization V2 control which is not marked \
+ critical. The proxied authorization control must always have a criticality \
+ of "true"
+INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN_390=DN of the \
+ configuration entry for the key manager provider that should be used with \
+ this LDAP connection handler. Changes to this attribute will take effect \
+ immediately, but only for subsequent attempts to access the key manager \
+ provider for associated client connections
+INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN_393=DN of the \
+ configuration entry for the trust manager provider that should be used with \
+ this LDAP connection handler. Changes to this attribute will take effect \
+ immediately, but only for subsequent attempts to access the trust manager \
+ provider for associated client connections
+INFO_LDAPS_CONNHANDLER_DESCRIPTION_ENABLE_404=Specifies whether to enable the \
+ LDAPS connection handler
+ERR_LDAP_FILTER_NOT_EXACTLY_ONE_405=The provided search filter "%s" \
+ could not be decoded because the NOT filter between positions %d and %d did \
+ not contain exactly one filter component
+INFO_SORTREQ_CONTROL_NO_VALUE_406=Unable to decode the provided control as a \
+ server-side sort request control because it does not include a control value
+INFO_SORTREQ_CONTROL_UNDEFINED_ORDERING_RULE_408=Unable to process the \
+ provided server-side sort request control because it references undefined \
+ ordering matching rule %s
+INFO_SORTREQ_CONTROL_CANNOT_DECODE_VALUE_410=Unable to process the provided \
+ server-side sort request control because an error occurred while attempting \
+ to decode the control value: %s
+INFO_SORTRES_CONTROL_NO_VALUE_411=Unable to decode the provided control as a \
+ server-side sort response control because it does not include a control value
+INFO_SORTRES_CONTROL_CANNOT_DECODE_VALUE_412=Unable to process the provided \
+ server-side sort response control because an error occurred while attempting \
+ to decode the control value: %s
+INFO_SORTREQ_CONTROL_NO_ATTR_NAME_413=Unable to process the provided \
+ server-side sort request control because the sort order string "%s" included \
+ a sort key with no attribute name
+INFO_SORTREQ_CONTROL_NO_MATCHING_RULE_414=Unable to process the provided \
+ server-side sort request control because the sort order string "%s" included \
+ a sort key with a colon but no matching rule name
+INFO_SORTREQ_CONTROL_NO_SORT_KEYS_415=Unable to process the provided \
+ server-side sort request control because it did not contain any sort keys
+INFO_SORTREQ_CONTROL_NO_ORDERING_RULE_FOR_ATTR_416=Unable to process the \
+ provided server-side sort request control because it included attribute %s \
+ which does not have a default ordering matching rule and no ordering rule was \
+ specified in the sort key
+INFO_VLVREQ_CONTROL_NO_VALUE_417=Unable to decode the provided control as a \
+ VLV request control because it does not include a control value
+INFO_VLVREQ_CONTROL_INVALID_TARGET_TYPE_419=Unable to decode the provided \
+ control as a VLV request control because the target element type %s is \
+ invalid
+INFO_VLVREQ_CONTROL_CANNOT_DECODE_VALUE_420=Unable to process the provided \
+ VLV request control because an error occurred while attempting to decode the \
+ control value: %s
+INFO_VLVRES_CONTROL_NO_VALUE_421=Unable to decode the provided control as a \
+ VLV response control because it does not include a control value
+INFO_VLVRES_CONTROL_CANNOT_DECODE_VALUE_423=Unable to process the provided \
+ VLV response control because an error occurred while attempting to decode the \
+ control value: %s
+INFO_GETEFFECTIVERIGHTS_INVALID_AUTHZID_424=The authorization ID "%s" \
+ contained in the geteffectiverights control is invalid because it does not \
+ start with "dn:" to indicate a user DN
+INFO_GETEFFECTIVERIGHTS_DECODE_ERROR_425=Cannot decode the provided \
+ geteffectiverights request control: %s
+ERR_LDAP_FILTER_ENCLOSED_IN_APOSTROPHES_427=An LDAP filter enclosed in \
+ apostrophes is invalid: %s
+INFO_JMX_CONNHANDLER_DESCRIPTION_ENABLE_428=Specifies whether to enable the \
+ JMX connection handler
+ERR_LDAP_FILTER_INVALID_CHAR_IN_ATTR_TYPE_429=The provided search filter \
+ contains an invalid attribute type '%s' with invalid character '%s' at \
+ position %d
+ERR_LDAP_FILTER_EXTENSIBLE_MATCH_NO_AD_OR_MR_430=The provided search \
+ filter "%s" could not be decoded because the extensible match component \
+ starting at position %d did not include either an attribute description or a \
+ matching rule ID. At least one of them must be provided
+ERR_LDAPV2_CONTROLS_NOT_ALLOWED_431=LDAPv2 clients are not allowed to \
+ use request controls
+ERR_CONNHANDLER_CANNOT_BIND_432=The %s connection handler \
+ defined in configuration entry %s was unable to bind to %s:%d: %s
+ERR_JMX_ADD_INSUFFICIENT_PRIVILEGES_434=You do not have sufficient \
+ privileges to perform add operations through JMX
+ERR_JMX_DELETE_INSUFFICIENT_PRIVILEGES_435=You do not have sufficient \
+ privileges to perform delete operations through JMX
+ERR_JMX_MODIFY_INSUFFICIENT_PRIVILEGES_436=You do not have sufficient \
+ privileges to perform modify operations through JMX
+ERR_JMX_MODDN_INSUFFICIENT_PRIVILEGES_437=You do not have sufficient \
+ privileges to perform modify DN operations through JMX
+ERR_JMX_SEARCH_INSUFFICIENT_PRIVILEGES_438=You do not have sufficient \
+ privileges to perform search operations through JMX
+ERR_JMX_INSUFFICIENT_PRIVILEGES_439=You do not have sufficient \
+ privileges to establish the connection through JMX. At least JMX_READ \
+ privilege is required
+ERR_INTERNALCONN_NO_SUCH_USER_440=User %s does not exist in the directory
+ERR_INTERNALOS_CLOSED_441=This output stream has been closed
+ERR_INTERNALOS_INVALID_REQUEST_442=The provided LDAP message had an \
+ invalid operation type (%s) for a request
+ERR_INTERNALOS_SASL_BIND_NOT_SUPPORTED_443=SASL bind operations are not \
+ supported over internal LDAP sockets
+ERR_INTERNALOS_STARTTLS_NOT_SUPPORTED_444=StartTLS operations are not \
+ supported over internal LDAP sockets
+SEVERE_WARN_LDIF_CONNHANDLER_LDIF_DIRECTORY_NOT_DIRECTORY_445=The value %s \
+ specified as the LDIF directory path for the LDIF connection handler defined \
+ in configuration entry %s exists but is not a directory. The specified path \
+ must be a directory. The LDIF connection handler will start, but will not \
+ be able to proces any changes until this path is changed to a directory
+MILD_WARN_LDIF_CONNHANDLER_LDIF_DIRECTORY_MISSING_446=The directory %s \
+ referenced by the LDIF connection handler defined in configuration entry %s \
+ does not exist. The LDIF connection handler will start, but will not be \
+ able to process any changes until this directory is created
+ERR_LDIF_CONNHANDLER_CANNOT_READ_CHANGE_RECORD_NONFATAL_447=An error \
+ occurred while trying to read a change record from the LDIF file: %s. This \
+ change will be skipped but processing on the LDIF file will continue
+ERR_LDIF_CONNHANDLER_CANNOT_READ_CHANGE_RECORD_FATAL_448=An error \
+ occurred while trying to read a change record from the LDIF file: %s. No \
+ further processing on this LDIF file can be performed
+INFO_LDIF_CONNHANDLER_UNKNOWN_CHANGETYPE_449=Unsupported change type %s
+INFO_LDIF_CONNHANDLER_RESULT_CODE_450=Result Code: %d (%s)
+INFO_LDIF_CONNHANDLER_ERROR_MESSAGE_451=Additional Info: %s
+INFO_LDIF_CONNHANDLER_MATCHED_DN_452=Matched DN: %s
+INFO_LDIF_CONNHANDLER_REFERRAL_URL_453=Referral URL: %s
+ERR_LDIF_CONNHANDLER_IO_ERROR_454=An I/O error occurred while the LDIF \
+ connection handler was processing LDIF file %s: %s
+ERR_LDIF_CONNHANDLER_CANNOT_RENAME_455=An error occurred while the \
+ LDIF connection handler was attempting to rename partially-processed file \
+ from %s to %s: %s
+ERR_LDIF_CONNHANDLER_CANNOT_DELETE_456=An error occurred while the \
+ LDIF connection handler was attempting to delete processed file %s: %s
+ERR_CONNHANDLER_ADDRESS_INUSE_457=Address already in use
+ERR_SUBENTRIES_NO_CONTROL_VALUE_458=Cannot decode the provided \
+ subentries control because it does not have a value
+ERR_SUBENTRIES_CANNOT_DECODE_VALUE_459=Cannot decode the provided \
+ subentries control because an error occurred while attempting \
+ to decode the control value: %s
+ERR_SNMP_CONNHANDLER_NO_CONFIGURATION_1462=No Configuration was defined \
+ for this connection handler. The configuration parameters ds-cfg-listen-port \
+ and ds-cfg-trap-port are required by the connection handler to start
+ERR_SNMP_CONNHANDLER_TRAPS_DESTINATION_1463=Traps Destination %s is \
+ an unknown host. Traps will not be sent to this destination
+ERR_SNMP_CONNHANDLER_NO_OPENDMK_JARFILES_1464=You do not have the \
+ appropriate OpenDMK jar files to enable the SNMP Connection Handler. \
+ Please go under http://opendmk.dev.java.net and set the \
+ opendmk-jarfile configuration parameter to set the full path \
+ of the required jdmkrt.jar file. The SNMP connection Handler didn't started
+ERR_SNMP_CONNHANDLER_BAD_CONFIGURATION_1465=Cannot initialize the \
+ SNMP Connection Handler. Please check the configuration attributes
+ERR_SNMP_CONNHANDLER_NO_VALID_TRAP_DESTINATIONS_1466=No valid trap \
+ destinations has been found. No trap will be sent
+ERR_ASN1_READ_ERROR_1500=An error occured while accessing the \
+ underlying data source: %s
+ERR_SUBTREE_DELETE_INVALID_CONTROL_VALUE_1503=Cannot decode the provided \
+ subtree delete control because it contains a value
+ERR_CONNHANDLER_SSL_CANNOT_INITIALIZE_1504=An error occurred \
+ while attempting to initialize the SSL context for use in the LDAP \
+ Connection Handler: %s
+ERR_LDAP_UNSUPPORTED_PROTOCOL_VERSION_1505=The Directory Server does not \
+ support LDAP protocol version %d. This connection will be closed
+ERR_SNMP_CONNHANDLER_OPENDMK_JARFILES_DOES_NOT_EXIST_1506=The specified \
+ OpenDMK jar file '%s' could not be found. Verify that the value set in the \
+ opendmk-jarfile configuration parameter of the SNMP connection handler is the \
+ valid path to the jdmkrt.jar file and that the file is accessible
+ERR_SNMP_CONNHANDLER_OPENDMK_JARFILES_NOT_OPERATIONAL_1507=The required \
+ classes could not be loaded using jar file '%s'. Verify that the jar file \
+ is not corrupted
+ERR_CANNOT_DECODE_CONTROL_VALUE_1508=Cannot decode the provided \
+ control %s because an error occurred while attempting to \
+ decode the control value: %s
+ERR_ECLN_NO_CONTROL_VALUE_1509=Cannot decode the provided entry changelog \
+ notification control because it does not have a value
+ERR_ECLN_CANNOT_DECODE_VALUE_1510=Cannot decode the provided entry \
+ changelog notification control because an error occurred while attempting to \
+ decode the control value: %s
+ERR_UNEXPECTED_CONNECTION_CLOSURE_1511=The connection to the Directory \
+Server was closed while waiting for a response
+INFO_ERGONOMIC_SIZING_OF_REQUEST_HANDLER_THREADS_1512=Connection handler '%s' \
+ does not specify the number of request handler threads: defaulting to %d threads
+ERR_LDAP_CLIENT_IO_ERROR_DURING_READ_1513=An IO error occurred while \
+ reading a request from the client: %s
+ERR_LDAP_CLIENT_IO_ERROR_BEFORE_READ_1514=Connection reset by client
+ERR_CONNHANDLER_CONFIG_CHANGES_REQUIRE_RESTART_1516=The server received \
+ configuration changes that require a restart of the %s connection handler \
+ to take effect
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AESPasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AESPasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..777c4d2
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AESPasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="aes-password-storage-scheme"
+ plural-name="aes-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the AES
+ reversible encryption mechanism.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "AES".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-aes-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.AESPasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessControlHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessControlHandlerConfiguration.xml
new file mode 100644
index 0000000..a7c6f72
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessControlHandlerConfiguration.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="access-control-handler"
+ plural-name="access-control-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ manage the application-wide access control. The <adm:product-name /> access control
+ handler is defined through an extensible interface, so that alternate
+ implementations can be created. Only one access control handler may be
+ active in the server at any given time.
+ </adm:synopsis>
+ <adm:description>
+ Note that <adm:product-name /> also has a privilege subsystem, which may have an impact
+ on what clients may be allowed to do in the server. For example, any user
+ with the bypass-acl privilege is not subject to access control
+ checking regardless of whether the access control implementation is
+ enabled.
+ </adm:description>
+ <adm:tag name="security" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-access-control-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled. If set to FALSE, then no access control is enforced, and any
+ client (including unauthenticated or anonymous clients) could be allowed to perform any
+ operation if not subject to other restrictions, such as those enforced by the privilege
+ subsystem.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.AccessControlHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogFilteringCriteriaConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogFilteringCriteriaConfiguration.xml
new file mode 100644
index 0000000..2edc2a9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogFilteringCriteriaConfiguration.xml
@@ -0,0 +1,476 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 ForgeRock AS.
+ ! -->
+<adm:managed-object name="access-log-filtering-criteria"
+ plural-name="access-log-filtering-criteria"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ A set of rules which together determine whether a log record should be
+ logged or not.
+ </adm:synopsis>
+ <adm:tag name="logging" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-access-log-filtering-criteria</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="log-record-type" multi-valued="true">
+ <adm:synopsis>
+ Filters log records based on their type.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="abandon">
+ <adm:synopsis>Abandon operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="add">
+ <adm:synopsis>Add operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="bind">
+ <adm:synopsis>Bind operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="compare">
+ <adm:synopsis>Compare operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="delete">
+ <adm:synopsis>Delete operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="extended">
+ <adm:synopsis>Extended operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="modify">
+ <adm:synopsis>Modify operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="rename">
+ <adm:synopsis>Rename operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="search">
+ <adm:synopsis>Search operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="unbind">
+ <adm:synopsis>Unbind operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="connect">
+ <adm:synopsis>Client connections</adm:synopsis>
+ </adm:value>
+ <adm:value name="disconnect">
+ <adm:synopsis>Client disconnections</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-record-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="connection-client-address-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with connections which match at least one
+ of the specified client host names or address masks.
+ </adm:synopsis>
+ <adm:description>
+ Valid values include a host name, a fully qualified domain name, a
+ domain name, an IP address, or a subnetwork with subnetwork mask.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address-mask />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-client-address-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="connection-client-address-not-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with connections which do not match any
+ of the specified client host names or address masks.
+ </adm:synopsis>
+ <adm:description>
+ Valid values include a host name, a fully qualified domain name, a
+ domain name, an IP address, or a subnetwork with subnetwork mask.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address-mask />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-client-address-not-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="connection-protocol-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with connections which match any
+ of the specified protocols.
+ </adm:synopsis>
+ <adm:description>
+ Typical values include "ldap", "ldaps", or "jmx".
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>[a-zA-Z0-9]+</adm:regex>
+ <adm:usage>NAME</adm:usage>
+ <adm:synopsis>
+ The protocol name as reported in the access log.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-protocol-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="connection-port-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with connections to any of the specified
+ listener port numbers.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-port-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-dn-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with users matching at least one of the
+ specified DN patterns.
+ </adm:synopsis>
+ <adm:description>
+ Valid DN filters are strings composed of zero or more wildcards. A double
+ wildcard ** replaces one or more RDN components (as in
+ uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a
+ whole RDN, or a whole type, or a value substring (as in
+ uid=bj*,ou=people,dc=example,dc=com).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-dn-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-dn-not-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with users which do not match any of the
+ specified DN patterns.
+ </adm:synopsis>
+ <adm:description>
+ Valid DN filters are strings composed of zero or more wildcards. A double
+ wildcard ** replaces one or more RDN components (as in
+ uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a
+ whole RDN, or a whole type, or a value substring (as in
+ uid=bj*,ou=people,dc=example,dc=com).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-dn-not-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-is-member-of" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with users which are members of at least
+ one of the specified groups.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-is-member-of</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-is-not-member-of" multi-valued="true">
+ <adm:synopsis>
+ Filters log records associated with users which are not members of any
+ of the specified groups.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-is-not-member-of</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="request-target-dn-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters operation log records associated with operations which target
+ entries matching at least one of the specified DN patterns.
+ </adm:synopsis>
+ <adm:description>
+ Valid DN filters are strings composed of zero or more wildcards. A double
+ wildcard ** replaces one or more RDN components (as in
+ uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a
+ whole RDN, or a whole type, or a value substring (as in
+ uid=bj*,ou=people,dc=example,dc=com).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-request-target-dn-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="request-target-dn-not-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters operation log records associated with operations which target
+ entries matching none of the specified DN patterns.
+ </adm:synopsis>
+ <adm:description>
+ Valid DN filters are strings composed of zero or more wildcards. A double
+ wildcard ** replaces one or more RDN components (as in
+ uid=dmiller,**,dc=example,dc=com). A simple wildcard * replaces either a
+ whole RDN, or a whole type, or a value substring (as in
+ uid=bj*,ou=people,dc=example,dc=com).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-request-target-dn-not-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="response-result-code-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters operation response log records associated with operations which
+ include any of the specified result codes.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-response-result-code-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="response-result-code-not-equal-to" multi-valued="true">
+ <adm:synopsis>
+ Filters operation response log records associated with operations which
+ do not include any of the specified result codes.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-response-result-code-not-equal-to</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="response-etime-greater-than">
+ <adm:synopsis>
+ Filters operation response log records associated with operations which
+ took longer than the specified number of milli-seconds to complete.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer>
+ <adm:unit-synopsis>milli-seconds</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-response-etime-greater-than</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="response-etime-less-than">
+ <adm:synopsis>
+ Filters operation response log records associated with operations which
+ took less than the specified number of milli-seconds to complete.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer>
+ <adm:unit-synopsis>milli-seconds</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-response-etime-less-than</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="search-response-nentries-greater-than">
+ <adm:synopsis>
+ Filters search operation response log records associated with searches
+ which returned more than the specified number of entries.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer>
+ <adm:unit-synopsis>entries</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-search-response-nentries-greater-than</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="search-response-nentries-less-than">
+ <adm:synopsis>
+ Filters search operation response log records associated with searches
+ which returned less than the specified number of entries.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer>
+ <adm:unit-synopsis>entries</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-search-response-nentries-less-than</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="search-response-is-indexed">
+ <adm:synopsis>
+ Filters search operation response log records associated with searches
+ which were either indexed or unindexed.
+ </adm:synopsis>
+ <adm:description>
+ It is recommended to only use this criteria in conjunction with the
+ "combined" output mode of the access logger, since this filter criteria
+ is only applied to response log messages.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-search-response-is-indexed</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogPublisherConfiguration.xml
new file mode 100644
index 0000000..145fd74
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccessLogPublisherConfiguration.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2011-2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="access-log-publisher"
+ plural-name="access-log-publishers"
+ package="org.forgerock.opendj.admin" extends="log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for distributing access log messages from the access
+ logger to a destination.
+ </adm:synopsis>
+ <adm:description>
+ Access log messages provide information about the types of operations
+ processed by the server.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-access-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:relation name="access-log-filtering-criteria">
+ <adm:synopsis>
+ The set of criteria which will be used to filter log records.
+ </adm:synopsis>
+ <adm:one-to-many/>
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Filtering Criteria</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.api.AccessLogPublisher</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="filtering-policy">
+ <adm:synopsis>
+ Specifies how filtering criteria should be applied to log records.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>no-filtering</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="no-filtering">
+ <adm:synopsis>
+ No filtering will be performed, and all records will be logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="inclusive">
+ <adm:synopsis>
+ Records must match at least one of the filtering criteria in order
+ to be logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="exclusive">
+ <adm:synopsis>
+ Records must not match any of the filtering criteria in order to be
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-filtering-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="suppress-internal-operations" advanced="true">
+ <adm:synopsis>
+ Indicates whether internal operations (for example, operations
+ that are initiated by plugins) should be logged along with the
+ operations that are requested by users.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-suppress-internal-operations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="suppress-synchronization-operations"
+ advanced="true">
+ <adm:synopsis>
+ Indicates whether access messages that are generated by
+ synchronization operations should be suppressed.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-suppress-synchronization-operations
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccountStatusNotificationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccountStatusNotificationHandlerConfiguration.xml
new file mode 100644
index 0000000..a75c5ba
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AccountStatusNotificationHandlerConfiguration.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="account-status-notification-handler"
+ plural-name="account-status-notification-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are invoked to provide notification to users in some form (for example,
+ by an email message) when the status of a user's account has changed
+ in some way. The
+ <adm:user-friendly-name />
+ can be used to notify the user and/or administrators of the change.
+ </adm:synopsis>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-account-status-notification-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled. Only enabled handlers are invoked whenever
+ a related event occurs in the server.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.AccountStatusNotificationHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AdministrationConnectorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AdministrationConnectorConfiguration.xml
new file mode 100644
index 0000000..f16beca
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AdministrationConnectorConfiguration.xml
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock, AS.
+ ! -->
+<adm:managed-object name="administration-connector"
+ plural-name="administration-connectors"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to interact with administration tools using LDAP.
+ </adm:synopsis>
+ <adm:description>
+ It is a dedicated entry point for administration.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-administration-connector</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-reference name="listen-port" />
+ <adm:property name="listen-address" multi-valued="true">
+ <adm:synopsis>
+ Specifies the address or set of addresses on which this
+ <adm:user-friendly-name />
+ should listen for connections from LDAP clients.
+ </adm:synopsis>
+ <adm:description>
+ Multiple addresses may be provided as separate values for this
+ attribute. If no values are provided, then the
+ <adm:user-friendly-name />
+ listens on all interfaces.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0.0.0.0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-manager-provider" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the key manager that is used with
+ the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="key-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced key manager provider must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-manager-provider" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the trust manager that is used with
+ the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="trust-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced trust manager provider must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cert-nickname" mandatory="true">
+ <adm:synopsis>
+ Specifies the nickname (also called the alias) of the certificate
+ that the
+ <adm:user-friendly-name />
+ will use when performing SSL communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>Let the server decide.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string></adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cert-nickname</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols that are allowed for
+ use in SSL or StartTLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the server's
+ JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cipher-suite" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AlertHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AlertHandlerConfiguration.xml
new file mode 100644
index 0000000..ed1ba2b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AlertHandlerConfiguration.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="alert-handler" plural-name="alert-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used to notify administrators of significant problems or notable
+ events that occur in the <adm:product-name /> directory server.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-alert-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.AlertHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="enabled-alert-type" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the alert types that are enabled for this
+ alert handler.
+ </adm:synopsis>
+ <adm:description>
+ If there are any values for this attribute, then only alerts with
+ one of the specified types are allowed (unless they are also
+ included in the disabled alert types). If there are no values for
+ this attribute, then any alert with a type not included in the
+ list of disabled alert types is allowed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All alerts with types not included in the set of disabled
+ alert types are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled-alert-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="disabled-alert-type" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the alert types that are disabled for this
+ alert handler.
+ </adm:synopsis>
+ <adm:description>
+ If there are any values for this attribute, then no alerts with
+ any of the specified types are allowed. If there are no values
+ for this attribute, then only alerts with a type included in the
+ set of enabled alert types are allowed, or if there are no
+ values for the enabled alert types option, then all alert types
+ are allowed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If there is a set of enabled alert types, then only alerts
+ with one of those types are allowed. Otherwise, all alerts
+ are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-disabled-alert-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AnonymousSASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AnonymousSASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..1f977da
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AnonymousSASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="anonymous-sasl-mechanism-handler"
+ plural-name="anonymous-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The ANONYMOUS SASL mechanism provides the ability for clients to
+ perform an anonymous bind using a SASL mechanism.
+ </adm:synopsis>
+ <adm:description>
+ The only real
+ benefit that this provides over a normal anonymous bind (that is,
+ using simple authentication with no password) is that the ANONYMOUS
+ SASL mechanism also allows the client to include a trace string in
+ the request. This trace string can help identify the application that
+ performed the bind (although since there is no authentication,
+ there is no assurance that some other client did not spoof that
+ trace string).
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-anonymous-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.AnonymousSASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeCleanupPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeCleanupPluginConfiguration.xml
new file mode 100644
index 0000000..afb9d00
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeCleanupPluginConfiguration.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 profiq s.r.o.
+ ! Portions copyright 2011 ForgeRock AS.
+ ! -->
+<adm:managed-object name="attribute-cleanup-plugin"
+ plural-name="attribute-cleanup-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+
+ <adm:synopsis>
+ A pre-parse plugin which can be used to remove and rename
+ attributes in ADD and MODIFY requests before being processed.
+ </adm:synopsis>
+
+ <adm:description>
+ This plugin should be used in order maintain interoperability with client
+ applications which attempt to update attributes in a way which is
+ incompatible with LDAPv3 or <adm:product-name />. For example, this plugin may be used
+ in order to remove changes to operational attributes such as modifiersName,
+ creatorsName, modifyTimestamp, and createTimestamp (Sun DSEE chaining does
+ this).
+ </adm:description>
+
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-attribute-cleanup-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.plugins.AttributeCleanupPlugin</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+ <adm:property-override name="invoke-for-internal-operations">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>preparseadd</adm:value>
+ <adm:value>preparsemodify</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+ <adm:property name="remove-inbound-attributes" multi-valued="true">
+ <adm:synopsis>
+ A list of attributes which should be removed from incoming add
+ or modify requests.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>No attributes will be removed</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <!-- Use string syntax because we may be removing invalid attributes -->
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-remove-inbound-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="rename-inbound-attributes" multi-valued="true">
+ <adm:synopsis>
+ A list of attributes which should be renamed in incoming add
+ or modify requests.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>No attributes will be renamed</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^[^:]+:[^:]+$</adm:regex>
+ <adm:usage>FROM:TO</adm:usage>
+ <adm:synopsis>An attribute name mapping.</adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rename-inbound-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..d4df635
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeSyntaxConfiguration.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="attribute-syntax"
+ plural-name="attribute-syntaxes" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define the type of data that may be stored in an attribute with that
+ syntax. A syntax is generally associated with a set of matching
+ rules that indicate how to perform matching operations against
+ values of that syntax.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-attribute-syntax</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.AttributeSyntax
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeTypeDescriptionAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeTypeDescriptionAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..8c57b43
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeTypeDescriptionAttributeSyntaxConfiguration.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="attribute-type-description-attribute-syntax"
+ plural-name="attribute-type-description-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ describe the format of the directory schema attribute type
+ definitions.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-attribute-type-description-attribute-syntax
+ </ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.AttributeTypeSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strip-syntax-min-upper-bound" advanced="true">
+ <adm:synopsis>
+ Indicates whether the suggested minimum upper bound appended to an
+ attribute's syntax OID in it's schema definition Attribute Type
+ Description is stripped off.
+ </adm:synopsis>
+ <adm:description>
+ When retrieving the server's schema, some APIs (JNDI) fail in
+ their syntax lookup methods, because they do not parse this value
+ correctly. This configuration option allows the server to be
+ configured to provide schema definitions these APIs can parse
+ correctly.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strip-syntax-min-upper-bound</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeValuePasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeValuePasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..416b922
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AttributeValuePasswordValidatorConfiguration.xml
@@ -0,0 +1,146 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock, AS.
+ ! -->
+<adm:managed-object name="attribute-value-password-validator"
+ plural-name="attribute-value-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ attempts to determine whether a proposed password is acceptable
+ for use by determining whether that password is contained in any
+ attribute within the user's entry.
+ </adm:synopsis>
+ <adm:description>
+ It can be configured to look
+ in all attributes or in a specified subset of attributes.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-attribute-value-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.AttributeValuePasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="match-attribute" multi-valued="true" >
+ <adm:synopsis>
+ Specifies the name(s) of the attribute(s) whose values should be
+ checked to determine whether they match the provided password.
+ If no values are provided, then the server checks if the proposed
+ password matches the value of any attribute in the user's entry.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All attributes in the user entry will be checked.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="check-substrings" mandatory="false">
+ <adm:synopsis>
+ Indicates whether this password validator is to match portions of
+ the password string against attribute values.
+ </adm:synopsis>
+ <adm:description>
+ If "false" then only match the entire password against attribute values
+ otherwise ("true") check whether the password contains attribute values.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-substrings</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-substring-length" mandatory="false">
+ <adm:synopsis>
+ Indicates the minimal length of the substring within the password
+ in case substring checking is enabled.
+ </adm:synopsis>
+ <adm:description>
+ If "check-substrings" option is set to true, then this parameter
+ defines the length of the smallest word which should be used for
+ substring matching. Use with caution because values below 3 might
+ disqualify valid passwords.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-substring-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="test-reversed-password" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator should test the reversed
+ value of the provided password as well as the order in which it
+ was given.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-test-reversed-password</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AuthenticationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AuthenticationPolicyConfiguration.xml
new file mode 100644
index 0000000..cff70ba
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/AuthenticationPolicyConfiguration.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="authentication-policy"
+ plural-name="authentication-policies" abstract="true"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define the policies which should be used for authenticating users and
+ managing the password and other account related state.
+ </adm:synopsis>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-authentication-policy</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class which provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.AuthenticationPolicyFactory
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackendConfiguration.xml
new file mode 100644
index 0000000..b910808
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackendConfiguration.xml
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="backend" plural-name="backends"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for providing access to the underlying data
+ presented by the server.
+ </adm:synopsis>
+ <adm:description>
+ The data may be stored locally in an embedded database,
+ remotely in an external system, or generated on the fly
+ (for example, calculated from other information that is available).
+ </adm:description>
+ <adm:tag name="database" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-backend</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the backend is enabled in the server.
+ </adm:synopsis>
+ <adm:description>
+ If a backend is not enabled, then its contents are not
+ accessible when processing operations.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ backend implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>org.opends.server.api.Backend</adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="backend-id" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies a name to identify the associated backend.
+ </adm:synopsis>
+ <adm:description>
+ The name must be unique among all backends in the server. The backend ID may
+ not be altered after the backend is created in the server.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-backend-id</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="writability-mode" mandatory="true">
+ <adm:synopsis>
+ Specifies the behavior that the backend should use when processing
+ write operations.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="enabled">
+ <adm:synopsis>
+ Allows write operations to be performed in that backend (if
+ the requested operation is valid, the user has permission to
+ perform the operation, the backend supports that type of
+ write operation, and the global writability-mode property is
+ also enabled).
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="disabled">
+ <adm:synopsis>
+ Causes all write attempts to fail.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="internal-only">
+ <adm:synopsis>
+ Causes external write attempts to fail but allows writes by
+ replication and internal operations.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-writability-mode</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" mandatory="true" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DN(s) for the data that the backend handles.
+ </adm:synopsis>
+ <adm:description>
+ A single backend may be responsible for one or more base DNs. Note
+ that no two backends may have the same base DN although one
+ backend may have a base DN that is below a base DN provided by
+ another backend (similar to the use of sub-suffixes in the Sun
+ Java System Directory Server). If any of the base DNs is
+ subordinate to a base DN for another backend, then all base DNs
+ for that backend must be subordinate to that same base DN.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ No administrative action is required by default although some
+ action may be required on a per-backend basis before the new
+ base DN may be used.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackupBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackupBackendConfiguration.xml
new file mode 100644
index 0000000..dcdd14b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BackupBackendConfiguration.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="backup-backend" plural-name="backup-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ advanced="true" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides read-only access to the set of backups
+ that are available for <adm:product-name />.
+ </adm:synopsis>
+ <adm:description>
+ It is provided as a convenience feature that makes it easier to determine what
+ backups are available to be restored if necessary.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-backup-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.BackupBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>disabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="backup-directory" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the path to a backup directory containing one or more
+ backups for a particular backend.
+ </adm:synopsis>
+ <adm:description>
+ This is a multivalued property. Each value may specify a
+ different backup directory if desired (one for each backend
+ for which backups are taken). Values may be either absolute paths
+ or paths that are relative to the base of the <adm:product-name /> directory
+ server installation.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-backup-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Base64PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Base64PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..3eea194
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Base64PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="base64-password-storage-scheme"
+ plural-name="base64-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the BASE64
+ encoding mechanism.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "BASE64". The
+ <adm:user-friendly-name />
+ merely obscures the password so that the clear-text password
+ is not available to casual observers. However, it offers no real
+ protection and should only be used if there are client applications
+ that specifically require this capability.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-base64-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.Base64PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlindTrustManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlindTrustManagerProviderConfiguration.xml
new file mode 100644
index 0000000..482f4bf
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlindTrustManagerProviderConfiguration.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="blind-trust-manager-provider"
+ plural-name="blind-trust-manager-providers"
+ package="org.forgerock.opendj.admin" extends="trust-manager-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The blind trust manager provider always trusts any certificate that
+ is presented to it, regardless of its issuer, subject, and validity
+ dates.
+ </adm:synopsis>
+ <adm:description>
+ Use the blind trust manager provider only for testing
+ purposes, because it allows clients to use forged certificates
+ and authenticate as virtually any user in the server.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-blind-trust-manager-provider</ldap:name>
+ <ldap:superior>ds-cfg-trust-manager-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.BlindTrustManagerProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlowfishPasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlowfishPasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..b7008d7
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/BlowfishPasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="blowfish-password-storage-scheme"
+ plural-name="blowfish-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the Blowfish
+ reversible encryption mechanism.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "BLOWFISH".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-blowfish-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.BlowfishPasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CancelExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CancelExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..ab75f9d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CancelExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="cancel-extended-operation-handler"
+ plural-name="cancel-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides support for the LDAP cancel extended operation as defined
+ in RFC 3909.
+ </adm:synopsis>
+ <adm:description>
+ It allows clients to cancel operations initiated from earlier
+ requests. The property ensures that both the cancel request and the
+ operation being canceled receives response messages.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-cancel-extended-operation-handler</ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.CancelExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..a51a090
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateAttributeSyntaxConfiguration.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! -->
+<adm:managed-object name="certificate-attribute-syntax"
+ plural-name="certificate-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define an attribute syntax for storing X.509 Certificates.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-certificate-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.CertificateSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strict-format" advanced="true">
+ <adm:synopsis>
+ Indicates whether or not X.509 Certificate values are required to
+ strictly comply with the standard definition for this syntax.
+ </adm:synopsis>
+ <adm:description>
+ When set to false, certificates will not be validated and, as a result
+ any sequence of bytes will be acceptable.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strict-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateMapperConfiguration.xml
new file mode 100644
index 0000000..e10bc50
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CertificateMapperConfiguration.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="certificate-mapper"
+ plural-name="certificate-mappers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for establishing a mapping between a client
+ certificate and the entry for the user that corresponds to that
+ certificate.
+ </adm:synopsis>
+ <adm:tag name="security" />
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-certificate-mapper</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.CertificateMapper
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ChangeNumberControlPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ChangeNumberControlPluginConfiguration.xml
new file mode 100644
index 0000000..26a9e3b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ChangeNumberControlPluginConfiguration.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="change-number-control-plugin"
+ plural-name="change-number-control-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ returns the change number generated by the replication subsystem.
+ </adm:synopsis>
+ <adm:description>
+ The <adm:user-friendly-name /> returns the change number generated
+ by the Multi-Master Replication subsystem when :
+ - the Multi-Master Replication is configured and enabled
+ - the request is a write operation (add, delete, modify, moddn)
+ - the control is part of a request.
+ If all of the above are true, the response contains a control response
+ with a string representing the change number.
+ The implementation for the chnage number control plug-in is contained
+ in the org.opends.server.plugins.ChangeNumberControlPlugin class. It must be
+ configured with the postOperationAdd, postOperationDelete,
+ postOperationModify and postOperationModifyDN plug-in types,
+ but it does not have any other custom configuration.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-change-number-control-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.plugins.ChangeNumberControlPlugin</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>postOperationAdd</adm:value>
+ <adm:value>postOperationDelete</adm:value>
+ <adm:value>postOperationModify</adm:value>
+ <adm:value>postOperationModifyDN</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CharacterSetPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CharacterSetPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..222cb2b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CharacterSetPasswordValidatorConfiguration.xml
@@ -0,0 +1,199 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011-2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="character-set-password-validator"
+ plural-name="character-set-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ determines whether a proposed password is acceptable by
+ checking whether it contains a sufficient number of characters
+ from one or more user-defined character sets and ranges.
+ </adm:synopsis>
+ <adm:description>
+ For example,
+ the validator can ensure that passwords must
+ have at least one lowercase letter, one uppercase letter, one digit,
+ and one symbol.
+ </adm:description>
+ <adm:constraint>
+ <adm:synopsis>
+ The <adm:user-friendly-name/> must have at least one character set
+ or range specified.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:or>
+ <adm:is-present property="character-set" />
+ <adm:is-present property="character-set-ranges" />
+ </adm:or>
+ </adm:condition>
+ </adm:constraint>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-character-set-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.CharacterSetPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="character-set" mandatory="false"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies a character set containing characters that a password
+ may contain and a value indicating the minimum number of
+ characters required from that set.
+ </adm:synopsis>
+ <adm:description>
+ Each value must be an integer (indicating the minimum required
+ characters from the set which may be zero, indicating that the
+ character set is optional) followed by a colon and the characters to
+ include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz"
+ indicates that a user password must contain at least three
+ characters from the set of lowercase ASCII letters). Multiple
+ character sets can be defined in separate values, although no
+ character can appear in more than one character set.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no sets are specified, the validator only uses the
+ defined character ranges.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string case-insensitive="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-character-set</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="character-set-ranges" mandatory="false"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies a character range containing characters that a password
+ may contain and a value indicating the minimum number of
+ characters required from that range.
+ </adm:synopsis>
+ <adm:description>
+ Each value must be an integer (indicating the minimum required
+ characters from the range which may be zero, indicating that the
+ character range is optional) followed by a colon and one or more
+ range specifications. A range specification is 3 characters: the
+ first character allowed, a minus, and the last character allowed.
+ For example, "3:A-Za-z0-9". The ranges in each value should not
+ overlap, and the characters in each range specification should be
+ ordered.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no ranges are specified, the validator only uses the
+ defined character sets.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string case-insensitive="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-character-set-ranges</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-unclassified-characters" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator allows passwords to
+ contain characters outside of any of the user-defined character
+ sets and ranges.
+ </adm:synopsis>
+ <adm:description>
+ If this is "false", then only those characters in the user-defined
+ character sets and ranges may be used in passwords. Any password
+ containing a character not included in any character set or range
+ will be rejected.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-unclassified-characters</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-character-sets" mandatory="false">
+ <adm:synopsis>
+ Specifies the minimum number of character sets and ranges that a
+ password must contain.
+ </adm:synopsis>
+ <adm:description>
+ This property should only be used in conjunction with optional character
+ sets and ranges (those requiring zero characters). Its value must
+ include any mandatory character sets and ranges (those requiring greater
+ than zero characters). This is useful in situations where a password
+ must contain characters from mandatory character sets and ranges, and
+ characters from at least N optional character sets and ranges. For
+ example, it is quite common to require that a password contains at
+ least one non-alphanumeric character as well as characters from two
+ alphanumeric character sets (lower-case, upper-case, digits). In this
+ case, this property should be set to 3.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The password must contain characters from each of the mandatory
+ character sets and ranges and, if there are optional character sets
+ and ranges, at least one character from one of the optional character
+ sets and ranges.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-character-sets</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClearPasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClearPasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..f6dd078
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClearPasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="clear-password-storage-scheme"
+ plural-name="clear-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for storing user passwords in clear text,
+ without any form of obfuscation.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "CLEAR". The
+ <adm:user-friendly-name />
+ should only be used if there are client applications that specifically
+ require this capability.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-clear-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ClearPasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClientConnectionMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClientConnectionMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..233ca91
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ClientConnectionMonitorProviderConfiguration.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="client-connection-monitor-provider"
+ plural-name="client-connection-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ exposes monitor information about the set of client connections that
+ are established to the <adm:product-name /> directory server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-client-connection-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.ClientConnectionMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollationMatchingRuleConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollationMatchingRuleConfiguration.xml
new file mode 100644
index 0000000..e8b6635
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollationMatchingRuleConfiguration.xml
@@ -0,0 +1,126 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="collation-matching-rule"
+ plural-name="collation-matching-rules"
+ package="org.forgerock.opendj.admin" extends="matching-rule"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ provide support for locale-specific filtering and indexing.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-collation-matching-rule</ldap:name>
+ <ldap:superior>ds-cfg-matching-rule</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="matching-rule-type" multi-valued="true" mandatory="true">
+ <adm:synopsis>
+ the types of matching rules that should be supported for each locale
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="equality">
+ <adm:synopsis>
+ Specifies if equality type collation matching rule needs to
+ be created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="less-than">
+ <adm:synopsis>
+ Specifies if less-than type collation matching rule needs to
+ be created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="less-than-or-equal-to">
+ <adm:synopsis>
+ Specifies if less-than-or-equal-to type collation matching rule
+ needs to be created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="greater-than">
+ <adm:synopsis>
+ Specifies if greater-than type collation matching rule needs
+ to be created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="greater-than-or-equal-to">
+ <adm:synopsis>
+ Specifies if greater-than-or-equal-to type collation matching rule
+ needs to be created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="substring">
+ <adm:synopsis>
+ Specifies if substring type collation matching rule needs to be
+ created for each locale.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-matching-rule-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="collation" multi-valued="true" mandatory="true">
+ <adm:synopsis>
+ the set of supported locales
+ </adm:synopsis>
+ <adm:description>
+ Collation must be specified using the syntax: LOCALE:OID
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^[a-z-A-Z]+:[0-9.]+\\d$</adm:regex>
+ <adm:usage>LOCALE:OID</adm:usage>
+ <adm:synopsis>
+ A Locale followed by a ":" and an OID.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-collation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.CollationMatchingRuleFactory
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
\ No newline at end of file
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollectiveAttributeSubentriesVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollectiveAttributeSubentriesVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..9c974fa
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CollectiveAttributeSubentriesVirtualAttributeConfiguration.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="collective-attribute-subentries-virtual-attribute"
+ plural-name="collective-attribute-subentries-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that specifies all collective
+ attribute subentries that affect the entry.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-collective-attribute-subentries-virtual-attribute
+ </ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>collectiveAttributeSubentries</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConfigFileHandlerBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConfigFileHandlerBackendConfiguration.xml
new file mode 100644
index 0000000..7f9f31f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConfigFileHandlerBackendConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="config-file-handler-backend"
+ plural-name="config-file-handler-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ advanced="true" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ allows clients to access the server configuration over protocol, and
+ allow both read and write operations. Note: Modify DN operations are not
+ supported for entries in the server configuration.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-config-file-handler-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ConfigFileHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..63c44aa
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ConnectionHandlerConfiguration.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="connection-handler"
+ plural-name="connection-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for handling all interaction with the clients,
+ including accepting the connections, reading requests, and sending
+ responses.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-connection-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.ConnectionHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="allowed-client" />
+ <adm:property-reference name="denied-client" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CountryStringAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CountryStringAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..62df373
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CountryStringAttributeSyntaxConfiguration.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 ForgeRock AS.
+ ! Portions Copyright 2012 Manuel Gaupp
+ ! -->
+<adm:managed-object name="country-string-attribute-syntax"
+ plural-name="country-string-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define an attribute syntax for storing country codes.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-country-string-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.CountryStringSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strict-format" advanced="true">
+ <adm:synopsis>
+ Indicates whether or not country code values are required to
+ strictly comply with the standard definition for this syntax.
+ </adm:synopsis>
+ <adm:description>
+ When set to false, country codes will not be validated and, as
+ a result any string containing 2 characters will be acceptable.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strict-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CramMD5SASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CramMD5SASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..89c94f0
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CramMD5SASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,100 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="cram-md5-sasl-mechanism-handler"
+ plural-name="cram-md5-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The CRAM-MD5 SASL mechanism provides the ability for clients to
+ perform password-based authentication in a manner that does not
+ expose their password in the clear.
+ </adm:synopsis>
+ <adm:description>
+ Rather than including the
+ password in the bind request, the CRAM-MD5 mechanism uses a
+ two-step process in which the client needs only to prove that it
+ knows the password. The server sends randomly-generated data to
+ the client that is to be used in the process, which makes it
+ resistant to replay attacks. The one-way message digest
+ algorithm ensures that the original clear-text password is not
+ exposed. Note that the algorithm used by the CRAM-MD5 mechanism
+ requires that both the client and the server have access to the
+ clear-text password (or potentially a value that is derived from
+ the clear-text password). In order to authenticate to the server
+ using CRAM-MD5, the password for a user's account must be encoded
+ using a reversible password storage scheme that allows the server
+ to have access to the clear-text value.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-cram-md5-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.CRAMMD5SASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="identity-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper used
+ with this SASL mechanism handler to match the authentication
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptPasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptPasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..f15a61b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptPasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2010-2013 ForgeRock AS
+ ! Portions Copyright 2012 Dariusz Janny <dariusz.janny@gmail.com>
+ ! -->
+<adm:managed-object name="crypt-password-storage-scheme"
+ plural-name="crypt-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords like Unix crypt does.
+ Like on most Unix systems, the password may be encrypted using different
+ algorithms, either Unix crypt, md5, sha256 or sha512.
+ </adm:synopsis>
+ <adm:description>
+ This implementation contains an implementation for the user
+ password syntax, with a storage scheme name of "CRYPT". Like on most
+ Unixes, the "CRYPT" storage scheme has different algorithms, the default
+ being the Unix crypt.
+
+ Even though the Unix crypt is a one-way digest, it
+ is relatively weak by today's standards. Because it supports
+ only a 12-bit salt (meaning that there are only 4096 possible ways to
+ encode a given password), it is also vulnerable to dictionary attacks.
+ You should therefore use this storage scheme only in cases where an
+ external application expects to retrieve the password and verify it
+ outside of the directory, rather than by performing an LDAP bind.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-crypt-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.CryptPasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="crypt-password-storage-encryption-algorithm" mandatory="true">
+ <adm:synopsis>
+ Specifies the algorithm to use to encrypt new passwords.
+ </adm:synopsis>
+ <adm:description>
+ Select the crypt algorithm to use to encrypt new passwords.
+ The value can either be "unix", which means the password is encrypted
+ with the Unix crypt algorithm, or md5 which means the password is
+ encrypted with the BSD MD5 algorithm and has a $1$ prefix,
+ or sha256 which means the password is encrypted with the SHA256 algorithm
+ and has a $5$ prefix, or sha512 which means the password is encrypted with
+ the SHA512 algorithm and has a $6$ prefix.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>unix</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="unix">
+ <adm:synopsis>
+ New passwords are encrypted with the Unix crypt algorithm.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="md5">
+ <adm:synopsis>
+ New passwords are encrypted with the BSD MD5 algorithm.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="sha256">
+ <adm:synopsis>
+ New passwords are encrypted with the Unix crypt SHA256 algorithm.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="sha512">
+ <adm:synopsis>
+ New passwords are encrypted with the Unix crypt SHA512 algorithm.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-crypt-password-storage-encryption-algorithm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptoManagerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptoManagerConfiguration.xml
new file mode 100644
index 0000000..a779424
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/CryptoManagerConfiguration.xml
@@ -0,0 +1,312 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="crypto-manager" plural-name="crypto-managers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a common interface for performing compression,
+ decompression, hashing, encryption and other kinds of cryptographic
+ operations.
+ </adm:synopsis>
+ <adm:tag name="security" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-crypto-manager</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="digest-algorithm" advanced="true">
+ <adm:synopsis>
+ Specifies the preferred message digest algorithm for the directory server.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and
+ only affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>SHA-1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-digest-algorithm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="mac-algorithm" advanced="true">
+ <adm:synopsis>
+ Specifies the preferred MAC algorithm for the directory server.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>HmacSHA1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mac-algorithm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="mac-key-length" advanced="true">
+ <adm:synopsis>
+ Specifies the key length in bits for the preferred MAC algorithm.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>128</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mac-key-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="cipher-transformation" advanced="true">
+ <adm:synopsis>
+ Specifies the cipher for the directory server
+ using the syntax algorithm/mode/padding.
+ </adm:synopsis>
+ <adm:description>
+ The full transformation is required: specifying only an algorithm
+ and allowing the cipher provider to supply the default mode and
+ padding is not supported, because there is no guarantee these
+ default values are the same among different implementations.
+ Some cipher algorithms, including RC4 and ARCFOUR, do not have a
+ mode or padding, and hence must be specified using NONE for the
+ mode field and NoPadding for the padding field. For example,
+ RC4/NONE/NoPadding.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but
+ only affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>AES/CBC/PKCS5Padding</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cipher-transformation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="cipher-key-length" advanced="true">
+ <adm:synopsis>
+ Specifies the key length in bits for the preferred cipher.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but
+ only affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>128</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cipher-key-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-wrapping-transformation" multi-valued="false" advanced="false">
+ <adm:synopsis>
+ The preferred key wrapping transformation for the directory server. This value must
+ be the same for all server instances in a replication topology.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect immediately but will
+ only affect cryptographic operations performed after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-wrapping-transformation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols that are allowed for
+ use in SSL or TLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the server's
+ JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cipher-suite" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL or TLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-encryption">
+ <adm:synopsis>
+ Specifies whether SSL/TLS is used to provide encrypted
+ communication between two <adm:product-name /> server components.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-encryption</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="ssl-cert-nickname" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugLogPublisherConfiguration.xml
new file mode 100644
index 0000000..d6ea5cf
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugLogPublisherConfiguration.xml
@@ -0,0 +1,253 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="debug-log-publisher"
+ plural-name="debug-log-publishers"
+ package="org.forgerock.opendj.admin" extends="log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for distributing debug log messages from the debug
+ logger to a destination.
+ </adm:synopsis>
+ <adm:description>
+ Debug log messages provide information that can be used for debugging
+ or troubleshooting problems in the server, or for providing more
+ detailed information about the processing that the server performs.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-debug-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:relation name="debug-target">
+ <adm:one-to-many naming-property="debug-scope" />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Debug Targets</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="debug-level" />
+ <cli:default-property name="debug-category" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.api.DebugLogPublisher</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="default-debug-level" mandatory="true">
+ <adm:synopsis>
+ The lowest severity level of debug messages to log when none of
+ the defined targets match the message.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>error</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="disabled">
+ <adm:synopsis>No messages will be logged.</adm:synopsis>
+ </adm:value>
+ <adm:value name="error">
+ <adm:synopsis>
+ Messages with severity level of ERROR or higher will be
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warning">
+ <adm:synopsis>
+ Messages with severity level of WARNING or higher will be
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="info">
+ <adm:synopsis>
+ Messages with severity level of INFO or higher will be
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="verbose">
+ <adm:synopsis>
+ Messages with severity level of VERBOSE or higher will be
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="all">
+ <adm:synopsis>
+ Messages with any severity level will be logged.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-debug-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-debug-category" multi-valued="true">
+ <adm:synopsis>
+ The debug message categories to be logged when none of the defined
+ targets match the message.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Messages with any category will be logged if they have a
+ sufficient debug level.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="caught">
+ <adm:synopsis>Exception caught.</adm:synopsis>
+ </adm:value>
+ <adm:value name="constructor">
+ <adm:synopsis>Constructor entry.</adm:synopsis>
+ </adm:value>
+ <adm:value name="data">
+ <adm:synopsis>Raw data dump.</adm:synopsis>
+ </adm:value>
+ <adm:value name="database-access">
+ <adm:synopsis>Access to a backend database.</adm:synopsis>
+ </adm:value>
+ <adm:value name="enter">
+ <adm:synopsis>Method entry.</adm:synopsis>
+ </adm:value>
+ <adm:value name="exit">
+ <adm:synopsis>Method exit.</adm:synopsis>
+ </adm:value>
+ <adm:value name="message">
+ <adm:synopsis>Arbitrary debug message.</adm:synopsis>
+ </adm:value>
+ <adm:value name="protocol">
+ <adm:synopsis>Protocol element dump.</adm:synopsis>
+ </adm:value>
+ <adm:value name="thrown">
+ <adm:synopsis>Exception throw from method.</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-debug-category</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-omit-method-entry-arguments">
+ <adm:synopsis>
+ Indicates whether to include method arguments in debug
+ messages logged by default.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-default-omit-method-entry-arguments
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-omit-method-return-value">
+ <adm:synopsis>
+ Indicates whether to include the return value in debug
+ messages logged by default.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-omit-method-return-value</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-include-throwable-cause">
+ <adm:synopsis>
+ Indicates whether to include the cause of exceptions in
+ exception thrown and caught messages logged by default.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-include-throwable-cause</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-throwable-stack-frames">
+ <adm:synopsis>
+ Indicates the number of stack frames to include in the
+ stack trace for method entry and exception thrown messages.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2147483647</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-throwable-stack-frames</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugTargetConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugTargetConfiguration.xml
new file mode 100644
index 0000000..76ecda3
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DebugTargetConfiguration.xml
@@ -0,0 +1,249 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="debug-target" plural-name="debug-targets"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define the types of messages logged by the debug logPublisher.
+ </adm:synopsis>
+ <adm:description>
+ Debug targets allow for fine-grain control of which messages are logged
+ based on the package, class, or method that generated the message. Each
+ debug target configuration entry resides below the entry with RDN of
+ "cn=Debug Target" immediately below the parent ds-cfg-debug-log-publisher
+ entry.
+ </adm:description>
+ <adm:tag name="logging" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-debug-target</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="debug-scope" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies the fully-qualified <adm:product-name /> Java package, class, or method affected
+ by the settings in this target definition. Use the number
+ character (#) to separate the class name and the method name
+ (that is, org.opends.server.core.DirectoryServer#startUp).
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>
+ ^([A-Za-z][A-Za-z0-9_]*\\.)*[A-Za-z][A-Za-z0-9_]*(#[A-Za-z][A-Za-z0-9_]*)?$
+ </adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The fully-qualified <adm:product-name /> Java package, class, or method
+ name.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-debug-scope</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="debug-level" mandatory="true">
+ <adm:synopsis>
+ Specifies the lowest severity level of debug messages to log.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="disabled">
+ <adm:synopsis>No messages are logged.</adm:synopsis>
+ </adm:value>
+ <adm:value name="error">
+ <adm:synopsis>
+ Messages with severity level of ERROR or higher are
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warning">
+ <adm:synopsis>
+ Messages with severity level of WARNING or higher are
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="info">
+ <adm:synopsis>
+ Messages with severity level of INFO or higher are
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="verbose">
+ <adm:synopsis>
+ Messages with severity level of VERBOSE or higher are
+ logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="all">
+ <adm:synopsis>
+ Messages with any severity level are logged.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-debug-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="debug-category" multi-valued="true">
+ <adm:synopsis>
+ Specifies the debug message categories to be logged.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Messages with any category are logged if they have a
+ sufficient debug level.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="caught">
+ <adm:synopsis>Exception caught</adm:synopsis>
+ </adm:value>
+ <adm:value name="constructor">
+ <adm:synopsis>Constructor entry</adm:synopsis>
+ </adm:value>
+ <adm:value name="data">
+ <adm:synopsis>Raw data dump</adm:synopsis>
+ </adm:value>
+ <adm:value name="database-access">
+ <adm:synopsis>Access to a backend database.</adm:synopsis>
+ </adm:value>
+ <adm:value name="enter">
+ <adm:synopsis>Method entry</adm:synopsis>
+ </adm:value>
+ <adm:value name="exit">
+ <adm:synopsis>Method exit</adm:synopsis>
+ </adm:value>
+ <adm:value name="message">
+ <adm:synopsis>Arbitrary debug message</adm:synopsis>
+ </adm:value>
+ <adm:value name="protocol">
+ <adm:synopsis>Protocol element dump</adm:synopsis>
+ </adm:value>
+ <adm:value name="thrown">
+ <adm:synopsis>Exception thrown from method</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-debug-category</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="omit-method-entry-arguments">
+ <adm:synopsis>
+ Specifies the property to indicate whether to include method arguments in debug
+ messages.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-omit-method-entry-arguments</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="omit-method-return-value">
+ <adm:synopsis>
+ Specifies the property to indicate whether to include the return value in debug
+ messages.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-omit-method-return-value</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="include-throwable-cause">
+ <adm:synopsis>
+ Specifies the property to indicate whether to include the cause of exceptions in
+ exception thrown and caught messages.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-include-throwable-cause</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="throwable-stack-frames">
+ <adm:synopsis>
+ Specifies the property to indicate the number of stack frames to include in the
+ stack trace for method entry and exception thrown messages.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-throwable-stack-frames</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DictionaryPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DictionaryPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..e71c772
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DictionaryPasswordValidatorConfiguration.xml
@@ -0,0 +1,198 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 profiq, s.r.o.
+ ! Portions copyright 2012 ForgeRock AS.
+ ! -->
+<adm:managed-object name="dictionary-password-validator"
+ plural-name="dictionary-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ determines whether a proposed password is acceptable based
+ on whether the given password value appears in a provided dictionary
+ file.
+ </adm:synopsis>
+ <adm:description>
+ A large dictionary file is provided with the server, but the
+ administrator can supply an alternate dictionary. In this case,
+ then the dictionary must be a plain-text file with
+ one word per line.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-dictionary-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.DictionaryPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="dictionary-file" mandatory="true">
+ <adm:synopsis>
+ Specifies the path to the file containing a list of words that
+ cannot be used as passwords.
+ </adm:synopsis>
+ <adm:description>
+ It should be formatted with one word per line. The value can be an
+ absolute path or a path that is relative to the
+ <adm:product-name />
+ instance root.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ For Unix and Linux systems: config/wordlist.txt.
+ For Windows systems: config\\wordlist.txt
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ The path to any text file contained on the system that is
+ readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-dictionary-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="case-sensitive-validation" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator is to treat password
+ characters in a case-sensitive manner.
+ </adm:synopsis>
+ <adm:description>
+ If it is set to true, then the validator rejects a password only
+ if it appears in the dictionary with exactly the
+ same capitalization as provided by the user.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-case-sensitive-validation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="test-reversed-password" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator is to test the reversed
+ value of the provided password as well as the order in which it
+ was given.
+ </adm:synopsis>
+ <adm:description>
+ For example, if the user provides a new password of
+ "password" and this configuration attribute is set to true, then
+ the value "drowssap" is also tested against attribute values
+ in the user's entry.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-test-reversed-password</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="check-substrings" mandatory="false">
+ <adm:synopsis>
+ Indicates whether this password validator is to match portions of
+ the password string against dictionary words.
+ </adm:synopsis>
+ <adm:description>
+ If "false" then only match the entire password against words
+ otherwise ("true") check whether the password contains words.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-substrings</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-substring-length" mandatory="false">
+ <adm:synopsis>
+ Indicates the minimal length of the substring within the password
+ in case substring checking is enabled.
+ </adm:synopsis>
+ <adm:description>
+ If "check-substrings" option is set to true, then this parameter
+ defines the length of the smallest word which should be used for
+ substring matching. Use with caution because values below 3 might
+ disqualify valid passwords.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-substring-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DigestMD5SASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DigestMD5SASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..d95466d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DigestMD5SASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,211 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="digest-md5-sasl-mechanism-handler"
+ plural-name="digest-md5-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The DIGEST-MD5 SASL mechanism
+ is used to perform all processing related to SASL DIGEST-MD5
+ authentication.
+ </adm:synopsis>
+ <adm:description>
+ The DIGEST-MD5 SASL mechanism is very similar
+ to the CRAM-MD5 mechanism in that it allows for password-based
+ authentication without exposing the password in the clear
+ (although it does require that both the client and the server
+ have access to the clear-text password). Like the CRAM-MD5
+ mechanism, it uses data that is randomly generated by the server
+ to make it resistant to replay attacks, but it also includes
+ randomly-generated data from the client, which makes it also
+ resistant to problems resulting from weak server-side random
+ number generation.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-digest-md5-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.DigestMD5SASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="realm">
+ <adm:synopsis>
+ Specifies the realms that is to be used by the server for
+ DIGEST-MD5 authentication.
+ </adm:synopsis>
+ <adm:description>
+ If this value is not provided, then the server defaults to use the fully
+ qualified hostname of the machine.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If this value is not provided, then the server defaults to use the fully
+ qualified hostname of the machine.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any realm string that does not contain a comma.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-realm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="quality-of-protection">
+ <adm:synopsis>
+ The name of a property that specifies the quality of protection
+ the server will support.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>none</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="none">
+ <adm:synopsis>
+ QOP equals authentication only.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="integrity">
+ <adm:synopsis>
+ Quality of protection equals authentication with integrity
+ protection.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="confidentiality">
+ <adm:synopsis>
+ Quality of protection equals authentication with integrity and
+ confidentiality protection.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-quality-of-protection</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="identity-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication
+ or authorization
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="server-fqdn">
+ <adm:synopsis>
+ Specifies the DNS-resolvable fully-qualified domain name for the
+ server that is used when validating the digest-uri parameter during
+ the authentication process.
+ </adm:synopsis>
+ <adm:description>
+ If this configuration attribute is
+ present, then the server expects that clients use a digest-uri equal
+ to "ldap/" followed by the value of this attribute. For example, if
+ the attribute has a value of "directory.example.com", then the
+ server expects clients to use a digest-uri of
+ "ldap/directory.example.com". If no value is provided, then the
+ server does not attempt to validate the digest-uri provided by the
+ client and accepts any value.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to determine the
+ fully-qualified domain name dynamically.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The fully-qualified address that is expected for clients to use
+ when connecting to the server and authenticating via DIGEST-MD5.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-server-fqdn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DirectoryStringAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DirectoryStringAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..5102300
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DirectoryStringAttributeSyntaxConfiguration.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="directory-string-attribute-syntax"
+ plural-name="directory-string-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ defines an attribute syntax for storing arbitrary string (and
+ sometimes binary) data.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-directory-string-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.DirectoryStringSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="allow-zero-length-values" advanced="true">
+ <adm:synopsis>
+ Indicates whether zero-length (that is, an empty string) values are
+ allowed.
+ </adm:synopsis>
+ <adm:description>
+ This is technically not allowed by the revised LDAPv3
+ specification, but some environments may require it for backward
+ compatibility with servers that do allow it.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-zero-length-values</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DseeCompatAccessControlHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DseeCompatAccessControlHandlerConfiguration.xml
new file mode 100644
index 0000000..81b013e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DseeCompatAccessControlHandlerConfiguration.xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="dsee-compat-access-control-handler"
+ plural-name="dseecompat-access-control-handlers"
+ package="org.forgerock.opendj.admin" extends="access-control-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides an implementation that uses syntax compatible with the
+ Sun Java System Directory Server Enterprise Edition
+ access control handlers.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-dsee-compat-access-control-handler</ldap:name>
+ <ldap:superior>ds-cfg-access-control-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.authorization.dseecompat.AciHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="global-aci" multi-valued="true">
+ <adm:synopsis>Defines global access control rules.</adm:synopsis>
+ <adm:description>
+ Global access control rules apply to all entries anywhere in the
+ data managed by the <adm:product-name /> directory server. The global access control
+ rules may be overridden by more specific access control rules
+ placed in the data.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No global access control rules are defined, which means
+ that no access is allowed for any data in the server
+ unless specifically granted by access control rules in the
+ data.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aci />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-global-aci</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DynamicGroupImplementationConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DynamicGroupImplementationConfiguration.xml
new file mode 100644
index 0000000..cbfc9c9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/DynamicGroupImplementationConfiguration.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="dynamic-group-implementation"
+ plural-name="dynamic-group-implementations"
+ package="org.forgerock.opendj.admin" extends="group-implementation"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a grouping mechanism in which the group membership is
+ determined based on criteria defined in one or more LDAP URLs.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-dynamic-group-implementation</ldap:name>
+ <ldap:superior>ds-cfg-group-implementation</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.extensions.DynamicGroup</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntityTagVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntityTagVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..2c6c4b5
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntityTagVirtualAttributeConfiguration.xml
@@ -0,0 +1,125 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="entity-tag-virtual-attribute"
+ plural-name="entity-tag-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The <adm:user-friendly-name /> ensures that all entries contain an
+ "entity tag" or "Etag" as defined in section 3.11 of RFC 2616.
+ </adm:synopsis>
+ <adm:description>
+ The entity tag may be used by clients, in conjunction with the assertion
+ control, for optimistic concurrency control, as a way to help prevent
+ simultaneous updates of an entry from conflicting with each other.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entity-tag-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.EntityTagVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>real-overrides-virtual</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>etag</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="checksum-algorithm">
+ <adm:synopsis>
+ The algorithm which should be used for calculating the entity tag
+ checksum value.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>adler-32</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="adler-32">
+ <adm:synopsis>
+ The Adler-32 checksum algorithm which is almost as reliable as
+ a CRC-32 but can be computed much faster.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="crc-32">
+ <adm:synopsis>
+ The CRC-32 checksum algorithm.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-checksum-algorithm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="excluded-attribute" multi-valued="true">
+ <adm:synopsis>
+ The list of attributes which should be ignored when calculating the
+ entity tag checksum value.
+ </adm:synopsis>
+ <adm:description>
+ Certain attributes like "ds-sync-hist" may vary between replicas due to
+ different purging schedules and should not be included in the checksum.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>ds-sync-hist</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-excluded-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheConfiguration.xml
new file mode 100644
index 0000000..0493174
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheConfiguration.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="entry-cache" plural-name="entry-caches"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for caching entries which are likely to be accessed
+ by client applications in order to improve <adm:product-name /> directory server
+ performance.
+ </adm:synopsis>
+ <adm:tag name="database" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entry-cache</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.EntryCache
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="cache-level" mandatory="true">
+ <adm:synopsis>
+ Specifies the cache level in the cache order if more than
+ one instance of the cache is configured.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cache-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..3ef0add
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryCacheMonitorProviderConfiguration.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="entry-cache-monitor-provider"
+ plural-name="entry-cache-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ exposes monitor information about the state of <adm:product-name /> directory server
+ entry caches.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entry-cache-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.EntryCacheMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryDNVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryDNVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..03e662d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryDNVirtualAttributeConfiguration.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="entry-dn-virtual-attribute"
+ plural-name="entry-dn-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates the entryDN operational attribute in directory entries,
+ which contains a normalized form of the entry's DN.
+ </adm:synopsis>
+ <adm:description>
+ This attribute is defined in the draft-zeilenga-ldap-entrydn
+ Internet Draft and contains the DN of the entry in which it is
+ contained.
+ This component provides the ability to use search filters containing the
+ entry's DN.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entry-dn-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.EntryDNVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>entryDN</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDPluginConfiguration.xml
new file mode 100644
index 0000000..84e3447
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDPluginConfiguration.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="entry-uuid-plugin"
+ plural-name="entry-uuid-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates values for the entryUUID operational attribute
+ whenever an entry is added via protocol or imported from LDIF.
+ </adm:synopsis>
+ <adm:description>
+ The entryUUID plug-in ensures that all entries
+ added to the server, whether through an LDAP add operation or via
+ an LDIF import, are assigned an entryUUID operational attribute if
+ they do not already have one. The entryUUID attribute contains a
+ universally unique identifier that can be used to identify an entry
+ in a manner that does not change (even in the event of a modify DN
+ operation). This plug-in generates a random UUID for entries created
+ by an add operation, but the UUID is constructed from the DN of the
+ entry during an LDIF import (which means that the same LDIF file
+ can be imported on different systems but still get the same value
+ for the entryUUID attribute). This behavior is based on the
+ specification contained in RFC 4530. The implementation for the
+ entry UUID plug-in is contained in the
+ org.opends.server.plugins.EntryUUIDPlugin class. It must be
+ configured with the preOperationAdd and ldifImport plug-in types,
+ but it does not have any other custom configuration. This
+ plug-in must be enabled in any directory that is intended to be used
+ in a synchronization environment.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entry-uuid-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.plugins.EntryUUIDPlugin</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>ldifimport</adm:value>
+ <adm:value>preoperationadd</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..782432a
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/EntryUUIDVirtualAttributeConfiguration.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="entry-uuid-virtual-attribute"
+ plural-name="entry-uuid-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ ensures that all entries contained in private backends
+ have values for the entryUUID operational attribute.
+ </adm:synopsis>
+ <adm:description>
+ The entryUUID values are generated based on a normalized
+ representation of the entry's DN, which does not cause a
+ consistency problem because <adm:product-name /> does not allow modify DN
+ operations to be performed in private backends.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-entry-uuid-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.EntryUUIDVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>real-overrides-virtual</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>entryUUID</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogAccountStatusNotificationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogAccountStatusNotificationHandlerConfiguration.xml
new file mode 100644
index 0000000..6db4bd8
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogAccountStatusNotificationHandlerConfiguration.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="error-log-account-status-notification-handler"
+ plural-name="error-log-account-status-notification-handlers"
+ extends="account-status-notification-handler"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a notification handler that writes information
+ to the server error log whenever an appropriate account status event
+ occurs.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-error-log-account-status-notification-handler
+ </ldap:name>
+ <ldap:superior>
+ ds-cfg-account-status-notification-handler
+ </ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ErrorLogAccountStatusNotificationHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="account-status-notification-type" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Indicates which types of event can trigger an account status notification.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="account-temporarily-locked">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been temporarily
+ locked after too many failed attempts.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-permanently-locked">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been permanently
+ locked after too many failed attempts.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-unlocked">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been unlocked by an
+ administrator.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-idle-locked">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been locked
+ because it was idle for too long.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-reset-locked">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been locked,
+ because the password had been reset by an administrator but not changed
+ by the user within the required interval.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-disabled">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been disabled by an
+ administrator.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-enabled">
+ <adm:synopsis>
+ Generate a notification whenever a user account has been enabled by an
+ administrator.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="account-expired">
+ <adm:synopsis>
+ Generate a notification whenever a user authentication has failed
+ because the account has expired.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-expired">
+ <adm:synopsis>
+ Generate a notification whenever a user authentication has failed
+ because the password has expired.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-expiring">
+ <adm:synopsis>
+ Generate a notification whenever a password expiration
+ warning is encountered for a user password for the first time.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-reset">
+ <adm:synopsis>
+ Generate a notification whenever a user's password is reset by an
+ administrator.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-changed">
+ <adm:synopsis>
+ Generate a notification whenever a user changes his/her own
+ password.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-account-status-notification-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogPublisherConfiguration.xml
new file mode 100644
index 0000000..ede08e9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ErrorLogPublisherConfiguration.xml
@@ -0,0 +1,195 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="error-log-publisher"
+ plural-name="error-log-publishers"
+ package="org.forgerock.opendj.admin" extends="log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for distributing error log messages from the error
+ logger to a destination.
+ </adm:synopsis>
+ <adm:description>
+ Error log messages provide information about any warnings, errors,
+ or significant events that are encountered during server processing.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-error-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.api.ErrorLogPublisher</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="default-severity" multi-valued="true">
+ <adm:synopsis>
+ Specifies the default severity levels for the logger.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>fatal-error</adm:value>
+ <adm:value>severe-warning</adm:value>
+ <adm:value>severe-error</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="all">
+ <adm:synopsis>
+ Messages of all severity levels are logged.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="none">
+ <adm:synopsis>
+ No messages of any severity are logged by default. This
+ value is intended to be used in conjunction with the
+ override-severity property to define an error logger that
+ will publish no error message beside the errors of a given
+ category.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="fatal-error">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about fatal errors which may force the
+ server to shut down or operate in a significantly degraded
+ state.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="info">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about significant events within the
+ server that are not warnings or errors.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="mild-error">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about mild (recoverable) errors
+ encountered during processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="mild-warning">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about mild warnings triggered during
+ processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="notice">
+ <adm:synopsis>
+ The error log severity that is used for the most
+ important informational messages (i.e., information that
+ should almost always be logged but is not associated with a
+ warning or error condition).
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="severe-error">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about severe errors encountered during
+ processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="severe-warning">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide information about severe warnings triggered during
+ processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="debug">
+ <adm:synopsis>
+ The error log severity that is used for messages that
+ provide debugging information triggered during processing.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-severity</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="override-severity" multi-valued="true">
+ <adm:TODO>
+ This should be split into per-category properties whose value
+ defaults to the default-severity. See issue 2503.
+ </adm:TODO>
+ <adm:synopsis>
+ Specifies the override severity levels for the logger
+ based on the category of the messages.
+ </adm:synopsis>
+ <adm:description>
+ Each override severity level should include the category and the
+ severity levels to log for that category, for example,
+ core=mild-error,info,mild-warning. Valid categories are: core,
+ extensions, protocol, config, log, util, schema, plugin, jeb,
+ backend, tools, task, access-control, admin, sync, version,
+ quicksetup, admin-tool, dsconfig, user-defined. Valid severities
+ are: all, fatal-error, info, mild-error, mild-warning, notice,
+ severe-error, severe-warning, debug.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All messages with the default severity levels are logged.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ A string in the form category=severity1,severity2...
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-override-severity</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExactMatchIdentityMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExactMatchIdentityMapperConfiguration.xml
new file mode 100644
index 0000000..90d9208
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExactMatchIdentityMapperConfiguration.xml
@@ -0,0 +1,112 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="exact-match-identity-mapper"
+ plural-name="exact-match-identity-mappers"
+ package="org.forgerock.opendj.admin" extends="identity-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maps an identifier string to user entries by searching for the entry
+ containing a specified attribute whose value is the provided
+ identifier. For example, the username provided by the client for DIGEST-MD5
+ authentication must match the value of the uid attribute
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-exact-match-identity-mapper</ldap:name>
+ <ldap:superior>ds-cfg-identity-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ExactMatchIdentityMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="match-attribute" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the attribute whose value should exactly match the ID
+ string provided to this identity mapper.
+ </adm:synopsis>
+ <adm:description>
+ At least one value must be provided. All values must refer to the
+ name or OID of an attribute type defined in the directory server
+ schema. If multiple attributes or OIDs are provided, at least one of
+ those attributes must contain the provided ID string value in exactly
+ one entry. The internal search performed includes a logical OR across
+ all of these values.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ uid
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="match-base-dn" mandatory="false" multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of base DNs below which to search for users.
+ </adm:synopsis>
+ <adm:description>
+ The base DNs will be used when performing searches to map the
+ provided ID string to a user entry. If multiple values are given, searches
+ are performed below all specified base DNs.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server searches below all public naming contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..f9d2564
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="extended-operation-handler"
+ plural-name="extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ processes the different types of extended operations in the server.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-extended-operation-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled (that is, whether the types of extended operations
+ are allowed in the server).
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.ExtendedOperationHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtensionConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtensionConfiguration.xml
new file mode 100644
index 0000000..fef4b22
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExtensionConfiguration.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="extension"
+ plural-name="extensions"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ allows to extend the configuration with new type of objects.
+ </adm:synopsis>
+ <adm:description>
+ It is an entry point for extensions that requires configuration objects
+ that does not inherit from an existing top-level object.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-extension</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.Extension
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalChangelogDomainConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalChangelogDomainConfiguration.xml
new file mode 100644
index 0000000..9fd8ce9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalChangelogDomainConfiguration.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! Portions copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="external-changelog-domain"
+ plural-name="external-changelog-domains"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides configuration of the external changelog for the replication domain.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-external-changelog-domain</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ecl-include" multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ Specifies a list of attributes which should be published with every
+ change log entry, regardless of whether or not the attribute itself
+ has changed.
+ </adm:synopsis>
+ <adm:description>
+ The list of attributes may include wild cards such as "*" and "+" as
+ well as object class references prefixed with an ampersand, for
+ example "@person".
+ The included attributes will be published using the "includedAttributes"
+ operational attribute as a single LDIF value rather like the
+ "changes" attribute. For modify and modifyDN operations the included
+ attributes will be taken from the entry before any changes were applied.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <!-- FIXME: can we constrain this with a regex? -->
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ecl-include</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ecl-include-for-deletes" multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ Specifies a list of attributes which should be published with every
+ delete operation change log entry, in addition to those specified by the
+ "ecl-include" property.
+ </adm:synopsis>
+ <adm:description>
+ This property provides a means for applications to archive entries after
+ they have been deleted. See the description of the "ecl-include" property
+ for further information about how the included attributes are published.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <!-- FIXME: can we constrain this with a regex? -->
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ecl-include-for-deletes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalSASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalSASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..238db89
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ExternalSASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,139 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="external-sasl-mechanism-handler"
+ plural-name="external-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ performs all processing related to SASL EXTERNAL
+ authentication.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-external-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ExternalSASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="certificate-validation-policy" mandatory="true">
+ <adm:synopsis>
+ Indicates whether to attempt to validate the peer certificate
+ against a certificate held in the user's entry.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="always">
+ <adm:synopsis>
+ Always require the peer certificate to be present in the
+ user's entry.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ifpresent">
+ <adm:synopsis>
+ If the user's entry contains one or more certificates,
+ require that one of them match the peer certificate.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="never">
+ <adm:synopsis>
+ Do not look for the peer certificate to be present in the
+ user's entry.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-certificate-validation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="certificate-attribute">
+ <adm:synopsis>
+ Specifies the name of the attribute to hold user
+ certificates.
+ </adm:synopsis>
+ <adm:description>
+ This property must specify the name of a valid attribute type defined in
+ the server schema.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>userCertificate</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-certificate-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="certificate-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the certificate mapper that should be used
+ to match client certificates to user entries.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="certificate-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced certificate mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-certificate-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FIFOEntryCacheConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FIFOEntryCacheConfiguration.xml
new file mode 100644
index 0000000..c33e022
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FIFOEntryCacheConfiguration.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="fifo-entry-cache"
+ plural-name="fifo-entry-caches" package="org.forgerock.opendj.admin"
+ extends="entry-cache" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ use a FIFO queue to keep track of the cached entries.
+ </adm:synopsis>
+ <adm:description>
+ Entries that have been in the cache the longest are the most likely
+ candidates for purging if space is needed. In contrast to other
+ cache structures, the selection of entries to purge is not based on
+ how frequently or recently the entries have been accessed. This
+ requires significantly less locking (it will only be required when
+ an entry is added or removed from the cache, rather than each time
+ an entry is accessed). Cache sizing is based on the percentage of
+ free memory within the JVM, such that if enough memory is free, then
+ adding an entry to the cache will not require purging, but if more
+ than a specified percentage of the available memory within the JVM
+ is already consumed, then one or more entries will need to be
+ removed in order to make room for a new entry. It is also possible
+ to configure a maximum number of entries for the cache. If this is
+ specified, then the number of entries will not be allowed to exceed
+ this value, but it may not be possible to hold this many entries if
+ the available memory fills up first. Other configurable parameters
+ for this cache include the maximum length of time to block while
+ waiting to acquire a lock, and a set of filters that may be used to
+ define criteria for determining which entries are stored in the
+ cache. If a filter list is provided, then only entries matching at
+ least one of the given filters will be stored in the cache.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-fifo-entry-cache</ldap:name>
+ <ldap:superior>ds-cfg-entry-cache</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.FIFOEntryCache
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="lock-timeout" advanced="true">
+ <adm:synopsis>
+ Specifies the length of time to wait while attempting to acquire a read or
+ write lock.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2000.0ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0"
+ allow-unlimited="true" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lock-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-memory-percent">
+ <adm:synopsis>
+ Specifies the maximum memory usage for the entry cache as a percentage of
+ the total JVM memory.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>90</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="100" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-memory-percent</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-entries">
+ <adm:synopsis>
+ Specifies the maximum number of entries that we will allow in the cache.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2147483647</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-entries</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="include-filter" />
+ <adm:property-reference name="exclude-filter" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAccessLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAccessLogPublisherConfiguration.xml
new file mode 100644
index 0000000..289b179
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAccessLogPublisherConfiguration.xml
@@ -0,0 +1,366 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2011 ForgeRock AS.
+ ! -->
+<adm:managed-object name="file-based-access-log-publisher"
+ plural-name="file-based-access-log-publishers"
+ package="org.forgerock.opendj.admin" extends="access-log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish access messages to the file system.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-access-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-access-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.TextAccessLogPublisher
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="asynchronous" mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ will publish records asynchronously.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-asynchronous</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ The maximum number of log records that can be stored in the
+ asynchronous queue.
+ </adm:synopsis>
+ <adm:description>
+ Setting the queue size to zero activates parallel log writer
+ implementation which has no queue size limit and as such the
+ parallel log writer should only be used on a very well tuned
+ server configuration to avoid potential out of memory errors.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The <adm:user-friendly-name /> must be restarted if this property
+ is changed and the asynchronous property is set to true.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file" mandatory="true">
+ <adm:synopsis>
+ The file name to use for the log files generated by the
+ <adm:user-friendly-name />.
+ The path to the file is relative to the server root.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file-permissions" mandatory="true">
+ <adm:synopsis>
+ The UNIX permissions of the log files created by this
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>640</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^([0-7][0-7][0-7])$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ A valid UNIX mode string. The mode string must contain
+ three digits between zero and seven.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the interval at which to check whether the log files
+ need to be rotated.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>Specifies the log file buffer size.</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>64kb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="auto-flush" advanced="true">
+ <adm:synopsis>
+ Specifies whether to flush the writer after every log record.
+ </adm:synopsis>
+ <adm:description>
+ If the asynchronous writes option is used, the writer is
+ flushed after all the log records in the queue are written.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-auto-flush</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="append">
+ <adm:synopsis>
+ Specifies whether to append to existing log files.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-append</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rotation-policy" multi-valued="true">
+ <adm:synopsis>
+ The rotation policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, rotation will occur if any
+ policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No rotation policy is used and log rotation will not occur.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-rotation-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="retention-policy" multi-valued="true">
+ <adm:synopsis>
+ The retention policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, log files are cleaned when
+ any of the policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No retention policy is used and log files are never cleaned.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-retention-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-retention-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-format">
+ <adm:synopsis>
+ Specifies how log records should be formatted and written to the access log.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>multi-line</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="combined">
+ <adm:synopsis>
+ Combine log records for operation requests and responses into a
+ single record. This format should be used when log records are to
+ be filtered based on response criteria (e.g. result code).
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="multi-line">
+ <adm:synopsis>
+ Outputs separate log records for operation requests and responses.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-record-time-format">
+ <adm:synopsis>
+ Specifies the format string that is used to generate log record
+ timestamps.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>dd/MMM/yyyy:HH:mm:ss Z</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-record-time-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-control-oids">
+ <adm:synopsis>
+ Specifies whether control OIDs will be included in operation log records.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-control-oids</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAuditLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAuditLogPublisherConfiguration.xml
new file mode 100644
index 0000000..102af0f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedAuditLogPublisherConfiguration.xml
@@ -0,0 +1,288 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 ForgeRock AS.
+ ! -->
+<adm:managed-object name="file-based-audit-log-publisher"
+ plural-name="file-based-audit-log-publishers"
+ package="org.forgerock.opendj.admin" extends="access-log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish access messages to the file system.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-audit-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-access-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.TextAuditLogPublisher
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="asynchronous" mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ will publish records asynchronously.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-asynchronous</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ The maximum number of log records that can be stored in the
+ asynchronous queue.
+ </adm:synopsis>
+ <adm:description>
+ Setting the queue size to zero activates parallel log writer
+ implementation which has no queue size limit and as such the
+ parallel log writer should only be used on a very well tuned
+ server configuration to avoid potential out of memory errors.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The <adm:user-friendly-name /> must be restarted if this property
+ is changed and the asynchronous property is set to true.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file" mandatory="true">
+ <adm:synopsis>
+ The file name to use for the log files generated by the
+ <adm:user-friendly-name />.
+ The path to the file is relative to the server root.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file-permissions" mandatory="true">
+ <adm:synopsis>
+ The UNIX permissions of the log files created by this
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>640</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^([0-7][0-7][0-7])$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ A valid UNIX mode string. The mode string must contain
+ three digits between zero and seven.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the interval at which to check whether the log files
+ need to be rotated.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>Specifies the log file buffer size.</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>64kb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="auto-flush" advanced="true">
+ <adm:synopsis>
+ Specifies whether to flush the writer after every log record.
+ </adm:synopsis>
+ <adm:description>
+ If the asynchronous writes option is used, the writer is
+ flushed after all the log records in the queue are written.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-auto-flush</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="append">
+ <adm:synopsis>
+ Specifies whether to append to existing log files.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-append</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rotation-policy" multi-valued="true">
+ <adm:synopsis>
+ The rotation policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, rotation will occur if any
+ policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No rotation policy is used and log rotation will not occur.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-rotation-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="retention-policy" multi-valued="true">
+ <adm:synopsis>
+ The retention policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, log files are cleaned when
+ any of the policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No retention policy is used and log files are never cleaned.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-retention-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-retention-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedDebugLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedDebugLogPublisherConfiguration.xml
new file mode 100644
index 0000000..60099ac
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedDebugLogPublisherConfiguration.xml
@@ -0,0 +1,271 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="file-based-debug-log-publisher"
+ plural-name="file-based-debug-log-publishers"
+ package="org.forgerock.opendj.admin" extends="debug-log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish debug messages to the file system.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-debug-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-debug-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.debug.TextDebugLogPublisher
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="asynchronous" mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ will publish records asynchronously.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-asynchronous</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ The maximum number of log records that can be stored in the
+ asynchronous queue.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file" mandatory="true">
+ <adm:synopsis>
+ The file name to use for the log files generated by the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ The path to the file is relative to the server root.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file-permissions" mandatory="true">
+ <adm:synopsis>
+ The UNIX permissions of the log files created by this
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>640</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^([0-7][0-7][0-7])$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ A valid UNIX mode string. The mode string must contain
+ three digits between zero and seven.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the interval at which to check whether the log files
+ need to be rotated.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>Specifies the log file buffer size.</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>64kb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="auto-flush" advanced="true">
+ <adm:synopsis>
+ Specifies whether to flush the writer after every log record.
+ </adm:synopsis>
+ <adm:description>
+ If the asynchronous writes option is used, the writer is
+ flushed after all the log records in the queue are written.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-auto-flush</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="append">
+ <adm:synopsis>
+ Specifies whether to append to existing log files.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-append</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rotation-policy" multi-valued="true">
+ <adm:synopsis>
+ The rotation policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, rotation will occur if any
+ policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No rotation policy is used and log rotation will not occur.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-rotation-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="retention-policy" multi-valued="true">
+ <adm:synopsis>
+ The retention policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, log files are cleaned when
+ any of the policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No retention policy is used and log files are never
+ cleaned.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-retention-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-retention-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedErrorLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedErrorLogPublisherConfiguration.xml
new file mode 100644
index 0000000..970270a
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedErrorLogPublisherConfiguration.xml
@@ -0,0 +1,271 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="file-based-error-log-publisher"
+ plural-name="file-based-error-log-publishers"
+ package="org.forgerock.opendj.admin" extends="error-log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish error messages to the file system.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-error-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-error-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.TextErrorLogPublisher
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="asynchronous" mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ will publish records asynchronously.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-asynchronous</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ The maximum number of log records that can be stored in the
+ asynchronous queue.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file" mandatory="true">
+ <adm:synopsis>
+ The file name to use for the log files generated by the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ The path to the file is relative to the server root.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file-permissions" mandatory="true">
+ <adm:synopsis>
+ The UNIX permissions of the log files created by this
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>640</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^([0-7][0-7][0-7])$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ A valid UNIX mode string. The mode string must contain
+ three digits between zero and seven.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the interval at which to check whether the log files
+ need to be rotated.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>Specifies the log file buffer size.</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>64kb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="auto-flush" advanced="true">
+ <adm:synopsis>
+ Specifies whether to flush the writer after every log record.
+ </adm:synopsis>
+ <adm:description>
+ If the asynchronous writes option is used, the writer will be
+ flushed after all the log records in the queue are written.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-auto-flush</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="append">
+ <adm:synopsis>
+ Specifies whether to append to existing log files.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-append</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rotation-policy" multi-valued="true">
+ <adm:synopsis>
+ The rotation policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, rotation will occur if any
+ policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No rotation policy is used and log rotation will not occur.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-rotation-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="retention-policy" multi-valued="true">
+ <adm:synopsis>
+ The retention policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, log files will be cleaned when
+ any of the policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No retention policy is used and log files will never be
+ cleaned.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-retention-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-retention-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedHTTPAccessLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedHTTPAccessLogPublisherConfiguration.xml
new file mode 100644
index 0000000..5cc8bb0
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedHTTPAccessLogPublisherConfiguration.xml
@@ -0,0 +1,361 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="file-based-http-access-log-publisher"
+ plural-name="file-based-http-access-log-publishers"
+ package="org.forgerock.opendj.admin" extends="http-access-log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish HTTP access messages to the file system.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-http-access-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-http-access-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.TextHTTPAccessLogPublisher
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="asynchronous" mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ will publish records asynchronously.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-asynchronous</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ The maximum number of log records that can be stored in the
+ asynchronous queue.
+ </adm:synopsis>
+ <adm:description>
+ Setting the queue size to zero activates parallel log writer
+ implementation which has no queue size limit and as such the
+ parallel log writer should only be used on a very well tuned
+ server configuration to avoid potential out of memory errors.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The <adm:user-friendly-name /> must be restarted if this property
+ is changed and the asynchronous property is set to true.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file" mandatory="true">
+ <adm:synopsis>
+ The file name to use for the log files generated by the
+ <adm:user-friendly-name />.
+ The path to the file is relative to the server root.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file-permissions" mandatory="true">
+ <adm:synopsis>
+ The UNIX permissions of the log files created by this
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>640</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^([0-7][0-7][0-7])$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ A valid UNIX mode string. The mode string must contain
+ three digits between zero and seven.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the interval at which to check whether the log files
+ need to be rotated.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>Specifies the log file buffer size.</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>64kb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="auto-flush" advanced="true">
+ <adm:synopsis>
+ Specifies whether to flush the writer after every log record.
+ </adm:synopsis>
+ <adm:description>
+ If the asynchronous writes option is used, the writer is
+ flushed after all the log records in the queue are written.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-auto-flush</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="append">
+ <adm:synopsis>
+ Specifies whether to append to existing log files.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-append</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rotation-policy" multi-valued="true">
+ <adm:synopsis>
+ The rotation policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, rotation will occur if any
+ policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No rotation policy is used and log rotation will not occur.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-rotation-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="retention-policy" multi-valued="true">
+ <adm:synopsis>
+ The retention policy to use for the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:description>
+ When multiple policies are used, log files are cleaned when
+ any of the policy's conditions are met.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No retention policy is used and log files are never cleaned.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation parent-path="/"
+ relation-name="log-retention-policy" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-retention-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-format">
+ <adm:synopsis>
+ Specifies how log records should be formatted and written to the HTTP
+ access log.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>cs-host c-ip cs-username x-datetime cs-method cs-uri-query
+ cs-version sc-status cs(User-Agent) x-connection-id x-etime</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>[a-zA-Z0-9-()]+( [a-zA-Z0-9-()]+)*</adm:regex>
+ <adm:usage>FORMAT</adm:usage>
+ <adm:synopsis>
+ A space separated list of fields describing the extended log format
+ to be used for logging HTTP accesses. Available values are listed on
+ the W3C working draft http://www.w3.org/TR/WD-logfile.html
+ and Microsoft website
+ http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/676400bc-8969-4aa7-851a-9319490a9bbb.mspx?mfr=true
+
+ OpenDJ supports the following standard fields: "c-ip", "c-port",
+ "cs-host", "cs-method", "cs-uri-query", "cs(User-Agent)",
+ "cs-username", "cs-version", "s-computername", "s-ip", "s-port",
+ "sc-status".
+
+ OpenDJ supports the following application specific field extensions:
+ "x-connection-id" displays the internal connection ID assigned to
+ the HTTP client connection, "x-datetime" displays the completion
+ date and time for the logged HTTP request and its ouput is
+ controlled by the "ds-cfg-log-record-time-format" property,
+ "x-etime" displays the total execution time for the logged HTTP
+ request.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-record-time-format">
+ <adm:synopsis>
+ Specifies the format string that is used to generate log record
+ timestamps.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>dd/MMM/yyyy:HH:mm:ss Z</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-record-time-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedKeyManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedKeyManagerProviderConfiguration.xml
new file mode 100644
index 0000000..7360d6a
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedKeyManagerProviderConfiguration.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="file-based-key-manager-provider"
+ plural-name="file-based-key-manager-providers"
+ package="org.forgerock.opendj.admin" extends="key-manager-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ can be used to obtain the server certificate from a key store file on
+ the local file system.
+ </adm:synopsis>
+ <adm:description>
+ Multiple file formats may be supported, depending on the providers
+ supported by the underlying Java runtime environment.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-key-manager-provider</ldap:name>
+ <ldap:superior>ds-cfg-key-manager-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.FileBasedKeyManagerProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="key-store-file" mandatory="true">
+ <adm:TODO>Should use a file-based property definition?</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the file that contains the private key
+ information. This may be an absolute path, or a path that is
+ relative to the
+ <adm:product-name />
+ instance root.
+ </adm:synopsis>
+ <adm:description>
+ Changes to this property will take effect the next
+ time that the key manager is accessed.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-store-type">
+ <adm:TODO>
+ Can we restrict this to an enumeration? How can the client guess
+ which values are possible? What is the default value?
+ </adm:TODO>
+ <adm:synopsis>
+ Specifies the format for the data in the key store file.
+ </adm:synopsis>
+ <adm:description>
+ Valid values should always include 'JKS' and 'PKCS12', but
+ different implementations may allow other values as well. If no
+ value is provided, the JVM-default value is used.
+ Changes to this configuration attribute will take effect the next
+ time that the key manager is accessed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any key store format supported by the Java runtime environment.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="key-store-pin" />
+ <adm:property-reference name="key-store-pin-property" />
+ <adm:property-reference name="key-store-pin-environment-variable" />
+ <adm:property-reference name="key-store-pin-file" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedTrustManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedTrustManagerProviderConfiguration.xml
new file mode 100644
index 0000000..77c2fa2
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileBasedTrustManagerProviderConfiguration.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="file-based-trust-manager-provider"
+ plural-name="file-based-trust-manager-providers"
+ package="org.forgerock.opendj.admin" extends="trust-manager-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The file-based trust manager provider determines whether to trust a
+ presented certificate based on whether that certificate exists in a
+ server trust store file.
+ </adm:synopsis>
+ <adm:description>
+ The trust store file can be in either JKS
+ (the default Java key store format) or PKCS#12 (a standard
+ certificate format) form.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-based-trust-manager-provider</ldap:name>
+ <ldap:superior>ds-cfg-trust-manager-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.FileBasedTrustManagerProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="trust-store-file" mandatory="true">
+ <adm:TODO>Should use a file-based property definition?</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the file containing the trust information.
+ It can be an absolute path or a path that is relative to the
+ <adm:product-name />
+ instance root.
+ </adm:synopsis>
+ <adm:description>
+ Changes to this configuration attribute take effect the next
+ time that the trust manager is accessed.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ An absolute path or a path that is relative to the <adm:product-name /> directory server instance root.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-type">
+ <adm:TODO>
+ Can we restrict this to an enumeration? How can the client guess
+ which values are possible? What is the default value?
+ </adm:TODO>
+ <adm:synopsis>
+ Specifies the format for the data in the trust store file.
+ </adm:synopsis>
+ <adm:description>
+ Valid values always include 'JKS' and 'PKCS12', but different
+ implementations can allow other values as well. If no value is
+ provided, then the JVM default value is used. Changes to this
+ configuration attribute take effect the next time that the
+ trust manager is accessed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="trust-store-pin" />
+ <adm:property-reference name="trust-store-pin-property" />
+ <adm:property-reference name="trust-store-pin-environment-variable" />
+ <adm:property-reference name="trust-store-pin-file" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileCountLogRetentionPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileCountLogRetentionPolicyConfiguration.xml
new file mode 100644
index 0000000..7d03d16
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileCountLogRetentionPolicyConfiguration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="file-count-log-retention-policy"
+ plural-name="file-count-log-retention-policies"
+ package="org.forgerock.opendj.admin" extends="log-retention-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Retention policy based on the number of rotated log files on disk.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-count-log-retention-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-retention-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.FileNumberRetentionPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="number-of-files" mandatory="true">
+ <adm:synopsis>
+ Specifies the number of archived log files to retain before the
+ oldest ones are cleaned.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-number-of-files</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileSystemEntryCacheConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileSystemEntryCacheConfiguration.xml
new file mode 100644
index 0000000..7869b78
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FileSystemEntryCacheConfiguration.xml
@@ -0,0 +1,304 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="file-system-entry-cache"
+ plural-name="file-system-entry-caches"
+ package="org.forgerock.opendj.admin" extends="entry-cache"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is an entry cache implementation which uses a JE database to keep
+ track of the entries.
+ </adm:synopsis>
+ <adm:description>
+ For best performance, the JE database should reside in a memory
+ based file system although any file system will do for this cache
+ to function. Entries are maintained either by FIFO (default) or LRU-based
+ (configurable) list implementation. Cache sizing is based on
+ the size of free space available in the file system, such that if
+ enough memory is free, then adding an entry to the cache will not
+ require purging. If more than the specified size of the file
+ system available space is already consumed, then one or more entries
+ need to be removed in order to make room for a new entry. It is
+ also possible to configure a maximum number of entries for the cache.
+ If this is specified, then the number of entries are not allowed
+ to exceed this value, but it may not be possible to hold this many
+ entries if the available memory fills up first. Other configurable
+ parameters for this cache include the maximum length of time to block
+ while waiting to acquire a lock, and a set of filters that may be
+ used to define criteria for determining which entries are stored in
+ the cache. If a set of filters are provided then an entry must match
+ at least one of them in order to be stored in the cache.
+ JE environment cache size can also be configured either as a percentage
+ of the free memory available in the JVM, or as an absolute size in
+ bytes. This cache has a persistence property which, if enabled,
+ allows for the contents of the cache to persist across server or
+ cache restarts.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-file-system-entry-cache</ldap:name>
+ <ldap:superior>ds-cfg-entry-cache</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="lock-timeout" advanced="true">
+ <adm:synopsis>
+ The length of time to wait while attempting to acquire a read or
+ write lock.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2000.0ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" allow-unlimited="true" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lock-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-memory-size">
+ <adm:synopsis>
+ The maximum size of the entry cache in bytes.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0b</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-memory-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-entries">
+ <adm:synopsis>
+ The maximum number of entries allowed in the cache.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2147483647</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-entries</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="cache-type">
+ <adm:synopsis>
+ Specifies the policy which should be used for purging entries from
+ the cache.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>fifo</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="fifo">
+ <adm:synopsis>FIFO based entry cache.</adm:synopsis>
+ </adm:value>
+ <adm:value name="lru">
+ <adm:synopsis>LRU based entry cache.</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cache-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="cache-directory">
+ <adm:synopsis>
+ Specifies the directory in which the JE environment should store
+ the cache.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>/tmp/OpenDJ.FSCache</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cache-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="persistent-cache">
+ <adm:synopsis>
+ Specifies whether the cache should persist across restarts.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-persistent-cache</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="compact-encoding">
+ <adm:synopsis>
+ Indicates whether the cache should use a compact form when
+ encoding cache entries by compressing the attribute descriptions
+ and object class sets.
+ </adm:synopsis>
+ <adm:description>
+ Note that compression does not preserve user-supplied
+ capitalization in the object class and attribute type names.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changing this property only affects the encoding of the
+ cache entries put in the cache after the change is made. It
+ will not be retroactively applied to existing cache entries.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-compact-encoding</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-cache-percent">
+ <adm:synopsis>
+ Specifies the maximum memory usage for the internal JE cache as a percentage
+ of the total JVM memory.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="90" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-cache-percent</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-cache-size">
+ <adm:synopsis>
+ Specifies the maximum JVM memory usage in bytes for the internal JE cache.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0b</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-cache-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="je-property" multi-valued="true"
+ advanced="true">
+ <adm:synopsis>
+ Specifies the environment properties for the Berkeley DB Java
+ Edition database providing the backend for this entry cache.
+ </adm:synopsis>
+ <adm:description>
+ Any Berkeley DB Java Edition property can be specified using the
+ following form: property-name=property-value. Refer to the
+ <adm:product-name /> documentation for further information on related
+ properties, their implications and range values. The definitive
+ identification of all the property parameters available in the
+ example.properties file in the Berkeley DB Java Edition distribution.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>je.env.isLocking=false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-je-property</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="include-filter" />
+ <adm:property-reference name="exclude-filter" />
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.FileSystemEntryCache
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FingerprintCertificateMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FingerprintCertificateMapperConfiguration.xml
new file mode 100644
index 0000000..ce52aa9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FingerprintCertificateMapperConfiguration.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="fingerprint-certificate-mapper"
+ plural-name="fingerprint-certificate-mappers"
+ package="org.forgerock.opendj.admin" extends="certificate-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maps client certificates to user entries by looking for the MD5 or
+ SHA1 fingerprint in a specified attribute of user entries.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-fingerprint-certificate-mapper</ldap:name>
+ <ldap:superior>ds-cfg-certificate-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.FingerprintCertificateMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="fingerprint-attribute" mandatory="true">
+ <adm:synopsis>
+ Specifies the attribute in which to look for the fingerprint.
+ </adm:synopsis>
+ <adm:description>
+ Values of the fingerprint attribute should exactly match the MD5
+ or SHA1 representation of the certificate fingerprint.
+ </adm:description>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-fingerprint-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="fingerprint-algorithm" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the digest algorithm to
+ compute the fingerprint of client certificates.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="md5">
+ <adm:synopsis>
+ Use the MD5 digest algorithm to compute certificate
+ fingerprints.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="sha1">
+ <adm:synopsis>
+ Use the SHA-1 digest algorithm to compute certificate
+ fingerprints.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-fingerprint-algorithm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of base DNs below which to search for users.
+ </adm:synopsis>
+ <adm:description>
+ The base DNs are used when performing searches to map the
+ client certificates to a user entry.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server performs the search in all public naming
+ contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FixedTimeLogRotationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FixedTimeLogRotationPolicyConfiguration.xml
new file mode 100644
index 0000000..fc2c21e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FixedTimeLogRotationPolicyConfiguration.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="fixed-time-log-rotation-policy"
+ plural-name="fixed-time-log-rotation-policies"
+ package="org.forgerock.opendj.admin" extends="log-rotation-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Rotation policy based on a fixed time of day.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-fixed-time-log-rotation-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-rotation-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.FixedTimeRotationPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="time-of-day" multi-valued="true"
+ mandatory="true">
+ <adm:synopsis>
+ Specifies the time of day at which log rotation should occur.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^(([0-1][0-9])|([2][0-3]))([0-5][0-9])$</adm:regex>
+ <adm:usage>HHmm</adm:usage>
+ <adm:synopsis>
+ 24 hour time of day in HHmm format.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-of-day</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FractionalLDIFImportPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FractionalLDIFImportPluginConfiguration.xml
new file mode 100644
index 0000000..7a4320d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FractionalLDIFImportPluginConfiguration.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="fractional-ldif-import-plugin"
+ plural-name="fractional-ldif-import-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used internally by the replication plugin to support fractional
+ replication.
+ </adm:synopsis>
+ <adm:description>
+ It is used to check fractional configuration consistency with local domain
+ one as well as to filter attributes when performing an online import from a
+ remote backend to a local backend.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-fractional-ldif-import-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FreeDiskSpaceLogRetentionPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FreeDiskSpaceLogRetentionPolicyConfiguration.xml
new file mode 100644
index 0000000..4837001
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/FreeDiskSpaceLogRetentionPolicyConfiguration.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="free-disk-space-log-retention-policy"
+ plural-name="free-disk-space-log-retention-policies"
+ package="org.forgerock.opendj.admin" extends="log-retention-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Retention policy based on the free disk space available.
+ </adm:synopsis>
+ <adm:description>
+ This policy is only available on Java 6.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-free-disk-space-log-retention-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-retention-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.FreeDiskSpaceRetentionPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="free-disk-space" mandatory="true">
+ <adm:synopsis>Specifies the minimum amount of free disk space that
+ should be available on the file system on which the archived
+ log files are stored.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-free-disk-space</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GSSAPISASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GSSAPISASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..d889e1c
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GSSAPISASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,252 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="gssapi-sasl-mechanism-handler"
+ plural-name="gssapi-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The GSSAPI SASL mechanism
+ performs all processing related to SASL GSSAPI
+ authentication using Kerberos V5.
+ </adm:synopsis>
+ <adm:description>
+ The GSSAPI SASL mechanism provides the ability for clients
+ to authenticate themselves to the server using existing
+ authentication in a Kerberos environment. This mechanism
+ provides the ability to achieve single sign-on for
+ Kerberos-based clients.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-gssapi-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.GSSAPISASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="realm">
+ <adm:synopsis>
+ Specifies the realm to be used for GSSAPI authentication.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to determine the realm from the
+ underlying system configuration.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-realm</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="kdc-address">
+ <adm:synopsis>
+ Specifies the address of the KDC that is to be used for Kerberos
+ processing.
+ </adm:synopsis>
+ <adm:description>
+ If provided, this property must be a fully-qualified DNS-resolvable name.
+ If this property is not provided, then the server attempts to determine it
+ from the system-wide Kerberos configuration.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to determine the KDC address from the
+ underlying system configuration.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-kdc-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="quality-of-protection">
+ <adm:synopsis>
+ The name of a property that specifies the quality of protection
+ the server will support.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>none</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="none">
+ <adm:synopsis>
+ QOP equals authentication only.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="integrity">
+ <adm:synopsis>
+ Quality of protection equals authentication with integrity
+ protection.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="confidentiality">
+ <adm:synopsis>
+ Quality of protection equals authentication with integrity and
+ confidentiality protection.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-quality-of-protection</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="principal-name">
+ <adm:synopsis>
+ Specifies the principal name.
+ </adm:synopsis>
+ <adm:description>
+ It can either be a simple user name or a
+ service name such as host/example.com.
+ If this property is not provided, then the server attempts to build the
+ principal name by appending the fully qualified domain name to the string
+ "ldap/".
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to determine the principal name from the
+ underlying system configuration.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-principal-name</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="keytab">
+ <adm:synopsis>
+ Specifies the path to the keytab file that should be used for
+ Kerberos processing.
+ </adm:synopsis>
+ <adm:description>
+ If provided, this is either an absolute path or one that is
+ relative to the server instance root.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to use the system-wide default keytab.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-keytab</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="server-fqdn">
+ <adm:synopsis>
+ Specifies the DNS-resolvable fully-qualified domain name for the
+ system.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server attempts to determine the
+ fully-qualified domain name dynamically .
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-server-fqdn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="identity-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler
+ to match the Kerberos principal
+ included in the SASL bind request to the corresponding
+ user in the directory.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetConnectionIdExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetConnectionIdExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..36ecb46
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetConnectionIdExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="get-connection-id-extended-operation-handler"
+ plural-name="get-connection-id-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for clients to obtain the internal connection
+ ID that the server uses to reference their client connection.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-get-connection-id-extended-operation-handler
+ </ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.GetConnectionIDExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetSymmetricKeyExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetSymmetricKeyExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..c012256
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GetSymmetricKeyExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="get-symmetric-key-extended-operation-handler"
+ plural-name="get-symmetric-key-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used by the <adm:product-name /> cryptographic framework for creating and
+ obtaining symmetric encryption keys.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-get-symmetric-key-extended-operation-handler
+ </ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.crypto.GetSymmetricKeyExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GlobalConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GlobalConfiguration.xml
new file mode 100644
index 0000000..e259165
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GlobalConfiguration.xml
@@ -0,0 +1,926 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011-2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="global" plural-name="globals"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:user-friendly-name>Global Configuration</adm:user-friendly-name>
+ <adm:user-friendly-plural-name>
+ Global Configurations
+ </adm:user-friendly-plural-name>
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ contains properties that affect the overall
+ operation of the <adm:product-name />.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-root-config</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="check-schema" advanced="true">
+ <adm:synopsis>
+ Indicates whether schema enforcement is active.
+ </adm:synopsis>
+ <adm:description>
+ When schema enforcement is activated, the directory server
+ ensures that all operations result in entries are valid
+ according to the defined server schema. It is strongly recommended
+ that this option be left enabled to prevent the inadvertent
+ addition of invalid data into the server.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-schema</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-password-policy" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the password policy that is in effect
+ for users whose entries do not specify an alternate password
+ policy (either via a real or virtual attribute).
+ </adm:synopsis>
+ <adm:description>
+ In addition, the default password policy will be used for providing
+ default parameters for sub-entry based password policies when not
+ provided or supported by the sub-entry itself.
+ This property must reference a password policy and no other type of
+ authentication policy.
+ </adm:description>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-policy" parent-path="/" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-password-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="add-missing-rdn-attributes" advanced="true">
+ <adm:synopsis>
+ Indicates whether the directory server should automatically add
+ any attribute values contained in the entry's RDN into that entry
+ when processing an add request.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-add-missing-rdn-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-attribute-name-exceptions"
+ advanced="true">
+ <adm:synopsis>
+ Indicates whether the directory server should allow underscores
+ in attribute names and allow attribute names
+ to begin with numeric digits (both of which are violations of the
+ LDAP standards).
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-attribute-name-exceptions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="invalid-attribute-syntax-behavior"
+ advanced="true">
+ <adm:synopsis>
+ Specifies how the directory server should handle operations whenever
+ an attribute value violates the associated attribute syntax.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>reject</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="accept">
+ <adm:synopsis>
+ The directory server silently accepts attribute values
+ that are invalid according to their associated syntax.
+ Matching operations targeting those values may not behave as
+ expected.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reject">
+ <adm:synopsis>
+ The directory server rejects attribute values that are
+ invalid according to their associated syntax.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warn">
+ <adm:synopsis>
+ The directory server accepts attribute values that are
+ invalid according to their associated syntax, but also
+ logs a warning message to the error log. Matching operations
+ targeting those values may not behave as expected.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-invalid-attribute-syntax-behavior</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="server-error-result-code" advanced="true">
+ <adm:synopsis>
+ Specifies the numeric value of the result code when request
+ processing fails due to an internal server error.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>80</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-server-error-result-code</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="single-structural-objectclass-behavior"
+ advanced="true">
+ <adm:synopsis>
+ Specifies how the directory server should handle operations an entry does
+ not contain a structural object class or contains multiple structural
+ classes.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>reject</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="accept">
+ <adm:synopsis>
+ The directory server silently accepts entries that do
+ not contain exactly one structural object class. Certain
+ schema features that depend on the entry's structural class
+ may not behave as expected.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reject">
+ <adm:synopsis>
+ The directory server rejects entries that do not contain
+ exactly one structural object class.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="warn">
+ <adm:synopsis>
+ The directory server accepts entries that do not contain
+ exactly one structural object class, but also logs a
+ warning message to the error log. Certain schema features
+ that depend on the entry's structural class may not behave
+ as expected.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-single-structural-objectclass-behavior
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="notify-abandoned-operations" advanced="true">
+ <adm:synopsis>
+ Indicates whether the directory server should send a response to
+ any operation that is interrupted via an abandon request.
+ </adm:synopsis>
+ <adm:description>
+ The LDAP specification states that abandoned operations should not
+ receive any response, but this may cause problems with client
+ applications that always expect to receive a response to each
+ request.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-notify-abandoned-operations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="size-limit">
+ <adm:synopsis>
+ Specifies the maximum number of entries that can be returned
+ to the client during a single search operation.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 indicates that no size limit is enforced. Note
+ that this is the default server-wide limit, but it may be
+ overridden on a per-user basis using the ds-rlim-size-limit
+ operational attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-size-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-limit">
+ <adm:synopsis>
+ Specifies the maximum length of time that should be spent processing
+ a single search operation.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 seconds indicates that no time limit is
+ enforced. Note that this is the default server-wide time limit,
+ but it may be overridden on a per-user basis using the
+ ds-rlim-time-limit operational attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>60 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="proxied-authorization-identity-mapper"
+ mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper to map
+ authorization ID values (using the "u:" form) provided in the
+ proxied authorization control to the corresponding user entry.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-proxied-authorization-identity-mapper
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="writability-mode">
+ <adm:synopsis>
+ Specifies the kinds of write operations the directory server
+ can process.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="enabled">
+ <adm:synopsis>
+ The directory server attempts to process all write
+ operations that are requested of it, regardless of their
+ origin.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="disabled">
+ <adm:synopsis>
+ The directory server rejects all write operations that
+ are requested of it, regardless of their origin.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="internal-only">
+ <adm:synopsis>
+ The directory server attempts to process write
+ operations requested as internal operations or through
+ synchronization, but rejects any such operations
+ requested from external clients.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-writability-mode</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="reject-unauthenticated-requests">
+ <adm:synopsis>
+ Indicates whether the directory server should reject any request
+ (other than bind or StartTLS requests) received from a client that
+ has not yet been authenticated, whose last authentication attempt was
+ unsuccessful, or whose last authentication attempt used anonymous
+ authentication.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-reject-unauthenticated-requests</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="bind-with-dn-requires-password">
+ <adm:synopsis>
+ Indicates whether the directory server should reject any simple
+ bind request that contains a DN but no password.
+ </adm:synopsis>
+ <adm:description>
+ Although such bind requests are technically allowed by the LDAPv3
+ specification (and should be treated as anonymous simple
+ authentication), they may introduce security problems in
+ applications that do not verify that the client actually provided
+ a password.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-bind-with-dn-requires-password</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="lookthrough-limit">
+ <adm:synopsis>
+ Specifies the maximum number of entries that the directory server
+ should "look through" in the course of processing a search
+ request.
+ </adm:synopsis>
+ <adm:description>
+ This includes any entry that the server must examine in the course
+ of processing the request, regardless of whether it actually
+ matches the search criteria. A value of 0 indicates that no
+ lookthrough limit is enforced. Note that this is the default
+ server-wide limit, but it may be overridden on a per-user basis
+ using the ds-rlim-lookthrough-limit operational attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lookthrough-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="smtp-server" multi-valued="true">
+ <adm:synopsis>
+ Specifies the address (and optional port number) for a mail server
+ that can be used to send email messages via SMTP.
+ </adm:synopsis>
+ <adm:description>
+ It may be an IP address or resolvable hostname, optionally
+ followed by a colon and a port number.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no values are defined, then the server cannot send email via SMTP.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^.+(:[0-9]+)?$</adm:regex>
+ <adm:usage>HOST[:PORT]</adm:usage>
+ <adm:synopsis>
+ A hostname, optionally followed by a ":" followed by a port
+ number.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-smtp-server</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-task" advanced="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of a Java class that may be
+ invoked in the server.
+ </adm:synopsis>
+ <adm:description>
+ Any attempt to invoke a task not included in the list of allowed
+ tasks is rejected.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no values are defined, then the server does not allow any
+ tasks to be invoked.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-task</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="disabled-privilege" multi-valued="true">
+ <adm:synopsis>
+ Specifies the name of a privilege that should not be evaluated by
+ the server.
+ </adm:synopsis>
+ <adm:description>
+ If a privilege is disabled, then it is assumed that all
+ clients (including unauthenticated clients) have that
+ privilege.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no values are defined, then the server enforces all
+ privileges.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="bypass-lockdown">
+ <adm:synopsis>
+ Allows the associated user to bypass server lockdown mode.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="bypass-acl">
+ <adm:synopsis>
+ Allows the associated user to bypass access control checks
+ performed by the server.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="modify-acl">
+ <adm:synopsis>
+ Allows the associated user to modify the server's access
+ control configuration.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="config-read">
+ <adm:synopsis>
+ Allows the associated user to read the server configuration.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="config-write">
+ <adm:synopsis>
+ Allows the associated user to update the server
+ configuration. The config-read privilege is also required.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-read">
+ <adm:synopsis>
+ Allows the associated user to perform JMX read operations.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-write">
+ <adm:synopsis>
+ Allows the associated user to perform JMX write operations.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-notify">
+ <adm:synopsis>
+ Allows the associated user to subscribe to receive JMX
+ notifications.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldif-import">
+ <adm:synopsis>
+ Allows the user to request that the server process LDIF
+ import tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldif-export">
+ <adm:synopsis>
+ Allows the user to request that the server process LDIF
+ export tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="backend-backup">
+ <adm:synopsis>
+ Allows the user to request that the server process backup
+ tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="backend-restore">
+ <adm:synopsis>
+ Allows the user to request that the server process restore
+ tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-lockdown">
+ <adm:synopsis>
+ Allows the user to place and bring the server of lockdown mode.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-shutdown">
+ <adm:synopsis>
+ Allows the user to request that the server shut down.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-restart">
+ <adm:synopsis>
+ Allows the user to request that the server perform an
+ in-core restart.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="proxied-auth">
+ <adm:synopsis>
+ Allows the user to use the proxied authorization control, or
+ to perform a bind that specifies an alternate authorization
+ identity.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="disconnect-client">
+ <adm:synopsis>
+ Allows the user to terminate other client connections.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="cancel-request">
+ <adm:synopsis>
+ Allows the user to cancel operations in progress on other
+ client connections.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-reset">
+ <adm:synopsis>
+ Allows the user to reset user passwords.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="data-sync">
+ <adm:synopsis>
+ Allows the user to participate in data synchronization.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="update-schema">
+ <adm:synopsis>
+ Allows the user to make changes to the server schema.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="privilege-change">
+ <adm:synopsis>
+ Allows the user to make changes to the set of defined root
+ privileges, as well as to grant and revoke privileges for
+ users.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="unindexed-search">
+ <adm:synopsis>
+ Allows the user to request that the server process a search
+ that cannot be optimized using server indexes.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subentry-write">
+ <adm:synopsis>
+ Allows the associated user to perform LDAP subentry write
+ operations.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-disabled-privilege</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="return-bind-error-messages">
+ <adm:synopsis>
+ Indicates whether responses for failed bind operations should
+ include a message string providing the reason for the
+ authentication failure.
+ </adm:synopsis>
+ <adm:description>
+ Note that these messages may include information that could
+ potentially be used by an attacker. If this option is disabled,
+ then these messages appears only in the server's access log.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-return-bind-error-messages</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="idle-time-limit">
+ <adm:synopsis>
+ Specifies the maximum length of time that a client connection may
+ remain established since its last completed operation.
+ </adm:synopsis>
+ <adm:description>
+ A value of "0 seconds" indicates that no idle time limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-idle-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="save-config-on-successful-startup">
+ <adm:synopsis>
+ Indicates whether the directory server should save a copy of its
+ configuration whenever the startup process completes successfully.
+ </adm:synopsis>
+ <adm:description>
+ This ensures that the server provides a "last known good"
+ configuration, which can be used as a reference (or copied into
+ the active config) if the server fails to start with the current
+ "active" configuration.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-save-config-on-successful-startup</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="workflow-configuration-mode" hidden="true">
+ <adm:synopsis>
+ Specifies the workflow configuration mode (auto vs. manual).
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>auto</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="auto">
+ <adm:synopsis>
+ In the "auto" configuration mode, there is no workflow
+ configuration. The workflows are created automatically based
+ on the backend configuration. There is one workflow per
+ backend base DN.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="manual">
+ <adm:synopsis>
+ In the "manual" configuration mode, each workflow is created
+ according to its description in the configuration.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-workflow-configuration-mode</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="etime-resolution" mandatory="false">
+ <adm:synopsis>
+ Specifies the resolution to use for operation elapsed processing time (etime)
+ measurements.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ milliseconds
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="milliseconds">
+ <adm:synopsis>
+ Use millisecond resolution.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="nanoseconds">
+ <adm:synopsis>
+ Use nanosecond resolution.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-etime-resolution</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="entry-cache-preload" mandatory="false">
+ <adm:synopsis>
+ Indicates whether or not to preload the entry cache on startup.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-entry-cache-preload</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-allowed-client-connections">
+ <adm:synopsis>
+ Specifies the maximum number of client connections that may be
+ established at any given time
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 indicates that unlimited client connection is allowed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-allowed-client-connections</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-psearches">
+ <adm:synopsis>
+ Defines the maximum number of concurrent persistent searches that
+ can be performed on directory server
+ </adm:synopsis>
+ <adm:description>
+ The persistent search mechanism provides an active channel through which entries that change,
+ and information about the changes that occur, can be communicated. Because each persistent search
+ operation consumes resources, limiting the number of simultaneous persistent searches keeps the
+ performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>-1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" allow-unlimited="true" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-psearches</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-internal-buffer-size" advanced="true">
+ <adm:synopsis>
+ The threshold capacity beyond which internal cached buffers used for
+ encoding and decoding entries and protocol messages will be trimmed
+ after use.
+ </adm:synopsis>
+ <adm:description>
+ Individual buffers may grow very large when encoding and decoding
+ large entries and protocol messages and should be reduced in size when
+ they are no longer needed. This setting specifies the threshold at which
+ a buffer is determined to have grown too big and should be trimmed down
+ after use.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>32 KB</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <!-- Upper limit to force 32-bit value -->
+ <adm:size lower-limit="512 B" upper-limit="1 GB"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-internal-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GoverningStructureRuleVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GoverningStructureRuleVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..325c58f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GoverningStructureRuleVirtualAttributeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="governing-structure-rule-virtual-attribute"
+ plural-name="governing-structure-rule-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that specifies the DIT structure rule
+ with the schema definitions in effect for the
+ entry. This attribute is defined in RFC 4512.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-governing-structure-rule-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>governingStructureRule</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GroupImplementationConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GroupImplementationConfiguration.xml
new file mode 100644
index 0000000..8dd3606
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/GroupImplementationConfiguration.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="group-implementation"
+ plural-name="group-implementations"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define named collections of users.
+ </adm:synopsis>
+ <adm:description>
+ Different group implementations may have different ways of
+ determining membership. For example, some groups may explicitly list the members,
+ and/or they may dynamically determine membership.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-group-implementation</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>org.opends.server.api.Group</adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPAccessLogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPAccessLogPublisherConfiguration.xml
new file mode 100644
index 0000000..5e384a9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPAccessLogPublisherConfiguration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="http-access-log-publisher"
+ plural-name="http-access-log-publishers"
+ package="org.forgerock.opendj.admin" extends="log-publisher"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for distributing HTTP access log messages from the HTTP
+ access logger to a destination.
+ </adm:synopsis>
+ <adm:description>
+ HTTP access log messages provide information about the types of HTTP
+ requests processed by the server.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-http-access-log-publisher</ldap:name>
+ <ldap:superior>ds-cfg-log-publisher</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.api.HTTPAccessLogPublisher</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..a1ae312
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HTTPConnectionHandlerConfiguration.xml
@@ -0,0 +1,574 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Portions copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="http-connection-handler"
+ plural-name="http-connection-handlers"
+ package="org.forgerock.opendj.admin" extends="connection-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to interact with clients using HTTP.
+ </adm:synopsis>
+ <adm:description>
+ It provides full support for Rest2LDAP.
+ </adm:description>
+ <adm:constraint>
+ <adm:synopsis>
+ A Key Manager Provider must be specified when this
+ <adm:user-friendly-name />
+ is enabled and it is configured to use SSL.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:implies>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:is-present property="key-manager-provider" />
+ </adm:implies>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:constraint>
+ <adm:synopsis>
+ A Trust Manager Provider must be specified when this
+ <adm:user-friendly-name />
+ is enabled and it is configured to use SSL.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:implies>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:is-present property="trust-manager-provider" />
+ </adm:implies>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-http-connection-handler</ldap:name>
+ <ldap:superior>ds-cfg-connection-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.protocols.http.HTTPConnectionHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-reference name="listen-port" />
+ <adm:property-reference name="use-ssl" />
+ <adm:property-reference name="ssl-cert-nickname" />
+ <adm:property-reference name="use-tcp-keep-alive" />
+ <adm:property-reference name="use-tcp-no-delay" />
+ <adm:property-reference name="allow-tcp-reuse-address" />
+ <adm:property name="key-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the key manager that should be used with
+ this
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but
+ only for subsequent attempts to access the key manager
+ provider for associated client connections.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="key-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced key manager provider must be enabled when
+ the
+ <adm:user-friendly-name />
+ is enabled and configured to use SSL.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="enabled" value="true" />
+ <adm:contains property="use-ssl" value="true" />
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the trust manager that should be used with
+ the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but
+ only for subsequent attempts to access the trust manager
+ provider for associated client connections.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="trust-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced trust manager provider must be enabled when
+ the
+ <adm:user-friendly-name />
+ is enabled and configured to use SSL.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="enabled" value="true" />
+ <adm:contains property="use-ssl" value="true" />
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="listen-address" multi-valued="true">
+ <adm:synopsis>
+ Specifies the address or set of addresses on which this
+ <adm:user-friendly-name />
+ should listen for connections from HTTP clients.
+ </adm:synopsis>
+ <adm:description>
+ Multiple addresses may be provided as separate values for this
+ attribute. If no values are provided, then the
+ <adm:user-friendly-name />
+ listens on all interfaces.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0.0.0.0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="keep-stats">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should keep statistics.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the
+ <adm:user-friendly-name />
+ maintains statistics about the number and types of operations
+ requested over HTTP and the amount of data sent and received.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-keep-stats</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-request-size" advanced="true">
+ <adm:synopsis>
+ Specifies the size in bytes of the largest HTTP request message that will
+ be allowed by the <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:description>
+ This can help prevent denial-of-service attacks by clients that indicate
+ they send extremely large requests to the server causing it to
+ attempt to allocate large amounts of memory.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5 megabytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size upper-limit="2147483647b"></adm:size>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-request-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>
+ Specifies the size in bytes of the HTTP response message write buffer.
+ </adm:synopsis>
+ <adm:description>
+ This property specifies write buffer size allocated by the server for
+ each client connection and used to buffer HTTP response messages data
+ when writing.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>4096 bytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1b" upper-limit="2147483647b"></adm:size>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="num-request-handlers" advanced="true">
+ <adm:synopsis>
+ Specifies the number of request handlers that are used to read
+ requests from clients.
+ </adm:synopsis>
+ <adm:description>
+ The
+ <adm:user-friendly-name />
+ uses one thread to accept new connections from clients, but uses
+ one or more additional threads to read requests from existing
+ client connections. This ensures that new requests are
+ read efficiently and that the connection handler itself does not
+ become a bottleneck when the server is under heavy load from many
+ clients at the same time.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-num-request-handlers</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-client-auth-policy">
+ <adm:synopsis>
+ Specifies the policy that the
+ <adm:user-friendly-name />
+ should use regarding client SSL certificates.
+ Clients can use the SASL EXTERNAL mechanism only if the
+ policy is set to "optional" or "required".
+ </adm:synopsis>
+ <adm:description>
+ This is only applicable if clients are allowed to use SSL.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>optional</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="disabled">
+ <adm:synopsis>
+ Clients must not provide their own
+ certificates when performing SSL negotiation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="optional">
+ <adm:synopsis>
+ Clients are requested to provide their own certificates
+ when performing SSL negotiation, but still accept the
+ connection even if the client does not provide a
+ certificate.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="required">
+ <adm:synopsis>
+ Clients are requested to provide their own certificates
+ when performing SSL negotiation. The connection is
+ nevertheless accepted if the client does not provide a
+ certificate.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-client-auth-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="accept-backlog" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum number of pending connection attempts that
+ are allowed to queue up in the accept backlog before the
+ server starts rejecting new connection attempts.
+ </adm:synopsis>
+ <adm:description>
+ This is primarily an issue for cases in which a large number of
+ connections are established to the server in a very short period
+ of time (for example, a benchmark utility that creates a large number of
+ client threads that each have their own connection to the server)
+ and the connection handler is unable to keep up with the rate at
+ which the new connections are established.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>128</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1">
+ <adm:unit-synopsis>connections</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-accept-backlog</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols that are allowed for
+ use in SSL communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the server's
+ JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cipher-suite" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-blocked-write-time-limit" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum length of time that attempts to write data
+ to HTTP clients should be allowed to block.
+ </adm:synopsis>
+ <adm:description>
+ If an attempt to write data to a client takes longer than this
+ length of time, then the client connection is terminated.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2 minutes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-blocked-write-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="config-file" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the configuration file for the <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>config/http-config.json</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-config-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="authentication-required" mandatory="true">
+ <adm:synopsis>
+ Specifies whether only authenticated requests can be processed by the
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:description>
+ If true, only authenticated requests will be processed by the
+ <adm:user-friendly-name />. If false, both authenticated requests and
+ unauthenticated requests will be processed. All requests are subject
+ to ACI limitations and unauthenticated requests are subject to server
+ limits like maximum number of entries returned. Note that setting
+ ds-cfg-reject-unauthenticated-requests to true will override the current
+ setting.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-authentication-required</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-concurrent-ops-per-connection">
+ <adm:synopsis>
+ Specifies the maximum number of internal operations that each
+ HTTP client connection can execute concurrently.
+ </adm:synopsis>
+ <adm:description>
+ This property allow to limit the impact that each HTTP request can have on
+ the whole server by limiting the number of internal operations that each
+ HTTP request can execute concurrently.
+ A value of 0 means that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-concurrent-ops-per-connection</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HasSubordinatesVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HasSubordinatesVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..e724bf1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/HasSubordinatesVirtualAttributeConfiguration.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="has-subordinates-virtual-attribute"
+ plural-name="has-subordinates-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that indicates whether
+ the entry has any subordinate entries.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-has-subordinates-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>hasSubordinates</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IdentityMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IdentityMapperConfiguration.xml
new file mode 100644
index 0000000..4a8f2e1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IdentityMapperConfiguration.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="identity-mapper"
+ plural-name="identity-mappers" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for establishing a mapping between an identifier
+ string provided by a client, and the entry for the user that
+ corresponds to that identifier. <adm:user-friendly-plural-name />
+ are used to process several SASL mechanisms to map an authorization ID
+ (e.g., a Kerberos principal when using GSSAPI) to a directory user. They
+ are also used when processing requests with the proxied authorization control.
+ </adm:synopsis>
+ <adm:tag name="security" />
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.IdentityMapper
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IsMemberOfVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IsMemberOfVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..351a2ab
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/IsMemberOfVirtualAttributeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="is-member-of-virtual-attribute"
+ plural-name="is-member-of-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates the isMemberOf operational attribute,
+ which contains the DNs of
+ the groups in which the user is a member.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-is-member-of-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.IsMemberOfVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>isMemberOf</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXAlertHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXAlertHandlerConfiguration.xml
new file mode 100644
index 0000000..2390ecf
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXAlertHandlerConfiguration.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="jmx-alert-handler"
+ plural-name="jmx-alert-handlers" package="org.forgerock.opendj.admin"
+ extends="alert-handler" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to generate JMX notifications to alert administrators of
+ significant events that occur within the server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-jmx-alert-handler</ldap:name>
+ <ldap:superior>ds-cfg-alert-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.JMXAlertHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..5c8e33d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JMXConnectionHandlerConfiguration.xml
@@ -0,0 +1,179 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2013 ForgeRock AS.
+ ! -->
+<adm:managed-object name="jmx-connection-handler"
+ plural-name="jmx-connection-handlers"
+ package="org.forgerock.opendj.admin" extends="connection-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to interact with clients using the Java Management
+ Extensions (JMX) protocol.
+ </adm:synopsis>
+ <adm:constraint>
+ <adm:synopsis>
+ A Key Manager Provider must be specified when this
+ <adm:user-friendly-name />
+ is enabled and it is configured to use SSL.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:implies>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:is-present property="key-manager-provider" />
+ </adm:implies>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-jmx-connection-handler</ldap:name>
+ <ldap:superior>ds-cfg-connection-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.protocols.jmx.JmxConnectionHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="listen-address" multi-valued="true" read-only="true">
+ <adm:synopsis>
+ Specifies the address or set of addresses on which this
+ <adm:user-friendly-name />
+ should listen for connections from JMX clients. However JMX/RMI
+ doesn't allow this, and this property cannot be set.
+ </adm:synopsis>
+ <adm:description>
+ Multiple addresses may be provided as separate values for this
+ attribute. If no values are provided, then the
+ <adm:user-friendly-name />
+ listens on all interfaces.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0.0.0.0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="listen-port" />
+ <adm:property-reference name="use-ssl" />
+ <adm:property-reference name="ssl-cert-nickname" />
+ <adm:property name="key-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the key manager that should be used with
+ this
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but
+ only for subsequent attempts to access the key manager
+ provider for associated client connections.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="key-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced key manager provider must be enabled when
+ the
+ <adm:user-friendly-name />
+ is enabled and configured to use SSL.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="enabled" value="true" />
+ <adm:contains property="use-ssl" value="true" />
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="rmi-port">
+ <adm:synopsis>
+ Specifies the port number on which the JMX RMI service
+ will listen for connections from clients. A value of 0
+ indicates the service to choose a port of its own.
+ </adm:synopsis>
+ <adm:description>
+ If the value provided is different than 0, the value
+ will be used as the RMI port. Otherwise, the RMI service
+ will choose a port of its own.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="65535" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rmi-port</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JPEGAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JPEGAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..613d6ef
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/JPEGAttributeSyntaxConfiguration.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 ForgeRock AS
+ ! -->
+<adm:managed-object name="jpeg-attribute-syntax"
+ plural-name="jpeg-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define an attribute syntax for storing JPEG information.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-jpeg-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.JPEGSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strict-format" advanced="true">
+ <adm:synopsis>
+ Indicates whether to require JPEG values to strictly
+ comply with the standard definition for this syntax.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strict-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/KeyManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/KeyManagerProviderConfiguration.xml
new file mode 100644
index 0000000..9a87a82
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/KeyManagerProviderConfiguration.xml
@@ -0,0 +1,92 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="key-manager-provider"
+ plural-name="key-manager-providers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for managing the key material that is used to
+ authenticate an SSL connection to its peer.
+ </adm:synopsis>
+ <adm:description>
+ <adm:user-friendly-plural-name />
+ essentially provide access to the certificate that is used by the
+ server when performing SSL or StartTLS negotiation.
+ </adm:description>
+ <adm:tag name="security" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-key-manager-provider</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ The fully-qualified name of the Java class that provides
+ the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.KeyManagerProvider
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPAttributeDescriptionListPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPAttributeDescriptionListPluginConfiguration.xml
new file mode 100644
index 0000000..726f23c
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPAttributeDescriptionListPluginConfiguration.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="ldap-attribute-description-list-plugin"
+ plural-name="ldap-attribute-description-list-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides the ability for clients to include an attribute list in
+ a search request that names object classes instead of (or in
+ addition to) attributes.
+ </adm:synopsis>
+ <adm:description>
+ For example, if a client wishes to
+ retrieve all of the attributes in the inetOrgPerson object class,
+ then that client can include "@inetOrgPerson" in the attribute
+ list rather than naming all of those attributes individually.
+ This behavior is based on the specification contained in RFC 4529.
+ The implementation for the LDAP attribute description list plugin
+ is contained in the
+ org.opends.server.plugins.LDAPADListPlugin class. It must be
+ configured with the preParseSearch plugin type, but does not have
+ any other custom configuration.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-ldap-attribute-description-list-plugin
+ </ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.LDAPADListPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>preparsesearch</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..072b49b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPConnectionHandlerConfiguration.xml
@@ -0,0 +1,607 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2011-2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="ldap-connection-handler"
+ plural-name="ldap-connection-handlers"
+ package="org.forgerock.opendj.admin" extends="connection-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to interact with clients using LDAP.
+ </adm:synopsis>
+ <adm:description>
+ It provides full support for LDAPv3 and limited
+ support for LDAPv2.
+ </adm:description>
+ <adm:constraint>
+ <adm:synopsis>
+ A Key Manager Provider must be specified when this
+ <adm:user-friendly-name />
+ is enabled and it is configured to use SSL or StartTLS.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:implies>
+ <adm:or>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:contains property="allow-start-tls" value="true" />
+ </adm:or>
+ <adm:is-present property="key-manager-provider" />
+ </adm:implies>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:constraint>
+ <adm:synopsis>
+ A Trust Manager Provider must be specified when this
+ <adm:user-friendly-name />
+ is enabled and it is configured to use SSL or StartTLS.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:implies>
+ <adm:or>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:contains property="allow-start-tls" value="true" />
+ </adm:or>
+ <adm:is-present property="trust-manager-provider" />
+ </adm:implies>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:constraint>
+ <adm:synopsis>
+ A
+ <adm:user-friendly-name />
+ cannot be configured to support SSL and StartTLS at the same time.
+ Either SSL or StartTLS must be disabled in order for this
+ <adm:user-friendly-name />
+ to be used.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="enabled" value="true" />
+ <adm:not>
+ <adm:and>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:contains property="allow-start-tls" value="true" />
+ </adm:and>
+ </adm:not>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-ldap-connection-handler</ldap:name>
+ <ldap:superior>ds-cfg-connection-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.protocols.ldap.LDAPConnectionHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-reference name="listen-port" />
+ <adm:property-reference name="use-ssl" />
+ <adm:property-reference name="ssl-cert-nickname" />
+ <adm:property-reference name="use-tcp-keep-alive" />
+ <adm:property-reference name="use-tcp-no-delay" />
+ <adm:property-reference name="allow-tcp-reuse-address" />
+ <adm:property name="key-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the key manager that should be used with
+ this
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but
+ only for subsequent attempts to access the key manager
+ provider for associated client connections.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="key-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced key manager provider must be enabled when
+ the
+ <adm:user-friendly-name />
+ is enabled and configured to use SSL or StartTLS.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="enabled" value="true" />
+ <adm:or>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:contains property="allow-start-tls" value="true" />
+ </adm:or>
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the trust manager that should be used with
+ the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but
+ only for subsequent attempts to access the trust manager
+ provider for associated client connections.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="trust-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced trust manager provider must be enabled when
+ the
+ <adm:user-friendly-name />
+ is enabled and configured to use SSL or StartTLS.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="enabled" value="true" />
+ <adm:or>
+ <adm:contains property="use-ssl" value="true" />
+ <adm:contains property="allow-start-tls" value="true" />
+ </adm:or>
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="listen-address" multi-valued="true">
+ <adm:synopsis>
+ Specifies the address or set of addresses on which this
+ <adm:user-friendly-name />
+ should listen for connections from LDAP clients.
+ </adm:synopsis>
+ <adm:description>
+ Multiple addresses may be provided as separate values for this
+ attribute. If no values are provided, then the
+ <adm:user-friendly-name />
+ listens on all interfaces.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0.0.0.0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-ldap-v2">
+ <adm:synopsis>
+ Indicates whether connections from LDAPv2 clients are allowed.
+ </adm:synopsis>
+ <adm:description>
+ If LDAPv2 clients are allowed, then only a minimal degree of
+ special support are provided for them to ensure that
+ LDAPv3-specific protocol elements (for example, Configuration Guide 25
+ controls, extended response messages, intermediate response
+ messages, referrals) are not sent to an LDAPv2 client.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-ldap-v2</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="keep-stats">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should keep statistics.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the
+ <adm:user-friendly-name />
+ maintains statistics about the number and types of operations
+ requested over LDAP and the amount of data sent and received.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-keep-stats</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="send-rejection-notice" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should send a notice of disconnection extended response message to
+ the client if a new connection is rejected for some reason.
+ </adm:synopsis>
+ <adm:description>
+ The extended response message may provide an explanation
+ indicating the reason that the connection was rejected.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-send-rejection-notice</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-request-size" advanced="true">
+ <adm:synopsis>
+ Specifies the size in bytes of the largest LDAP request message that will
+ be allowed by this LDAP Connection handler.
+ </adm:synopsis>
+ <adm:description>
+ This property is analogous to the maxBERSize configuration
+ attribute of the Sun Java System Directory Server. This can help
+ prevent denial-of-service attacks by clients that indicate they
+ send extremely large requests to the server causing it to
+ attempt to allocate large amounts of memory.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5 megabytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size upper-limit="2147483647b"></adm:size>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-request-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="buffer-size" advanced="true">
+ <adm:synopsis>
+ Specifies the size in bytes of the LDAP response message write buffer.
+ </adm:synopsis>
+ <adm:description>
+ This property specifies write buffer size allocated by the server for
+ each client connection and used to buffer LDAP response messages data
+ when writing.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>4096 bytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1b" upper-limit="2147483647b"></adm:size>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-buffer-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="num-request-handlers" advanced="true">
+ <adm:synopsis>
+ Specifies the number of request handlers that are used to read
+ requests from clients.
+ </adm:synopsis>
+ <adm:description>
+ The
+ <adm:user-friendly-name />
+ uses one thread to accept new connections from clients, but uses
+ one or more additional threads to read requests from existing
+ client connections. This ensures that new requests are
+ read efficiently and that the connection handler itself does not
+ become a bottleneck when the server is under heavy load from many
+ clients at the same time.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-num-request-handlers</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-start-tls">
+ <adm:synopsis>
+ Indicates whether clients are allowed to use StartTLS.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the
+ <adm:user-friendly-name />
+ allows clients to use the StartTLS extended operation to
+ initiate secure communication over an otherwise insecure channel.
+ Note that this is only allowed if the
+ <adm:user-friendly-name />
+ is not configured to use SSL, and if the server is configured with
+ a valid key manager provider and a valid trust manager provider.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-start-tls</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-client-auth-policy">
+ <adm:synopsis>
+ Specifies the policy that the
+ <adm:user-friendly-name />
+ should use regarding client SSL certificates.
+ Clients can use the SASL EXTERNAL mechanism only if the
+ policy is set to "optional" or "required".
+ </adm:synopsis>
+ <adm:description>
+ This is only applicable if clients are allowed to use SSL.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>optional</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="disabled">
+ <adm:synopsis>
+ Clients must not provide their own
+ certificates when performing SSL negotiation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="optional">
+ <adm:synopsis>
+ Clients are requested to provide their own certificates
+ when performing SSL negotiation. The connection is
+ nevertheless accepted if the client does not provide a
+ certificate.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="required">
+ <adm:synopsis>
+ Clients are required to provide their own certificates
+ when performing SSL negotiation and are refused access
+ if they do not provide a certificate.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-client-auth-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="accept-backlog" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum number of pending connection attempts that
+ are allowed to queue up in the accept backlog before the
+ server starts rejecting new connection attempts.
+ </adm:synopsis>
+ <adm:description>
+ This is primarily an issue for cases in which a large number of
+ connections are established to the server in a very short period
+ of time (for example, a benchmark utility that creates a large number of
+ client threads that each have their own connection to the server)
+ and the connection handler is unable to keep up with the rate at
+ which the new connections are established.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>128</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1">
+ <adm:unit-synopsis>connections</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-accept-backlog</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols that are allowed for
+ use in SSL or StartTLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but only
+ impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the server's
+ JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cipher-suite" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL or StartTLS communication.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL/TLS-based sessions created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-blocked-write-time-limit" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum length of time that attempts to write data
+ to LDAP clients should be allowed to block.
+ </adm:synopsis>
+ <adm:description>
+ If an attempt to write data to a client takes longer than this
+ length of time, then the client connection is terminated.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2 minutes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-blocked-write-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPPassThroughAuthenticationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPPassThroughAuthenticationPolicyConfiguration.xml
new file mode 100644
index 0000000..685e4c4
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDAPPassThroughAuthenticationPolicyConfiguration.xml
@@ -0,0 +1,664 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="ldap-pass-through-authentication-policy"
+ plural-name="ldap-pass-through-authentication-policies" extends="authentication-policy"
+ package="org.forgerock.opendj.admin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+
+ <adm:synopsis>
+ An authentication policy for users whose credentials are managed
+ by a remote LDAP directory service.
+ </adm:synopsis>
+
+ <adm:description>
+ Authentication attempts will be redirected to the remote LDAP
+ directory service based on a combination of the criteria specified in this
+ policy and the content of the user's entry in this directory server.
+ </adm:description>
+
+ <adm:constraint>
+ <adm:synopsis>
+ One or more mapped attributes must be specified when using the
+ "mapped-bind" or "mapped-search" mapping policies.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:or>
+ <adm:contains property="mapping-policy" value="mapped-bind" />
+ <adm:contains property="mapping-policy" value="mapped-search" />
+ </adm:or>
+ <adm:is-present property="mapped-attribute" />
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+
+ <adm:constraint>
+ <adm:synopsis>
+ One or more search base DNs must be specified when using the
+ "mapped-search" mapping policy.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="mapping-policy" value="mapped-search" />
+ <adm:is-present property="mapped-search-base-dn" />
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+
+ <adm:constraint>
+ <adm:synopsis>
+ The mapped search bind password must be specified when using the
+ "mapped-search" mapping policy and a mapped-search-bind-dn is defined.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:and>
+ <adm:contains property="mapping-policy" value="mapped-search" />
+ <adm:is-present property="mapped-search-bind-dn" />
+ </adm:and>
+ <adm:or>
+ <adm:is-present property="mapped-search-bind-password" />
+ <adm:is-present property="mapped-search-bind-password-property" />
+ <adm:is-present property="mapped-search-bind-password-environment-variable" />
+ <adm:is-present property="mapped-search-bind-password-file" />
+ </adm:or>
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+
+ <adm:constraint>
+ <adm:synopsis>
+ The cached password storage scheme must be specified when password
+ caching is enabled.
+ </adm:synopsis>
+ <adm:condition>
+ <adm:implies>
+ <adm:contains property="use-password-caching" value="true" />
+ <adm:is-present property="cached-password-storage-scheme" />
+ </adm:implies>
+ </adm:condition>
+ </adm:constraint>
+
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-ldap-pass-through-authentication-policy</ldap:name>
+ <ldap:superior>ds-cfg-authentication-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.LDAPPassThroughAuthenticationPolicyFactory
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+ <adm:property name="primary-remote-ldap-server" multi-valued="true"
+ mandatory="true">
+ <adm:synopsis>
+ Specifies the primary list of remote LDAP servers which should
+ be used for pass through authentication.
+ </adm:synopsis>
+ <adm:description>
+ If more than one LDAP server is specified then operations
+ may be distributed across them. If all of the primary LDAP servers are
+ unavailable then operations will fail-over to the set of secondary LDAP
+ servers, if defined.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^.+:[0-9]+$</adm:regex>
+ <adm:usage>HOST:PORT</adm:usage>
+ <adm:synopsis>
+ A host name followed by a ":" and a port number.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-primary-remote-ldap-server</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="secondary-remote-ldap-server" multi-valued="true">
+ <adm:synopsis>
+ Specifies the secondary list of remote LDAP servers which
+ should be used for pass through authentication in the event that the
+ primary LDAP servers are unavailable.
+ </adm:synopsis>
+ <adm:description>
+ If more than one LDAP server is specified then operations
+ may be distributed across them. Operations will be rerouted to the primary
+ LDAP servers as soon as they are determined to be available.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>No secondary LDAP servers.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^.+:[0-9]+$</adm:regex>
+ <adm:usage>HOST:PORT</adm:usage>
+ <adm:synopsis>
+ A host name followed by a ":" and a port number.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-secondary-remote-ldap-server</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="connection-timeout">
+ <adm:synopsis>
+ Specifies the timeout used when connecting to remote LDAP
+ directory servers, performing SSL negotiation, and for individual search
+ and bind requests.
+ </adm:synopsis>
+ <adm:description>
+ If the timeout expires then the current operation will be
+ aborted and retried against another LDAP server if one is available.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>3 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property-reference name="use-ssl" />
+
+ <adm:property name="trust-manager-provider">
+ <adm:synopsis>
+ Specifies the name of the trust manager that should be used
+ when negotiating SSL connections with remote LDAP directory servers.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately, but only
+ impact subsequent SSL connection negotiations.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ By default, no trust manager is specified indicating that only
+ certificates signed by the authorities associated with this JVM will
+ be accepted.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="trust-manager-provider"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced trust manager provider must be enabled
+ when SSL is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:and>
+ <adm:contains property="use-ssl" value="true" />
+ </adm:and>
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-manager-provider</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapping-policy" mandatory="true">
+ <adm:synopsis>
+ Specifies the mapping algorithm for obtaining the bind DN from
+ the user's entry.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>unmapped</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="unmapped">
+ <adm:synopsis>
+ Bind to the remote LDAP directory service using the DN
+ of the user's entry in this directory server.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="mapped-bind">
+ <adm:synopsis>
+ Bind to the remote LDAP directory service using a DN
+ obtained from an attribute in the user's entry. This policy will
+ check each attribute named in the "mapped-attribute" property. If
+ more than one attribute or value is present then the first one will
+ be used.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="mapped-search">
+ <adm:synopsis>
+ Bind to the remote LDAP directory service using the DN
+ of an entry obtained using a search against the remote LDAP
+ directory service. The search filter will comprise of an equality
+ matching filter whose attribute type is the "mapped-attribute"
+ property, and whose assertion value is the attribute value obtained
+ from the user's entry. If more than one attribute or value is
+ present then the filter will be composed of multiple equality
+ filters combined using a logical OR (union).
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapping-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-attribute" multi-valued="true">
+ <adm:synopsis>
+ Specifies one or more attributes in the user's entry whose
+ value(s) will determine the bind DN used when authenticating to the remote
+ LDAP directory service. This property is mandatory when using the
+ "mapped-bind" or "mapped-search" mapping policies.
+ </adm:synopsis>
+ <adm:description>
+ At least one value must be provided. All values must refer
+ to the name or OID of an attribute type defined in the directory server
+ schema. At least one of the named attributes must exist in a user's
+ local entry in order for authentication to proceed. When multiple
+ attributes or values are found in the user's entry then the behavior is
+ determined by the mapping policy.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-bind-dn">
+ <adm:synopsis>
+ Specifies the bind DN which should be used to perform user
+ searches in the remote LDAP directory service.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>Searches will be performed anonymously.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-search-bind-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-bind-password">
+ <adm:synopsis>
+ Specifies the bind password which should be used to perform
+ user searches in the remote LDAP directory service.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:password />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-search-bind-password</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-bind-password-property">
+ <adm:synopsis>
+ Specifies the name of a Java property containing the bind password which
+ should be used to perform user searches in the remote LDAP directory
+ service.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-search-bind-password-property</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-bind-password-environment-variable">
+ <adm:synopsis>
+ Specifies the name of an environment variable containing the bind
+ password which should be used to perform user searches in the remote LDAP
+ directory service.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-mapped-search-bind-password-environment-variable
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-bind-password-file">
+ <adm:synopsis>
+ Specifies the name of a file containing the bind
+ password which should be used to perform user searches in the remote LDAP
+ directory service.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-search-bind-password-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="mapped-search-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of base DNs below which to search for users
+ in the remote LDAP directory service. This property is mandatory when
+ using the "mapped-search" mapping policy.
+ </adm:synopsis>
+ <adm:description>
+ If multiple values are given, searches are performed below
+ all specified base DNs.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-mapped-search-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="use-tcp-keep-alive" advanced="true">
+ <adm:synopsis>
+ Indicates whether LDAP connections should use TCP keep-alive.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the SO_KEEPALIVE socket option is used to
+ indicate that TCP keepalive messages should periodically be sent to the
+ client to verify that the associated connection is still valid. This may
+ also help prevent cases in which intermediate network hardware
+ could silently drop an otherwise idle client connection, provided
+ that the keepalive interval configured in the underlying operating
+ system is smaller than the timeout enforced by the network hardware.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-tcp-keep-alive</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="use-tcp-no-delay" advanced="true">
+ <adm:synopsis>
+ Indicates whether LDAP connections should use TCP no-delay.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the TCP_NODELAY socket option is used to ensure
+ that response messages to the client are sent immediately rather
+ than potentially waiting to determine whether additional response
+ messages can be sent in the same packet. In most cases, using the
+ TCP_NODELAY socket option provides better performance and
+ lower response times, but disabling it may help for some cases in
+ which the server sends a large number of entries to a client
+ in response to a search request.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-tcp-no-delay</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="ssl-protocol" multi-valued="true" advanced="true">
+ <adm:synopsis>
+ Specifies the names of the SSL protocols which are allowed for
+ use in SSL based LDAP connections.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL LDAP connections created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL protocols provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="ssl-cipher-suite" multi-valued="true"
+ advanced="true">
+ <adm:synopsis>
+ Specifies the names of the SSL cipher suites that are allowed
+ for use in SSL based LDAP connections.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately but will
+ only impact new SSL LDAP connections created after the
+ change.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Uses the default set of SSL cipher suites provided by the
+ server's JVM.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="use-password-caching" mandatory="true">
+ <adm:synopsis>
+ Indicates whether passwords should be cached locally within the user's
+ entry.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-password-caching</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="cached-password-storage-scheme">
+ <adm:synopsis>
+ Specifies the name of a password storage scheme which should be used
+ for encoding cached passwords.
+ </adm:synopsis>
+ <adm:description>
+ Changing the password storage scheme will cause all existing cached
+ passwords to be discarded.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-storage-scheme"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password storage schemes must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cached-password-storage-scheme</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="cached-password-ttl">
+ <adm:synopsis>
+ Specifies the maximum length of time that a locally cached password may
+ be used for authentication before it is refreshed from the remote LDAP
+ service.
+ </adm:synopsis>
+ <adm:description>
+ This property represents a cache timeout. Increasing the timeout period
+ decreases the frequency that bind operations are delegated to the
+ remote LDAP service, but increases the risk of users authenticating
+ using stale passwords.
+
+ Note that authentication attempts which fail because the provided password
+ does not match the locally cached password will always be retried against
+ the remote LDAP service.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>8 hours</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-cached-password-ttl</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFBackendConfiguration.xml
new file mode 100644
index 0000000..3275a77
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFBackendConfiguration.xml
@@ -0,0 +1,102 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="ldif-backend" plural-name="ldif-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for interacting with data
+ stored in an LDIF file.
+ </adm:synopsis>
+ <adm:description>
+ All basic LDAP operations are supported in the LDIF backend
+ although it has minimal support for custom controls.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-ldif-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.LDIFBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="ldif-file" mandatory="true">
+ <adm:synopsis>
+ Specifies the path to the LDIF file containing the data for
+ this backend.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ldif-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="is-private-backend">
+ <adm:synopsis>
+ Indicates whether the backend should be considered a private
+ backend, which indicates that it is used for storing operational
+ data rather than user-defined information.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-is-private-backend</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..7657e62
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LDIFConnectionHandlerConfiguration.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="ldif-connection-handler"
+ plural-name="ldif-connection-handlers"
+ package="org.forgerock.opendj.admin" extends="connection-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to process changes in the server using internal
+ operations, where the changes to process are read from an LDIF file.
+ </adm:synopsis>
+ <adm:description>
+ The connection handler periodically looks for the existence of a
+ new file, processes the changes contained in that file as
+ internal operations, and writes the result to an output file
+ with comments indicating the result of the processing. NOTE: By
+ default
+ <adm:user-friendly-name />
+ operations are not logged because they are internal operations. If
+ you want to log these operations, allow internal logging in the
+ access log publisher.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-ldif-connection-handler</ldap:name>
+ <ldap:superior>ds-cfg-connection-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.protocols.LDIFConnectionHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="ldif-directory" mandatory="true">
+ <adm:synopsis>
+ Specifies the path to the directory in which the LDIF files should
+ be placed.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>config/auto-process-ldif</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ldif-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="poll-interval" mandatory="true">
+ <adm:synopsis>
+ Specifies how frequently the LDIF connection handler should check
+ the LDIF directory to determine whether a new LDIF file has been
+ added.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-poll-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LastModPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LastModPluginConfiguration.xml
new file mode 100644
index 0000000..5292da3
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LastModPluginConfiguration.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="last-mod-plugin"
+ plural-name="last-mod-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to ensure that the creatorsName and createTimestamp
+ attributes are included in an entry whenever it is added to the
+ server and also to ensure that the modifiersName and modifyTimestamp
+ attributes are updated whenever an entry is modified or renamed.
+ </adm:synopsis>
+ <adm:description>
+ This behavior is described in RFC 4512. The implementation for
+ the LastMod plugin is contained in the
+ org.opends.server.plugins.LastModPlugin class. It must be
+ configured with the preOperationAdd, preOperationModify, and
+ preOperationModifyDN plugin types, but it does not have any
+ other custom configuration.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-last-mod-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.plugins.LastModPlugin</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>preoperationadd</adm:value>
+ <adm:value>preoperationmodify</adm:value>
+ <adm:value>preoperationmodifydn</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LengthBasedPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LengthBasedPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..86a8b89
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LengthBasedPasswordValidatorConfiguration.xml
@@ -0,0 +1,114 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="length-based-password-validator"
+ plural-name="length-based-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:TODO>
+ Use constraints to enforce max-password-length >=
+ min-password-length
+ </adm:TODO>
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to determine whether a proposed password is acceptable based
+ on whether the number of characters it contains falls within an
+ acceptable range of values.
+ </adm:synopsis>
+ <adm:description>
+ Both upper and lower bounds may be
+ defined.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-length-based-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.LengthBasedPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="max-password-length">
+ <adm:synopsis>
+ Specifies the maximum number of characters that can be included in
+ a proposed password.
+ </adm:synopsis>
+ <adm:description>
+ A value of zero indicates that there will be no upper bound
+ enforced. If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-password-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-password-length">
+ <adm:synopsis>
+ Specifies the minimum number of characters that must be included
+ in a proposed password.
+ </adm:synopsis>
+ <adm:description>
+ A value of zero indicates that there will be no lower bound
+ enforced.
+ If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>6</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-password-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalBackendWorkflowElementConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalBackendWorkflowElementConfiguration.xml
new file mode 100644
index 0000000..8bf9e8e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalBackendWorkflowElementConfiguration.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="local-backend-workflow-element"
+ plural-name="local-backend-workflow-elements"
+ package="org.forgerock.opendj.admin" extends="workflow-element"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides access to a backend.
+ </adm:synopsis>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-local-backend-workflow-element</ldap:name>
+ <ldap:superior>ds-cfg-workflow-element</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.workflowelement.localbackend.LocalBackendWorkflowElement
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="backend" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Identifies the backend accessed by the workflow element.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="backend" parent-path="/">
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-backend</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBBackendConfiguration.xml
new file mode 100644
index 0000000..630adbc
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBBackendConfiguration.xml
@@ -0,0 +1,1078 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2010-2013 ForgeRock AS.
+ ! -->
+<adm:managed-object name="local-db-backend"
+ plural-name="local-db-backends" package="org.forgerock.opendj.admin"
+ extends="backend" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ uses the Berkeley DB Java Edition to store user-provided data in a local
+ repository.
+ </adm:synopsis>
+ <adm:description>
+ It is the traditional "directory server" backend and is similar to
+ the backends provided by the Sun Java System Directory Server. The
+ <adm:user-friendly-name />
+ stores the entries in an encoded form and also provides indexes that
+ can be used to quickly locate target entries based on different
+ kinds of criteria.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-local-db-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="local-db-index">
+ <adm:one-to-many naming-property="attribute">
+ <adm:default-managed-object name="aci">
+ <adm:property name="index-type">
+ <adm:value>presence</adm:value>
+ </adm:property>
+ <adm:property name="attribute">
+ <adm:value>aci</adm:value>
+ </adm:property>
+ </adm:default-managed-object>
+ <adm:default-managed-object name="entryUUID">
+ <adm:property name="index-type">
+ <adm:value>equality</adm:value>
+ </adm:property>
+ <adm:property name="attribute">
+ <adm:value>entryUUID</adm:value>
+ </adm:property>
+ </adm:default-managed-object>
+ <adm:default-managed-object name="objectClass">
+ <adm:property name="index-type">
+ <adm:value>equality</adm:value>
+ </adm:property>
+ <adm:property name="attribute">
+ <adm:value>objectClass</adm:value>
+ </adm:property>
+ </adm:default-managed-object>
+ <adm:default-managed-object name="ds-sync-hist">
+ <adm:property name="index-type">
+ <adm:value>ordering</adm:value>
+ </adm:property>
+ <adm:property name="attribute">
+ <adm:value>ds-sync-hist</adm:value>
+ </adm:property>
+ </adm:default-managed-object>
+ <adm:default-managed-object name="ds-sync-conflict">
+ <adm:property name="index-type">
+ <adm:value>equality</adm:value>
+ </adm:property>
+ <adm:property name="attribute">
+ <adm:value>ds-sync-conflict</adm:value>
+ </adm:property>
+ </adm:default-managed-object>
+ </adm:one-to-many>
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Index</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="index-type" />
+ <cli:default-property name="index-entry-limit" />
+ <cli:default-property name="index-extensible-matching-rule" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="local-db-vlv-index">
+ <adm:one-to-many naming-property="name" />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=VLV Index</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="base-dn" />
+ <cli:default-property name="scope" />
+ <cli:default-property name="filter" />
+ <cli:default-property name="sort-order" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.backends.jeb.BackendImpl
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="db-directory" mandatory="true">
+ <adm:TODO>Default this to the db/backend-id</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the filesystem directory that is used
+ to hold the Berkeley DB Java Edition database files containing the
+ data for this backend.
+ </adm:synopsis>
+ <adm:description>
+ The path may be either an absolute path or a path relative to the
+ directory containing the base of the <adm:product-name /> directory server
+ installation. The path may be any valid directory path in which
+ the server has appropriate permissions to read and write files and
+ has sufficient space to hold the database contents.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>db</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="compact-encoding">
+ <adm:synopsis>
+ Indicates whether the backend should use a compact form when
+ encoding entries by compressing the attribute descriptions and
+ object class sets.
+ </adm:synopsis>
+ <adm:description>
+ Note that this property applies only to the entries themselves and
+ does not impact the index data.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this setting take effect only for writes that
+ occur after the change is made. It is not retroactively
+ applied to existing data.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-compact-encoding</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="entries-compressed" advanced="true">
+ <adm:synopsis>
+ Indicates whether the backend should attempt to compress entries
+ before storing them in the database.
+ </adm:synopsis>
+ <adm:description>
+ Note that this property applies only to the entries themselves and
+ does not impact the index data. Further, the effectiveness of the
+ compression is based on the type of data contained in the
+ entry.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this setting take effect only for writes that
+ occur after the change is made. It is not retroactively
+ applied to existing data.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-entries-compressed</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="import-queue-size" advanced="true">
+ <adm:synopsis>
+ This parameter has been deprecated in OpenDS 2.1 and will be removed
+ in <adm:product-name /> 3.0. It is only being kept for migration ease and is ignored
+ in OpenDS versions after 2.0.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ This parameter has been deprecated in OpenDS 2.1 and will be removed
+ in <adm:product-name /> 3.0. It is only being kept for migration ease and is ignored
+ in OpenDS versions after 2.0.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-import-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="import-thread-count" advanced="true">
+ <adm:synopsis>
+ This parameter has been deprecated in OpenDS 2.1 and will be removed
+ in <adm:product-name /> 3.0. It is only being kept for migration ease and is ignored
+ in OpenDS versions after 2.0.
+ </adm:synopsis>
+ <adm:description>
+ This parameter has been deprecated in OpenDS 2.1 and will be removed
+ in <adm:product-name /> 3.0. It is only being kept for migration ease and is ignored
+ in OpenDS versions after 2.0.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes do not take effect for any import that may already
+ be in progress.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>8</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-import-thread-count</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-entry-limit">
+ <adm:synopsis>
+ Specifies the maximum number of entries that is allowed to
+ match a given index key before that particular index key is no
+ longer maintained.
+ </adm:synopsis>
+ <adm:description>
+ This property is analogous to the ALL IDs threshold in the Sun
+ Java System Directory Server. Note that this is the default limit
+ for the backend, and it may be overridden on a per-attribute
+ basis.A value of 0 means there is no limit.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ If any index keys have already reached this limit, indexes
+ need to be rebuilt before they are allowed to use the
+ new limit.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>4000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-entry-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-directory-permissions" advanced="true">
+ <adm:synopsis>
+ Specifies the permissions that should be applied to the directory
+ containing the server database files.
+ </adm:synopsis>
+ <adm:description>
+ They should be expressed as three-digit octal values, which is the
+ traditional representation for UNIX file permissions. The three
+ digits represent the permissions that are available for the
+ directory's owner, group members, and other users (in that order),
+ and each digit is the octal representation of the read, write, and
+ execute bits. Note that this only impacts permissions on the
+ database directory and not on the files written into that
+ directory. On UNIX systems, the user's umask controls
+ permissions given to the database files.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>700</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^7[0-7][0-7]$</adm:regex>
+ <adm:usage>MODE</adm:usage>
+ <adm:synopsis>
+ Any octal value between 700 and 777 (the owner must always
+ have read, write, and execute permissions on the directory).
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-directory-permissions</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="preload-time-limit" advanced="true">
+ <adm:synopsis>
+ Specifies the length of time that the backend is allowed to
+ spend "pre-loading" data when it is initialized.
+ </adm:synopsis>
+ <adm:description>
+ The pre-load process is used to pre-populate the database
+ cache, so that it can be more quickly available when the server is
+ processing requests. A duration of zero means there is no
+ pre-load.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-preload-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-cache-percent">
+ <adm:synopsis>
+ Specifies the percentage of JVM memory to allocate to the database cache.
+ </adm:synopsis>
+ <adm:description>
+ Specifies the percentage of memory available to the JVM that
+ should be used for caching database contents. Note that this is
+ only used if the value of the db-cache-size property is set to
+ "0 MB". Otherwise, the value of that property is used instead
+ to control the cache size configuration.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>50</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="90" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-cache-percent</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-cache-size">
+ <adm:synopsis>
+ The amount of JVM memory to allocate to the database cache.
+ </adm:synopsis>
+ <adm:description>
+ Specifies the amount of memory that should be used for caching
+ database contents. A value of "0 MB" indicates that the
+ db-cache-percent property should be used instead to specify the
+ cache size.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 MB</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="0 MB" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-cache-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-cleaner-min-utilization" advanced="true">
+ <adm:synopsis>
+ Specifies the minimum percentage of "live" data that the database
+ cleaner attempts to keep in database log files.
+ </adm:synopsis>
+ <adm:description>
+ If the amount of live data in any database log file drops below
+ this percentage, then the cleaner moves the remaining live
+ data in that file to the end of the database and deletes the
+ original file in order to keep the database relatively compact.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>50</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="90" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-cleaner-min-utilization</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-run-cleaner" advanced="true">
+ <adm:synopsis>
+ Indicates whether the database cleaner threads should be
+ enabled.
+ </adm:synopsis>
+ <adm:description>
+ The cleaner threads are used to periodically compact the
+ database by identifying database files with a low (that is, less than
+ the amount specified by the db-cleaner-min-utilization property)
+ percentage of live data, moving the remaining live data to the end
+ of the log and deleting that file.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-run-cleaner</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-evictor-lru-only" advanced="true">
+ <adm:synopsis>
+ Indicates whether the database should evict existing data from the
+ cache based on an LRU policy (where the least recently used
+ information will be evicted first).
+ </adm:synopsis>
+ <adm:description>
+ If set to "false", then the eviction keeps internal nodes of the underlying
+ Btree in the cache over leaf nodes, even if the leaf nodes have
+ been accessed more recently. This may be a better configuration
+ for databases in which only a very small portion of the data is
+ cached.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-evictor-lru-only</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-evictor-nodes-per-scan" advanced="true">
+ <adm:synopsis>
+ Specifies the number of Btree nodes that should be evicted from
+ the cache in a single pass if it is determined that it is
+ necessary to free existing data in order to make room for new
+ information.
+ </adm:synopsis>
+ <adm:description>
+ Changes to this property do not take effect until the backend is
+ restarted. It is recommended that you also change this property
+ when you set db-evictor-lru-only to false. This setting controls
+ the number of Btree nodes that are considered, or sampled, each
+ time a node is evicted. A setting of 10 often produces good
+ results, but this may vary from application to application. The
+ larger the nodes per scan, the more accurate the algorithm.
+ However, don't set it too high. When considering larger numbers of
+ nodes for each eviction, the evictor may delay the completion of a
+ given database operation, which impacts the response time of the
+ application thread. In JE 4.1 and later, setting this value too high
+ in an application that is largely CPU bound can reduce the
+ effectiveness of cache eviction. It's best to start with the default
+ value, and increase it gradually to see if it is beneficial for your
+ application.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>10</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="1000" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-evictor-nodes-per-scan</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-evictor-core-threads" advanced="true">
+ <adm:synopsis>
+ Specifies the core number of threads in the eviction thread pool.
+ </adm:synopsis>
+ <adm:description>
+ Specifies the core number of threads in the eviction thread pool.
+ These threads help keep memory usage within cache bounds,
+ offloading work from application threads. db-evictor-core-threads,
+ db-evictor-max-threads and db-evictor-keep-alive are used to configure
+ the core, max and keepalive attributes for the eviction thread pool.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-evictor-core-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-evictor-max-threads" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum number of threads in the eviction thread pool.
+ </adm:synopsis>
+ <adm:description>
+ Specifies the maximum number of threads in the eviction thread pool.
+ These threads help keep memory usage within cache bounds,
+ offloading work from application threads. db-evictor-core-threads,
+ db-evictor-max-threads and db-evictor-keep-alive are used to configure
+ the core, max and keepalive attributes for the eviction thread pool.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>10</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-evictor-max-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-evictor-keep-alive" advanced="true">
+ <adm:synopsis>
+ The duration that excess threads in the eviction thread pool will
+ stay idle. After this period, idle threads will terminate.
+ </adm:synopsis>
+ <adm:description>
+ The duration that excess threads in the eviction thread pool will
+ stay idle. After this period, idle threads will terminate.
+ db-evictor-core-threads, db-evictor-max-threads and
+ db-evictor-keep-alive are used to configure the core, max and
+ keepalive attributes for the eviction thread pool.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>600s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="1" upper-limit="86400" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-evictor-keep-alive</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-log-file-max" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum size for a database log file.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100mb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="1mb" upper-limit="4gib" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-log-file-max</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-log-filecache-size" advanced="true">
+ <adm:synopsis>
+ Specifies the size of the file handle cache.
+ </adm:synopsis>
+ <adm:description>
+ The file handle cache is used to keep as much opened log files
+ as possible. When the cache is smaller than the number of logs,
+ the database needs to close some handles and open log files it needs,
+ resulting in less optimal performances. Ideally, the size of the cache
+ should be higher than the number of files contained in the database.
+ Make sure the OS number of open files per process is also tuned
+ appropriately.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="3" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-log-filecache-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-logging-file-handler-on" advanced="true">
+ <adm:synopsis>
+ Indicates whether the database should maintain a je.info file in
+ the same directory as the database log directory.
+ </adm:synopsis>
+ <adm:description>
+ This file contains information about the internal processing
+ performed by the underlying database.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-logging-file-handler-on</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-logging-level" advanced="true">
+ <adm:TODO>Use an enumeration</adm:TODO>
+ <adm:synopsis>
+ Specifies the log level that should be used by the database
+ when it is writing information into the je.info file.
+ </adm:synopsis>
+ <adm:description>
+ The database trace logging level is (in increasing order of
+ verbosity) chosen from: OFF, SEVERE, WARNING, INFO, CONFIG, FINE,
+ FINER, FINEST, ALL.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>CONFIG</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-logging-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-checkpointer-bytes-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the maximum number of bytes that may be written to the
+ database before it is forced to perform a checkpoint.
+ </adm:synopsis>
+ <adm:description>
+ This can be used to bound the recovery time that may be required
+ if the database environment is opened without having been properly
+ closed. If this property is set to a non-zero value, the
+ checkpointer wakeup interval is not used. To use time-based
+ checkpointing, set this property to zero.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>500mb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="0b" upper-limit="9223372036854775807b" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-checkpointer-bytes-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-checkpointer-wakeup-interval"
+ advanced="true">
+ <adm:synopsis>
+ Specifies the maximum length of time that may pass between
+ checkpoints.
+ </adm:synopsis>
+ <adm:description>
+ Note that this is only used if the value of the checkpointer
+ bytes interval is zero.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>30s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="1" upper-limit="4294" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-checkpointer-wakeup-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-num-lock-tables" advanced="true">
+ <adm:synopsis>
+ Specifies the number of lock tables that are used by the underlying database.
+ </adm:synopsis>
+ <adm:description>
+ This can be particularly important to help improve scalability by
+ avoiding contention on systems with large numbers of CPUs. The
+ value of this configuration property should be set to a prime
+ number that is less than or equal to the number of worker threads
+ configured for use in the server.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="32767" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-num-lock-tables</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-num-cleaner-threads" advanced="true">
+ <adm:synopsis>
+ Specifies the number of threads that the backend should maintain
+ to keep the database log files at or near the desired utilization.
+ </adm:synopsis>
+ <adm:description>
+ In environments with high write throughput, multiple cleaner
+ threads may be required to maintain the desired utilization.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-num-cleaner-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-txn-no-sync" advanced="true">
+ <adm:synopsis>
+ Indicates whether database writes should be primarily written to
+ an internal buffer but not immediately written to disk.
+ </adm:synopsis>
+ <adm:description>
+ Setting the value of this configuration attribute to "true" may
+ improve write performance but could cause the most
+ recent changes to be lost if the <adm:product-name /> directory server or the
+ underlying JVM exits abnormally, or if an OS or hardware failure
+ occurs (a behavior similar to running with transaction durability
+ disabled in the Sun Java System Directory Server).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-txn-no-sync</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="db-txn-write-no-sync" advanced="true">
+ <adm:synopsis>
+ Indicates whether the database should synchronously flush data as
+ it is written to disk.
+ </adm:synopsis>
+ <adm:description>
+ If this value is set to "false", then all data written to disk
+ is synchronously flushed to persistent storage and thereby
+ providing full durability. If it is set to "true", then data may
+ be cached for a period of time by the underlying operating system
+ before actually being written to disk. This may improve
+ performance, but could cause the most recent
+ changes to be lost in the event of an underlying OS or hardware
+ failure (but not in the case that the <adm:product-name /> directory server or
+ the JVM exits abnormally).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-db-txn-write-no-sync</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="disk-low-threshold" advanced="true">
+ <adm:synopsis>
+ Low disk threshold to limit database updates
+ </adm:synopsis>
+ <adm:description>
+ Specifies the "low" free space on the disk. When the available
+ free space on the disk used by this database instance falls below the
+ value specified, protocol updates on this database are permitted only
+ by a user with the BYPASS_LOCKDOWN privilege.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>200 megabytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-disk-low-threshold</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="disk-full-threshold" advanced="true">
+ <adm:synopsis>
+ Full disk threshold to limit database updates
+ </adm:synopsis>
+ <adm:description>
+ When the available free space on the disk used by this database
+ instance falls below the value specified, no updates
+ are permitted and the server returns an UNWILLING_TO_PERFORM error.
+ Updates are allowed again as soon as free space rises above the
+ threshold.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100 megabytes</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:size lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-disk-full-threshold</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="je-property" advanced="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the database and environment properties for the Berkeley
+ DB Java Edition database serving the data for this backend.
+ </adm:synopsis>
+ <adm:description>
+ Any Berkeley DB Java Edition property can be specified using the
+ following form: property-name=property-value. Refer to <adm:product-name />
+ documentation for further information on related properties, their
+ implications, and range values. The definitive identification of
+ all the property parameters is available in the example.properties
+ file of Berkeley DB Java Edition distribution.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-je-property</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-filter-analyzer-enabled" advanced="true">
+ <adm:synopsis>
+ Indicates whether to gather statistical information about the search
+ filters processed by the directory server while evaluating the usage of
+ indexes.
+ </adm:synopsis>
+ <adm:description>
+ Analyzing indexes requires gathering search filter usage patterns from
+ user requests, especially for values as specified in the filters and
+ subsequently looking the status of those values into the index files.
+ When a search requests is processed, internal or user generated, a
+ first phase uses indexes to find potential entries to be returned.
+ Depending on the search filter, if the index of one of the specified
+ attributes matches too many entries (exceeds the index entry limit),
+ the search becomes non-indexed. In any case, all entries thus
+ gathered (or the entire DIT) are matched against the filter for
+ actually returning the search result.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-filter-analyzer-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-filter-analyzer-max-filters" advanced="true">
+ <adm:synopsis>
+ The maximum number of search filter statistics to keep.
+ </adm:synopsis>
+ <adm:description>
+ When the maximum number of search filter is reached, the least used one
+ will be deleted.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>25</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-filter-analyzer-max-filters</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="subordinate-indexes-enabled" advanced="true">
+ <adm:synopsis>
+ Indicates whether id2children and id2subtree indexes should be used for
+ this backend. These indexes are used for constraining filtered searches
+ to the search request's scope as well as for generating values for the
+ hasSubordinates and numSubordinates virtual attributes.
+ </adm:synopsis>
+ <adm:description>
+ Subordinate indexing is enabled by default and should only be disabled
+ for specialized use cases. A typical use case is where the backend is
+ to be subjected to heavy add/delete load beneath the same parent entry
+ such as when used as a session database. Disabling the subordinate
+ indexes means that the numSubordinates and hasSubordinates virtual
+ attributes will not be supported.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-subordinate-indexes-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBIndexConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBIndexConfiguration.xml
new file mode 100644
index 0000000..e94f2fc
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBIndexConfiguration.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="local-db-index" plural-name="local-db-indexes"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used to store information that makes it possible to locate
+ entries very quickly when processing search operations.
+ </adm:synopsis>
+ <adm:description>
+ Indexing is performed on a per-attribute level and different types
+ of indexing may be performed for different kinds of attributes, based
+ on how they are expected to be accessed during search operations.
+ </adm:description>
+ <adm:tag name="database" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-local-db-index</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="attribute" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies the name of the attribute for which the index is to
+ be maintained.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-entry-limit">
+ <adm:synopsis>
+ Specifies the maximum number of entries that are allowed
+ to match a given index key before that particular index key is no
+ longer maintained.
+ </adm:synopsis>
+ <adm:description>
+ This is analogous to the ALL IDs threshold in the Sun Java System
+ Directory Server. If this is specified, its value overrides the JE
+ backend-wide configuration. For no limit, use 0 for the value.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ If any index keys have already reached this limit, indexes
+ must be rebuilt before they will be allowed to use the
+ new limit.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:inherited>
+ <adm:relative property-name="index-entry-limit" offset="1"
+ managed-object-name="local-db-backend" />
+ </adm:inherited>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647">
+ <adm:unit-synopsis>Number of entries</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-entry-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-type" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the type(s) of indexing that should be performed
+ for the associated attribute.
+ </adm:synopsis>
+ <adm:description>
+ For equality, presence, and substring index types, the associated
+ attribute type must have a corresponding matching rule.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ If any new index types are added for an attribute, and
+ values for that attribute already exist in the
+ database, the index must be rebuilt before it
+ will be accurate.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="equality">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using equality search filters.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ordering">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using "greater than or equal to" or "less then
+ or equal to" search filters.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="presence">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using the presence search filters.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="substring">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using substring search filters.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="approximate">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using approximate matching search filters.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="extensible">
+ <adm:synopsis>
+ This index type is used to improve the efficiency
+ of searches using extensible matching search filters.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="substring-length" advanced="true">
+ <adm:synopsis>
+ The length of substrings in a substring index.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt before it will reflect the
+ new value.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>6</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="3" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-substring-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="index-extensible-matching-rule" multi-valued="true">
+ <adm:synopsis>
+ The extensible matching rule in an extensible index.
+ </adm:synopsis>
+ <adm:description>
+ An extensible matching rule must be specified using either LOCALE or OID of the matching rule.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt before it will reflect the
+ new value.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ No extensible matching rules will be indexed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>([a-z][a-z](-[A-Z][A-Z]){0,2}(.(([a-z]{2,3})|\\d))?)|(^\\d.((\\d)+.)+\\d$)</adm:regex>
+ <adm:usage>LOCALE | OID</adm:usage>
+ <adm:synopsis>
+ A Locale or an OID.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-index-extensible-matching-rule</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBVLVIndexConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBVLVIndexConfiguration.xml
new file mode 100644
index 0000000..e1befec
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LocalDBVLVIndexConfiguration.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="local-db-vlv-index"
+ plural-name="local-db-vlv-indexes"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used to store information about a specific search request that
+ makes it possible to efficiently process them using the VLV control.
+ </adm:synopsis>
+ <adm:description>
+ A VLV index effectively notifies the server that a virtual list
+ view, with specific query and sort parameters, will be performed.
+ This index also allows the server to collect and maintain the
+ information required to make using the virtual list view faster.
+ </adm:description>
+ <adm:tag name="database" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-local-db-vlv-index</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="base-dn" mandatory="true">
+ <adm:synopsis>
+ Specifies the base DN used in the search query that is being
+ indexed.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt after modifying this
+ property.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="scope" mandatory="true">
+ <adm:synopsis>
+ Specifies the LDAP scope of the query that is being indexed.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt after modifying this
+ property.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="base-object">
+ <adm:synopsis>Search the base object only.</adm:synopsis>
+ </adm:value>
+ <adm:value name="single-level">
+ <adm:synopsis>
+ Search the immediate children of the base object but do not
+ include any of their descendants or the base object itself.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subordinate-subtree">
+ <adm:synopsis>
+ Search the entire subtree below the base object but do not
+ include the base object itself.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="whole-subtree">
+ <adm:synopsis>
+ Search the base object and the entire subtree below the base
+ object.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-scope</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="filter" mandatory="true">
+ <adm:synopsis>
+ Specifies the LDAP filter used in the query that is being indexed.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt after modifying this
+ property.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ A valid LDAP search filter.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-filter</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="sort-order" mandatory="true">
+ <adm:synopsis>
+ Specifies the names of the attributes that are used to sort the
+ entries for the query being indexed.
+ </adm:synopsis>
+ <adm:description>
+ Multiple attributes can be used to determine the sort order by
+ listing the attribute names from highest to lowest precedence.
+ Optionally, + or - can be prefixed to the attribute name to sort
+ the attribute in ascending order or descending order respectively.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:other>
+ <adm:synopsis>
+ The index must be rebuilt after modifying this
+ property.
+ </adm:synopsis>
+ </adm:other>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Valid attribute types defined in the schema, separated by a
+ space and optionally prefixed by + or -.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-sort-order</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="name" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies a unique name for this VLV index.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ The VLV index name cannot be altered after the index is created.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-name</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-block-size" read-only="true"
+ advanced="true">
+ <adm:synopsis>
+ Specifies the number of entry IDs to store in a single sorted
+ set before it must be split.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ The blocks are resized lazily the next time the index is
+ modified.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>4000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer>
+ <adm:unit-synopsis>Number of entry IDs</adm:unit-synopsis>
+ </adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-block-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogPublisherConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogPublisherConfiguration.xml
new file mode 100644
index 0000000..054115b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogPublisherConfiguration.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="log-publisher" plural-name="log-publishers"
+ package="org.forgerock.opendj.admin" abstract="true"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for distributing log messages from different loggers
+ to a destination.
+ </adm:synopsis>
+ <adm:tag name="logging" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-log-publisher</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ The fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.LogPublisher
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRetentionPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRetentionPolicyConfiguration.xml
new file mode 100644
index 0000000..644c928
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRetentionPolicyConfiguration.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="log-retention-policy"
+ plural-name="log-retention-policies"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used to specify when log files should be cleaned.
+ </adm:synopsis>
+ <adm:tag name="logging" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-log-retention-policy</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.loggers.RetentionPolicy
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRotationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRotationPolicyConfiguration.xml
new file mode 100644
index 0000000..1dd892e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/LogRotationPolicyConfiguration.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="log-rotation-policy"
+ plural-name="log-rotation-policies"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used to specify when log files should be rotated.
+ </adm:synopsis>
+ <adm:tag name="logging" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-log-rotation-policy</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.loggers.RotationPolicy
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MD5PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MD5PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..3c89373
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MD5PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="md5-password-storage-scheme"
+ plural-name="md5-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using an unsalted
+ form of the MD5 message digest algorithm. Because the implementation
+ does not use any kind of salting mechanism, a given password always
+ has the same encoded form.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "MD5". Although the MD5 digest
+ algorithm is relatively secure, recent cryptanalysis work has
+ identified mechanisms for generating MD5 collisions. This does not
+ impact the security of this algorithm as it is used in <adm:product-name />,
+ but it is recommended that the MD5 password storage scheme only be used if
+ client applications require it for compatibility purposes, and that a
+ stronger digest like SSHA or SSHA256 be used for environments in which
+ MD5 support is not required.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-md5-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.MD5PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MatchingRuleConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MatchingRuleConfiguration.xml
new file mode 100644
index 0000000..fe15693
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MatchingRuleConfiguration.xml
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="matching-rule" plural-name="matching-rules"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define a set of rules for performing matching operations against
+ assertion values.
+ </adm:synopsis>
+ <adm:description>
+ Matching rules are frequently associated with an attribute syntax
+ and are used to compare values according to that syntax. For example,
+ the distinguishedNameEqualityMatch matching rule can be used to
+ determine whether two DNs are equal and can ignore unnecessary spaces
+ around commas and equal signs, differences in capitalization in
+ attribute names, an so on.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-matching-rule</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.MatchingRuleFactory
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemberVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemberVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..ca2e9b1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemberVirtualAttributeConfiguration.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="member-virtual-attribute"
+ plural-name="user-defined-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a member or uniqueMember attribute whose values are
+ the DNs of the members of a specified virtual static group.
+ </adm:synopsis>
+ <adm:description>
+ This component is used to implement virtual static group
+ functionality, in which it is possible to create an entry
+ that looks like a static group but obtains all of its
+ membership from a dynamic group (or some other type of
+ group, including another static group).
+ This implementation is most efficient when attempting to
+ determine whether a given user is a member of a group
+ (for example, with a filter like
+ "(uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)")
+ when the search does not actually return the membership
+ attribute. Although it works to generate the entire set of
+ values for the member or uniqueMember attribute, this can be
+ an expensive operation for a large group.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-member-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.MemberVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="allow-retrieving-membership" mandatory="true">
+ <adm:synopsis>
+ Indicates whether to handle requests that request all values for
+ the virtual attribute.
+ </adm:synopsis>
+ <adm:description>
+ This operation can be very expensive in some cases and is not
+ consistent with the primary function of virtual static groups, which
+ is to make it possible to use static group idioms to determine
+ whether a given user is a member.
+ If this attribute is set to false, attempts to retrieve the entire
+ set of values receive an empty set, and only attempts to determine
+ whether the attribute has a specific value or set of values
+ (which is the primary anticipated use for virtual static groups)
+ are handled properly.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-retrieving-membership</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryBackendConfiguration.xml
new file mode 100644
index 0000000..f956dca
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryBackendConfiguration.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="memory-backend" plural-name="memory-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a directory server backend
+ implementation that stores entries in memory.
+ </adm:synopsis>
+ <adm:description>
+ There is no persistence of any kind, and the backend contents are
+ cleared whenever the backend is brought online or offline and when
+ the server is restarted.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-memory-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.MemoryBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryUsageMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryUsageMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..9f3a481
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MemoryUsageMonitorProviderConfiguration.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="memory-usage-monitor-provider"
+ plural-name="memory-usage-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ can be used to publish information about memory consumption and
+ garbage collection activity in the JVM.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-memory-usage-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.MemoryUsageMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorBackendConfiguration.xml
new file mode 100644
index 0000000..a1243bc
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorBackendConfiguration.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="monitor-backend"
+ plural-name="monitor-backends" package="org.forgerock.opendj.admin"
+ extends="backend" advanced="true"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ allows clients to access the information made
+ available by directory server monitor providers.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-monitor-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.MonitorBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>disabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorProviderConfiguration.xml
new file mode 100644
index 0000000..65afdcd
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/MonitorProviderConfiguration.xml
@@ -0,0 +1,85 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="monitor-provider"
+ plural-name="monitor-providers" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ can be used to provide information about the state of the server or
+ one of its components.
+ </adm:synopsis>
+ <adm:description>
+ This information is useful for monitoring or troubleshooting.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-monitor-provider</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.MonitorProvider
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupConfiguration.xml
new file mode 100644
index 0000000..44e82c1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupConfiguration.xml
@@ -0,0 +1,301 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2013 ForgeRock AS.
+ ! -->
+<adm:managed-object name="network-group"
+ plural-name="network-groups"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name/>
+ is used to classify incoming client connections and route requests to
+ workflows.
+ </adm:synopsis>
+ <adm:tag name="core-server"/>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-network-group</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="network-group-qos-policy"
+ managed-object-name="qos-policy"
+ hidden="true">
+ <adm:synopsis>
+ Specifies the set of quality of service (QoS) policies enforced by
+ the
+ <adm:user-friendly-name/>
+ .
+ </adm:synopsis>
+ <adm:description>
+ All client connections belonging to the
+ <adm:user-friendly-name/>
+ will comply with its policies.
+ </adm:description>
+ <adm:one-to-many unique="true"
+ plural-name="network-group-qos-policies"/>
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=QoS Policies</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name/>
+ is enabled for use in the server.
+ </adm:synopsis>
+ <adm:description>
+ If a
+ <adm:user-friendly-name/>
+ is not enabled then its workflows will not be accessible when
+ processing operations.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="priority" mandatory="true">
+ <adm:synopsis>
+ Specifies the priority for this <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:description>
+ A client connection is first compared against the
+ <adm:user-friendly-name/>
+ with the lowest priority. If the client connection does not match
+ its connection criteria, then the client connection is compared against
+ the
+ <adm:user-friendly-name/>
+ with next lowest priority, and so on. If no
+ <adm:user-friendly-name/>
+ is selected then the client connection is rejected.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-priority</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="workflow" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of workflows which should be accessible from this
+ <adm:user-friendly-name/>
+ .
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>No workflows will be accessible.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="workflow"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced workflows must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true"/>
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-workflow</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-auth-method" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of allowed authorization methods that clients
+ must use in order to establish connections to this
+ <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All authorization methods are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="anonymous">
+ <adm:synopsis>
+ Unauthorized clients.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="simple">
+ <adm:synopsis>
+ Clients who bind using simple authentication (name and password).
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="sasl">
+ <adm:synopsis>
+ Clients who bind using SASL/external certificate based
+ authentication.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-auth-method</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-protocol" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of allowed supported protocols that clients
+ must use in order to establish connections to this
+ <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All supported protocols are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="ldap">
+ <adm:synopsis>
+ Clients using LDAP are allowed.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldaps">
+ <adm:synopsis>
+ Clients using LDAPS are allowed.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-protocol</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-bind-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of bind DN patterns that determine the
+ clients that are allowed to establish connections to this
+ <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:description>
+ Valid bind DN filters are strings composed of zero or more
+ wildcards. A double wildcard ** replaces one or more RDN
+ components (as in uid=dmiller,**,dc=example,dc=com). A simple
+ wildcard * replaces either a whole RDN, or a whole type, or a
+ value substring (as in uid=bj*,ou=people,dc=example,dc=com).
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All bind DNs are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-bind-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="allowed-client" />
+ <adm:property-reference name="denied-client" />
+ <adm:property name="is-security-mandatory">
+ <adm:synopsis>
+ Specifies whether or not a secured client connection
+ is required in order for clients to establish connections
+ to this <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-is-security-mandatory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupPluginConfiguration.xml
new file mode 100644
index 0000000..a971766
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NetworkGroupPluginConfiguration.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="network-group-plugin"
+ plural-name="network-group-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ hidden="true">
+
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ allows to group connections into different network groups and
+ enforce specific resource limit policies for each network group.
+ </adm:synopsis>
+
+ <adm:description>
+ The
+ <adm:user-friendly-name />
+ creates network groups based on client connection criteria. Each network
+ group defines resource limit policies applied to all its connections.
+ </adm:description>
+
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-network-group-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.core.networkgroups.NetworkGroupPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>postconnect</adm:value>
+ <adm:value>preparseadd</adm:value>
+ <adm:value>preparsebind</adm:value>
+ <adm:value>preparsecompare</adm:value>
+ <adm:value>preparsedelete</adm:value>
+ <adm:value>preparseextended</adm:value>
+ <adm:value>preparsemodify</adm:value>
+ <adm:value>preparsemodifydn</adm:value>
+ <adm:value>preparsesearch</adm:value>
+ <adm:value>preparseunbind</adm:value>
+ <adm:value>postresponsebind</adm:value>
+ <adm:value>postresponseextended</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NullBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NullBackendConfiguration.xml
new file mode 100644
index 0000000..9bebd0f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NullBackendConfiguration.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="null-backend" plural-name="null-backends"
+ package="org.forgerock.opendj.admin" advanced="true" extends="backend"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name/>
+ provides a directory server backend that implements a /dev/null like
+ behavior for development and testing.
+ </adm:synopsis>
+ <adm:description>
+ The
+ <adm:user-friendly-name/>
+ behaves as follows: all search operations return success but no
+ data; all write operations do nothing; bind operations fail with
+ invalid credentials; compare operations are only possible on
+ objectClass and return true for top, nullBackendObject, and
+ extensibleObject. In addition controls are supported although this
+ implementation does not provide any specific emulation for controls.
+ Generally known request controls are accepted and default response
+ controls returned where applicable. Searches within a
+ <adm:user-friendly-name/>
+ are always considered indexed.
+ <adm:user-friendly-plural-name/>
+ are for development and testing only.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-null-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.NullBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NumSubordinatesVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NumSubordinatesVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..1b6911c
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/NumSubordinatesVirtualAttributeConfiguration.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="num-subordinates-virtual-attribute"
+ plural-name="num-subordinates-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that specifies the
+ number of immediate child entries that exist below the entry.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-num-subordinates-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>numSubordinates</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PBKDF2PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PBKDF2PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..347a67e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PBKDF2PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2013 ForgeRock AS.
+ ! -->
+<adm:managed-object name="pbkdf2-password-storage-scheme"
+ plural-name="pbkdf2-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the
+ PBKDF2 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "PBKDF2".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-pbkdf2-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PBKDF2PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="pbkdf2-iterations" advanced="false">
+ <adm:synopsis>
+ The number of algorithm iterations to make. NIST recommends
+ at least 1000.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>10000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-pbkdf2-iterations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PKCS11KeyManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PKCS11KeyManagerProviderConfiguration.xml
new file mode 100644
index 0000000..d1e21ed
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PKCS11KeyManagerProviderConfiguration.xml
@@ -0,0 +1,63 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="pkcs11-key-manager-provider"
+ plural-name="pkcs11-key-manager-providers"
+ package="org.forgerock.opendj.admin" extends="key-manager-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ enables the server to access the private
+ key information through the PKCS11 interface.
+ </adm:synopsis>
+ <adm:description>
+ This standard interface is used by cryptographic accelerators and
+ hardware security modules.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-pkcs11-key-manager-provider</ldap:name>
+ <ldap:superior>ds-cfg-key-manager-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PKCS11KeyManagerProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-reference name="key-store-pin" />
+ <adm:property-reference name="key-store-pin-property" />
+ <adm:property-reference name="key-store-pin-environment-variable" />
+ <adm:property-reference name="key-store-pin-file" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Package.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Package.xml
new file mode 100644
index 0000000..f4aeeb9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/Package.xml
@@ -0,0 +1,578 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2011-2013 ForgeRock AS
+ ! -->
+<adm:package name="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Core <adm:product-name /> directory server administrative components.
+ </adm:synopsis>
+ <adm:property name="listen-port" mandatory="true">
+ <adm:synopsis>
+ Specifies the port number on which the
+ <adm:user-friendly-name />
+ will listen for connections from clients.
+ </adm:synopsis>
+ <adm:description>
+ Only a single port number may be provided.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-port</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="use-ssl">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should use SSL.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the
+ <adm:user-friendly-name />
+ will use SSL to encrypt communication with the clients.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-ssl</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="ssl-cert-nickname">
+ <adm:TODO>Need a better default description.</adm:TODO>
+ <adm:synopsis>
+ Specifies the nickname (also called the alias) of the certificate
+ that the
+ <adm:user-friendly-name />
+ should use when performing SSL communication.
+ </adm:synopsis>
+ <adm:description>
+ This is only applicable when the
+ <adm:user-friendly-name />
+ is configured to use SSL.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>Let the server decide.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string></adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-ssl-cert-nickname</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-store-pin">
+ <adm:synopsis>
+ Specifies the clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-pin</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-store-pin-property">
+ <adm:TODO>Better syntax for property name?</adm:TODO>
+ <adm:synopsis>
+ Specifies the name of the Java property that contains the
+ clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The name of a defined Java property.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-pin-property</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-store-pin-environment-variable">
+ <adm:synopsis>
+ Specifies the name of the environment variable that contains the
+ clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The name of a defined environment variable that contains the
+ clear-text PIN required to access the contents of the key store.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-pin-environment-variable</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="key-store-pin-file">
+ <adm:TODO>Should use a file-based property definition?</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the text file whose only contents should be
+ a single line containing the clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-key-store-pin-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-pin">
+ <adm:synopsis>
+ Specifies the clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-pin</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-pin-property">
+ <adm:TODO>Better syntax for property name?</adm:TODO>
+ <adm:synopsis>
+ Specifies the name of the Java property that contains the
+ clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-pin-property</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-pin-environment-variable">
+ <adm:synopsis>
+ Specifies the name of the environment variable that contains the
+ clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-trust-store-pin-environment-variable
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-pin-file">
+ <adm:TODO>Should use a file-based property definition?</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the text file whose only contents should be
+ a single line containing the clear-text PIN needed to access the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property will take effect the next time that
+ the
+ <adm:user-friendly-name />
+ is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-pin-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="include-filter" multi-valued="true">
+ <adm:synopsis>
+ The set of filters that define the entries that should be included
+ in the cache.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-include-filter</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="exclude-filter" multi-valued="true">
+ <adm:synopsis>
+ The set of filters that define the entries that should be excluded
+ from the cache.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-exclude-filter</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-client" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of host names or address masks that determine the
+ clients that are allowed to establish connections to this
+ <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:description>
+ Valid values include a host name, a fully qualified domain name, a
+ domain name, an IP address, or a subnetwork with subnetwork mask.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All clients with addresses that do not match an address on the
+ deny list are allowed. If there is no deny list, then all
+ clients are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address-mask />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-client</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="denied-client" multi-valued="true">
+ <adm:synopsis>
+ Specifies a set of host names or address masks that determine
+ the clients that are not allowed to establish connections to this
+ <adm:user-friendly-name/>.
+ </adm:synopsis>
+ <adm:description>
+ Valid values include a host name, a fully qualified domain name, a
+ domain name, an IP address, or a subnetwork with subnetwork mask.
+ If both allowed and denied client masks are defined and a client
+ connection matches one or more masks in both lists, then the
+ connection is denied. If only a denied list is specified,
+ then any client not matching a mask in that list is allowed.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect immediately and do not
+ interfere with connections that may have already been
+ established.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If an allow list is specified, then only clients with
+ addresses on the allow list are allowed. Otherwise, all
+ clients are allowed.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address-mask />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-denied-client</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="use-tcp-keep-alive" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should use TCP keep-alive.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP
+ keepalive messages should periodically be sent to the client to
+ verify that the associated connection is still valid. This may
+ also help prevent cases in which intermediate network hardware
+ could silently drop an otherwise idle client connection, provided
+ that the keepalive interval configured in the underlying operating
+ system is smaller than the timeout enforced by the network
+ hardware.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-tcp-keep-alive</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="use-tcp-no-delay" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should use TCP no-delay.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the TCP_NODELAY socket option is used to ensure
+ that response messages to the client are sent immediately rather
+ than potentially waiting to determine whether additional response
+ messages can be sent in the same packet. In most cases, using the
+ TCP_NODELAY socket option provides better performance and
+ lower response times, but disabling it may help for some cases in
+ which the server sends a large number of entries to a client
+ in response to a search request.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-use-tcp-no-delay</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-tcp-reuse-address" advanced="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ should reuse socket descriptors.
+ </adm:synopsis>
+ <adm:description>
+ If enabled, the SO_REUSEADDR socket option is used on the
+ server listen socket to potentially allow the reuse of socket
+ descriptors for clients in a TIME_WAIT state. This may help the
+ server avoid temporarily running out of socket descriptors in
+ cases in which a very large number of short-lived connections have
+ been established from the same client system.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-tcp-reuse-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:package>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ParallelWorkQueueConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ParallelWorkQueueConfiguration.xml
new file mode 100644
index 0000000..9211057
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ParallelWorkQueueConfiguration.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="parallel-work-queue"
+ plural-name="parallel-work-queues" extends="work-queue"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a type of work queue that uses a number of worker threads that
+ watch a queue and pick up an operation to process whenever one
+ becomes available.
+ </adm:synopsis>
+ <adm:description>
+ The parallel work queue is a FIFO queue serviced by a fixed
+ number of worker threads. This fixed number of threads can be
+ changed on the fly, with the change taking effect as soon as
+ it is made. This work queue implementation is unbound ie it
+ does not block after reaching certain queue size and as such
+ should only be used on a very well tuned server configuration
+ to avoid potential out of memory errors.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-parallel-work-queue</ldap:name>
+ <ldap:superior>ds-cfg-work-queue</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.ParallelWorkQueue
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="num-worker-threads">
+ <adm:synopsis>
+ Specifies the number of worker threads to be used for processing
+ operations placed in the queue.
+ </adm:synopsis>
+ <adm:description>
+ If the value is increased,
+ the additional worker threads are created immediately. If the
+ value is reduced, the appropriate number of threads are destroyed
+ as operations complete processing.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-num-worker-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordExpirationTimeVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordExpirationTimeVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..c59ce47
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordExpirationTimeVirtualAttributeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/CDDLv1_0.txt
+ ! or http://forgerock.org/license/CDDLv1.0.html.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2012 profiq s.r.o.
+ ! -->
+<adm:managed-object name="password-expiration-time-virtual-attribute"
+ plural-name="password-expiration-time-virtual-attribute"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute which shows the password expiration date.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-password-expiration-time-virtual-attribute
+ </ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>ds-pwp-password-expiration-time</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
\ No newline at end of file
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordGeneratorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordGeneratorConfiguration.xml
new file mode 100644
index 0000000..c680aa1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordGeneratorConfiguration.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="password-generator"
+ plural-name="password-generators"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are used by the password modify extended operation to construct a
+ new password for the user.
+ </adm:synopsis>
+ <adm:description>
+ The server allows any number of password validators to be defined.
+ This can impose any kinds of restrictions on the characteristics
+ of valid passwords. Therefore, it is not feasible for the server
+ to attempt to generate a password on its own that will meet all
+ the requirements of all the validators. The password generator
+ makes it possible to provide custom logic for creating a new password.
+ </adm:description>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-password-generator</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.PasswordGenerator
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordModifyExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordModifyExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..bf19c61
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordModifyExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="password-modify-extended-operation-handler"
+ plural-name="password-modify-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ allows end users to change their own passwords, or
+ administrators to reset user passwords.
+ </adm:synopsis>
+ <adm:description>
+ The password modify extended operation is defined in RFC 3062. It
+ includes the ability for users to provide their current password for
+ further confirmation of their identity when changing the password,
+ and it also includes the ability to generate a new password if the
+ user does not provide one.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-password-modify-extended-operation-handler
+ </ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PasswordModifyExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="identity-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper that should be used in
+ conjunction with the password modify extended operation.
+ </adm:synopsis>
+ <adm:description>
+ This property is used to identify a user based on an
+ authorization ID in the 'u:' form. Changes to this property take effect immediately.
+ </adm:description>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyConfiguration.xml
new file mode 100644
index 0000000..39cb377
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyConfiguration.xml
@@ -0,0 +1,942 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="password-policy"
+ plural-name="password-policies"
+ extends="authentication-policy"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define a number of password management rules, as well as
+ requirements for authentication processing.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-password-policy</ldap:name>
+ <ldap:superior>ds-cfg-authentication-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.core.PasswordPolicyFactory
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="password-attribute" mandatory="true">
+ <adm:synopsis>
+ Specifies the attribute type used to hold user passwords.
+ </adm:synopsis>
+ <adm:description>
+ This attribute type must be defined in the server schema, and it
+ must have either the user password or auth password syntax.
+ </adm:description>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-password-storage-scheme" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the password storage schemes that are used
+ to encode clear-text passwords for this password policy.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-storage-scheme"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password storage schemes must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-password-storage-scheme</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="deprecated-password-storage-scheme"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the password storage schemes that are
+ considered deprecated for this password policy.
+ </adm:synopsis>
+ <adm:description>
+ If a user with this password policy authenticates to the server
+ and his/her password is encoded with a deprecated scheme, those
+ values are removed and replaced with values encoded using the
+ default password storage scheme(s).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-storage-scheme"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password storage schemes must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-deprecated-password-storage-scheme</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-validator" multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the password validators that are used
+ with the associated password storage scheme.
+ </adm:synopsis>
+ <adm:description>
+ The password validators are invoked when a user attempts to provide
+ a new password, to determine whether the new password is acceptable.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-validator"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password validators must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-validator</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="account-status-notification-handler"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the account status notification handlers
+ that are used with the associated password storage scheme.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation
+ relation-name="account-status-notification-handler"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced account status notification handlers must be
+ enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-account-status-notification-handler
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-user-password-changes">
+ <adm:synopsis>
+ Indicates whether users can change their own
+ passwords.
+ </adm:synopsis>
+ <adm:description>
+ This check is made in addition to access control evaluation.
+ Both must allow the password change for it to occur.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-user-password-changes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-change-requires-current-password">
+ <adm:synopsis>
+ Indicates whether user password changes must use
+ the password modify extended operation and must include the user's
+ current password before the change is allowed.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-password-change-requires-current-password
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="force-change-on-add">
+ <adm:synopsis>
+ Indicates whether users are forced to change their passwords
+ upon first authenticating to the directory server after their
+ account has been created.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-force-change-on-add</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="force-change-on-reset">
+ <adm:synopsis>
+ Indicates whether users are forced to change their passwords
+ if they are reset by an administrator.
+ </adm:synopsis>
+ <adm:description>
+ For this purpose, anyone with permission to change a given user's
+ password other than that user is considered an administrator.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-force-change-on-reset</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="skip-validation-for-administrators"
+ advanced="true">
+ <adm:synopsis>
+ Indicates whether passwords set by administrators are allowed
+ to bypass the password validation process that is required
+ for user password changes.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-skip-validation-for-administrators</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-generator">
+ <adm:synopsis>
+ Specifies the name of the password generator that is used
+ with the associated password policy.
+ </adm:synopsis>
+ <adm:description>
+ This is used in conjunction with the password modify extended
+ operation to generate a new password for a user when none was
+ provided in the request.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-generator"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password generator must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-generator</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="require-secure-authentication">
+ <adm:synopsis>
+ Indicates whether users with the associated password policy are
+ required to authenticate in a secure manner.
+ </adm:synopsis>
+ <adm:description>
+ This might mean either using a secure communication channel
+ between the client and the server, or using a SASL mechanism that
+ does not expose the credentials.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-require-secure-authentication</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="require-secure-password-changes">
+ <adm:synopsis>
+ Indicates whether users with the associated password policy are
+ required to change their password in a secure manner that does
+ not expose the credentials.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-require-secure-password-changes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-multiple-password-values" advanced="true">
+ <adm:synopsis>
+ Indicates whether user entries can have multiple
+ distinct values for the password attribute.
+ </adm:synopsis>
+ <adm:description>
+ This is potentially dangerous because many mechanisms used to
+ change the password do not work well with such a configuration. If
+ multiple password values are allowed, then any of them can be used
+ to authenticate, and they are all subject to the same policy
+ constraints.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-multiple-password-values</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-pre-encoded-passwords" advanced="true">
+ <adm:synopsis>
+ Indicates whether users can change their passwords
+ by providing a pre-encoded value.
+ </adm:synopsis>
+ <adm:description>
+ This can cause a security risk because the clear-text version of
+ the password is not known and therefore validation checks cannot
+ be applied to it.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-pre-encoded-passwords</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-password-age">
+ <adm:synopsis>
+ Specifies the minimum length of time after a
+ password change before the user is allowed to change the
+ password again.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. This setting can
+ be used to prevent users from changing their passwords repeatedly
+ over a short period of time to flush an old password from the
+ history so that it can be re-used.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-password-age</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-password-age">
+ <adm:synopsis>
+ Specifies the maximum length of time that a user can continue
+ using the same password before it must be changed (that is, the
+ password expiration interval).
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds disables password expiration.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-password-age</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-password-reset-age">
+ <adm:synopsis>
+ Specifies the maximum length of time that users have to change
+ passwords after they have been reset by an administrator before
+ they become locked.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds disables this feature.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-password-reset-age</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-expiration-warning-interval">
+ <adm:synopsis>
+ Specifies the maximum length of time before a user's password
+ actually expires that the server begins to include warning
+ notifications in bind responses for that user.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds disables the warning interval.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5 days</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-password-expiration-warning-interval
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="expire-passwords-without-warning">
+ <adm:synopsis>
+ Indicates whether the directory server allows a user's
+ password to expire even if that user has never seen an expiration
+ warning notification.
+ </adm:synopsis>
+ <adm:description>
+ If this property is true, accounts always expire when the
+ expiration time arrives. If this property is false or disabled, the user
+ always receives at least one warning notification, and the
+ password expiration is set to the warning time plus the
+ warning interval.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-expire-passwords-without-warning</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allow-expired-password-changes">
+ <adm:synopsis>
+ Indicates whether a user whose password is expired is still
+ allowed to change that password using the password modify extended
+ operation.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allow-expired-password-changes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="grace-login-count">
+ <adm:synopsis>
+ Specifies the number of grace logins that a user is allowed
+ after the account has expired to allow that user to choose a new
+ password.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 indicates that no grace logins are allowed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-grace-login-count</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="lockout-failure-count">
+ <adm:synopsis>
+ Specifies the maximum number of authentication failures that a
+ user is allowed before the account is locked out.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 indicates that accounts are never locked out
+ due to failed attempts.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lockout-failure-count</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="lockout-duration">
+ <adm:synopsis>
+ Specifies the length of time that an account is locked
+ after too many authentication failures.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds indicates that the account must remain locked until an
+ administrator resets the password.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lockout-duration</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="lockout-failure-expiration-interval">
+ <adm:synopsis>
+ Specifies the length of time before an
+ authentication failure is no longer counted against a user for the
+ purposes of account lockout.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds indicates that the authentication failures must never
+ expire. The failure count is always cleared upon a successful
+ authentication.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647" base-unit="s"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-lockout-failure-expiration-interval
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="require-change-by-time">
+ <adm:synopsis>
+ Specifies the time by which all users with the associated password
+ policy must change their passwords.
+ </adm:synopsis>
+ <adm:description>
+ The value is expressed in a generalized time format. If
+ this time is equal to the current time or is in the past, then all
+ users are required to change their passwords immediately. The
+ behavior of the server in this mode is identical to the
+ behavior observed when users are forced to change their passwords
+ after an administrative reset.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ A valid timestamp in generalized time form (for example,
+ a value of "20070409185811Z" indicates a value of April 9,
+ 2007 at 6:58:11 pm GMT).
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-require-change-by-time</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="last-login-time-attribute">
+ <adm:synopsis>
+ Specifies the name or OID of the attribute type that is
+ used to hold the last login time for users with the associated
+ password policy.
+ </adm:synopsis>
+ <adm:description>
+ This attribute type must be defined in the directory server schema
+ and must either be defined as an operational attribute or must be
+ allowed by the set of objectClasses for all users with the
+ associated password policy.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-last-login-time-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="last-login-time-format">
+ <adm:synopsis>
+ Specifies the format string that is used to generate the
+ last login time value for users with the associated password
+ policy.
+ </adm:synopsis>
+ <adm:description>
+ This format string conforms to the syntax described in the
+ API documentation for the java.text.SimpleDateFormat class.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-last-login-time-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="previous-last-login-time-format"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the format string(s) that might have been used with the
+ last login time at any point in the past for users associated with
+ the password policy.
+ </adm:synopsis>
+ <adm:description>
+ These values are used to make it possible to parse previous
+ values, but are not used to set new values. The format
+ strings conform to the syntax described in the API
+ documentation for the java.text.SimpleDateFormat class.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid format string that can be used with the
+ java.text.SimpleDateFormat class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-previous-last-login-time-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="idle-lockout-interval">
+ <adm:synopsis>
+ Specifies the maximum length of time that an account may remain
+ idle (that is, the associated user does not authenticate to the
+ server) before that user is locked out.
+ </adm:synopsis>
+ <adm:description>
+ The value of this attribute is an integer followed by a
+ unit of seconds, minutes, hours, days, or weeks. A value of 0
+ seconds indicates that idle accounts are not automatically
+ locked out. This feature is available only if the last login
+ time is maintained.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration lower-limit="0" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-idle-lockout-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="state-update-failure-policy" advanced="true">
+ <adm:synopsis>
+ Specifies how the server deals with the inability to update
+ password policy state information during an authentication
+ attempt.
+ </adm:synopsis>
+ <adm:description>
+ In particular, this property can be used to control whether an otherwise
+ successful bind operation fails if a failure occurs while
+ attempting to update password policy state information (for example, to
+ clear a record of previous authentication failures or to update
+ the last login time). It can also be used to control whether to
+ reject a bind request if it is known ahead of time that it will not be
+ possible to update the authentication failure times in the event of an
+ unsuccessful bind attempt (for example, if the backend writability mode
+ is disabled).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>reactive</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="ignore">
+ <adm:synopsis>
+ If a bind attempt would otherwise be successful, then do not
+ reject it if a problem occurs while attempting to update the
+ password policy state information for the user.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reactive">
+ <adm:synopsis>
+ Even if a bind attempt would otherwise be successful, reject
+ it if a problem occurs while attempting to update the
+ password policy state information for the user.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="proactive">
+ <adm:synopsis>
+ Proactively reject any bind attempt if it is known ahead of
+ time that it would not be possible to update the user's
+ password policy state information.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-state-update-failure-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-history-count">
+ <adm:synopsis>
+ Specifies the maximum number of former passwords to maintain in
+ the password history.
+ </adm:synopsis>
+ <adm:description>
+ When choosing a new password, the proposed password is
+ checked to ensure that it does not match the current password, nor
+ any other password in the history list. A value of zero indicates
+ that either no password history is to be maintained (if the
+ password history duration has a value of zero seconds), or that
+ there is no maximum number of passwords to maintain in the history
+ (if the password history duration has a value greater than zero
+ seconds).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-history-count</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-history-duration">
+ <adm:synopsis>
+ Specifies the maximum length of time that passwords remain
+ in the password history.
+ </adm:synopsis>
+ <adm:description>
+ When choosing a new password, the proposed password is
+ checked to ensure that it does not match the current password, nor
+ any other password in the history list. A value of zero seconds
+ indicates that either no password history is to be maintained (if
+ the password history count has a value of zero), or that there is
+ no maximum duration for passwords in the history (if the password
+ history count has a value greater than zero).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="0"
+ upper-limit="2147483647" allow-unlimited="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-history-duration</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyImportPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyImportPluginConfiguration.xml
new file mode 100644
index 0000000..17b8925
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyImportPluginConfiguration.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="password-policy-import-plugin"
+ plural-name="password-policy-import-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ ensures that clear-text passwords contained in LDIF
+ entries are properly encoded before they are stored in the
+ appropriate directory server backend.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-password-policy-import-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.PasswordPolicyImportPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>ldifimport</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="invoke-for-internal-operations">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="default-user-password-storage-scheme"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the password storage schemes to be
+ used for encoding passwords contained in attributes with the user
+ password syntax for entries that do not include the
+ ds-pwp-password-policy-dn attribute specifying which password
+ policy is to be used to govern them.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If the default password policy uses the attribute with the
+ user password syntax, then the server uses the default
+ password storage schemes for that password policy. Otherwise,
+ it encodes user password values using the "SSHA" scheme.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-storage-scheme"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password storage schemes must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-default-user-password-storage-scheme
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="default-auth-password-storage-scheme"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of password storage schemes that to be used
+ for encoding passwords contained in attributes with the auth
+ password syntax for entries that do not include the
+ ds-pwp-password-policy-dn attribute specifying which password
+ policy should be used to govern them.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If the default password policy uses an attribute with the auth
+ password syntax, then the server uses the default password
+ storage schemes for that password policy. Otherwise, it
+ encodes auth password values using the "SHA1" scheme.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:aggregation relation-name="password-storage-scheme"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced password storage schemes must be enabled when
+ the Password Policy Import plug-in is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-default-auth-password-storage-scheme
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyStateExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyStateExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..0f50992
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicyStateExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object
+ name="password-policy-state-extended-operation-handler"
+ plural-name="password-policy-state-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides the ability for administrators to request and optionally
+ alter password policy state information for a specified user.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-password-policy-state-extended-operation-handler
+ </ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PasswordPolicyStateExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicySubentryVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicySubentryVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..ab9ac2f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordPolicySubentryVirtualAttributeConfiguration.xml
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="password-policy-subentry-virtual-attribute"
+ plural-name="password-policy-subentry-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that points to the Password Policy
+ subentry in effect for the entry.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-password-policy-subentry-virtual-attribute
+ </ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>pwdPolicySubentry</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..cbc1d3a
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,89 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="password-storage-scheme"
+ plural-name="password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ encode new passwords provided by users so that they are stored in an
+ encoded manner. This makes it difficult or impossible for someone to
+ determine the clear-text passwords from the encoded values.
+ </adm:synopsis>
+ <adm:description>
+ <adm:user-friendly-plural-name />
+ also determine whether a clear-text password provided by a client
+ matches the encoded value stored in the server.
+ </adm:description>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-password-storage-scheme</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.PasswordStorageScheme
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..c4624ba
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PasswordValidatorConfiguration.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="password-validator"
+ plural-name="password-validators"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for determining whether a proposed password is
+ acceptable for use and could include checks like ensuring it
+ meets minimum length requirements, that it has an appropriate
+ range of characters, or that it is not in the history.
+ </adm:synopsis>
+ <adm:description>
+ The password policy for a user specifies the set of password
+ validators that should be used whenever that user provides a
+ new password. In order to activate a password validator, the
+ corresponding configuration entry must be enabled, and the DN
+ of that entry should be included in the password-validator
+ attribute of the password policy in which you want that
+ validator active. All password validator configuration entries
+ must contain the password-validator structural objectclass.
+ </adm:description>
+ <adm:tag name="user-management" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-password-validator</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ password validator is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ password validator implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.PasswordValidator
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PlainSASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PlainSASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..96b983b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PlainSASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,95 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="plain-sasl-mechanism-handler"
+ plural-name="plain-sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin" extends="sasl-mechanism-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ performs all processing related to SASL PLAIN
+ authentication.
+ </adm:synopsis>
+ <adm:description>
+ The PLAIN SASL mechanism provides the ability for clients to
+ authenticate using a username and password. This authentication
+ is very similar to standard LDAP simple authentication, with the
+ exception that it can authenticate based on an authentication ID
+ (for example, a username) rather than requiring a full DN, and
+ it can also include an authorization ID in addition to the
+ authentication ID. Note that the SASL PLAIN mechanism does not
+ make any attempt to protect the password.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-plain-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>ds-cfg-sasl-mechanism-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.PlainSASLMechanismHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="identity-mapper" mandatory="true">
+ <adm:synopsis>
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication or
+ authorization ID included in the SASL bind request to the
+ corresponding user in the directory.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="identity-mapper"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced identity mapper must be enabled when the
+ <adm:user-friendly-name />
+ is enabled.
+ </adm:synopsis>
+ <adm:target-needs-enabling-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-needs-enabling-condition>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-identity-mapper</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginConfiguration.xml
new file mode 100644
index 0000000..287a7b6
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginConfiguration.xml
@@ -0,0 +1,411 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="plugin" plural-name="plugins"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ provide a mechanism for executing custom code at specified points in
+ operation processing and in the course of other events like
+ connection establishment and termination, server startup and
+ shutdown, and LDIF import and export.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-plugin</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ plug-in is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ plug-in implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.plugin.DirectoryServerPlugin
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-type" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="startup">
+ <adm:synopsis>
+ Invoked during the directory server startup process.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="shutdown">
+ <adm:synopsis>
+ Invoked during a graceful directory server shutdown.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postconnect">
+ <adm:synopsis>
+ Invoked whenever a new connection is established to the
+ server.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postdisconnect">
+ <adm:synopsis>
+ Invoked whenever an existing connection is terminated (by
+ either the client or the server).
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldifimport">
+ <adm:synopsis>
+ Invoked for each entry read during an LDIF import.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldifimportend">
+ <adm:synopsis>
+ Invoked at the end of an LDIF import session.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldifimportbegin">
+ <adm:synopsis>
+ Invoked at the beginning of an LDIF import session.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldifexport">
+ <adm:synopsis>
+ Invoked for each operation to be written during an LDIF
+ export.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparseabandon">
+ <adm:synopsis>
+ Invoked prior to parsing an abandon request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparseadd">
+ <adm:synopsis>
+ Invoked prior to parsing an add request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsebind">
+ <adm:synopsis>
+ Invoked prior to parsing a bind request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsecompare">
+ <adm:synopsis>
+ Invoked prior to parsing a compare request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsedelete">
+ <adm:synopsis>
+ Invoked prior to parsing a delete request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparseextended">
+ <adm:synopsis>
+ Invoked prior to parsing an extended request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsemodify">
+ <adm:synopsis>
+ Invoked prior to parsing a modify request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsemodifydn">
+ <adm:synopsis>
+ Invoked prior to parsing a modify DN request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparsesearch">
+ <adm:synopsis>
+ Invoked prior to parsing a search request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preparseunbind">
+ <adm:synopsis>
+ Invoked prior to parsing an unbind request.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationadd">
+ <adm:synopsis>
+ Invoked prior to performing the core add processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationbind">
+ <adm:synopsis>
+ Invoked prior to performing the core bind processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationcompare">
+ <adm:synopsis>
+ Invoked prior to performing the core compare processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationdelete">
+ <adm:synopsis>
+ Invoked prior to performing the core delete processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationextended">
+ <adm:synopsis>
+ Invoked prior to performing the core extended processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationmodify">
+ <adm:synopsis>
+ Invoked prior to performing the core modify processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationmodifydn">
+ <adm:synopsis>
+ Invoked prior to performing the core modify DN processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="preoperationsearch">
+ <adm:synopsis>
+ Invoked prior to performing the core search processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationabandon">
+ <adm:synopsis>
+ Invoked after completing the abandon processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationadd">
+ <adm:synopsis>
+ Invoked after completing the core add processing but before
+ sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationbind">
+ <adm:synopsis>
+ Invoked after completing the core bind processing but before
+ sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationcompare">
+ <adm:synopsis>
+ Invoked after completing the core compare processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationdelete">
+ <adm:synopsis>
+ Invoked after completing the core delete processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationextended">
+ <adm:synopsis>
+ Invoked after completing the core extended processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationmodify">
+ <adm:synopsis>
+ Invoked after completing the core modify processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationmodifydn">
+ <adm:synopsis>
+ Invoked after completing the core modify DN processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationsearch">
+ <adm:synopsis>
+ Invoked after completing the core search processing but
+ before sending the response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postoperationunbind">
+ <adm:synopsis>
+ Invoked after completing the unbind processing.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponseadd">
+ <adm:synopsis>
+ Invoked after sending the add response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsebind">
+ <adm:synopsis>
+ Invoked after sending the bind response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsecompare">
+ <adm:synopsis>
+ Invoked after sending the compare response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsedelete">
+ <adm:synopsis>
+ Invoked after sending the delete response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponseextended">
+ <adm:synopsis>
+ Invoked after sending the extended response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsemodify">
+ <adm:synopsis>
+ Invoked after sending the modify response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsemodifydn">
+ <adm:synopsis>
+ Invoked after sending the modify DN response to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postresponsesearch">
+ <adm:synopsis>
+ Invoked after sending the search result done message to the
+ client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postsynchronizationadd">
+ <adm:synopsis>
+ Invoked after completing post-synchronization processing for
+ an add operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postsynchronizationdelete">
+ <adm:synopsis>
+ Invoked after completing post-synchronization processing for
+ a delete operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postsynchronizationmodify">
+ <adm:synopsis>
+ Invoked after completing post-synchronization processing for
+ a modify operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="postsynchronizationmodifydn">
+ <adm:synopsis>
+ Invoked after completing post-synchronization processing for
+ a modify DN operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="searchresultentry">
+ <adm:synopsis>
+ Invoked before sending a search result entry to the client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="searchresultreference">
+ <adm:synopsis>
+ Invoked before sending a search result reference to the
+ client.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subordinatemodifydn">
+ <adm:synopsis>
+ Invoked in the course of moving or renaming an entry
+ subordinate to the target of a modify DN operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subordinatedelete">
+ <adm:synopsis>
+ Invoked in the course of deleting a subordinate
+ entry of a delete operation.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="intermediateresponse">
+ <adm:synopsis>
+ Invoked before sending an intermediate repsonse message to
+ the client.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="invoke-for-internal-operations" advanced="true">
+ <adm:synopsis>
+ Indicates whether the plug-in should be invoked for internal
+ operations.
+ </adm:synopsis>
+ <adm:description>
+ Any plug-in that can be invoked for internal operations
+ must ensure that it does not create any new
+ internal operatons that can cause the same plug-in to be
+ re-invoked.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-invoke-for-internal-operations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginRootConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginRootConfiguration.xml
new file mode 100644
index 0000000..e322a97
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/PluginRootConfiguration.xml
@@ -0,0 +1,1670 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="plugin-root" plural-name="plugin-roots"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ defines the parent entry for all plug-ins defined in the server.
+ </adm:synopsis>
+ <adm:description>
+ It can also include configuration attributes that define the order
+ in which those plug-ins are to be loaded and invoked.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-plugin-root</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="plugin">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence />
+ <ldap:naming-attribute>cn</ldap:naming-attribute>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:property name="plugin-order-startup">
+ <adm:synopsis>
+ Specifies the order in which startup plug-ins are to be loaded and
+ invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which startup plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-startup</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-shutdown">
+ <adm:synopsis>
+ Specifies the order in which shutdown plug-ins are to be loaded and
+ invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which shutdown plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-shutdown</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-connect">
+ <adm:synopsis>
+ Specifies the order in which post-connect plug-ins are to be loaded
+ and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-connect plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-connect</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-disconnect">
+ <adm:synopsis>
+ Specifies the order in which post-disconnect plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-disconnect plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-disconnect</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-ldif-import">
+ <adm:synopsis>
+ Specifies the order in which LDIF import plug-ins are to be loaded
+ and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which LDIF import plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-ldif-import</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-ldif-import-end">
+ <adm:synopsis>
+ Specifies the order in which LDIF import end plug-ins are to be loaded
+ and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which LDIF import end plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-ldif-import-end</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-ldif-import-begin">
+ <adm:synopsis>
+ Specifies the order in which LDIF import begin plug-ins are to be loaded
+ and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which LDIF import begin plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-ldif-import-begin</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-ldif-export">
+ <adm:synopsis>
+ Specifies the order in which LDIF export plug-ins are to be loaded
+ and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of plug-in
+ names (where the plug-in name is the RDN value from the plug-in
+ configuration entry DN). The list can include at most one asterisk
+ to indicate the position of any unspecified plug-in (and the
+ relative order of those unspecified plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which LDIF export plug-ins are loaded and invoked
+ is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-ldif-export</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-abandon">
+ <adm:synopsis>
+ Specifies the order in which pre-parse abandon plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse abandon plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-abandon</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-add">
+ <adm:synopsis>
+ Specifies the order in which pre-parse add plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse add plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-add</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-bind">
+ <adm:synopsis>
+ Specifies the order in which pre-parse bind plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse bind plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-bind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-compare">
+ <adm:synopsis>
+ Specifies the order in which pre-parse compare plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse compare plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-compare</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-delete">
+ <adm:synopsis>
+ Specifies the order in which pre-parse delete plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse delete plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-delete</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-extended">
+ <adm:synopsis>
+ Specifies the order in which pre-parse extended operation plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse extended operation plug-ins are
+ loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-extended</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-modify">
+ <adm:synopsis>
+ Specifies the order in which pre-parse modify plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse modify plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-modify</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which pre-parse modify DN plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse modify DN plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-modify-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-search">
+ <adm:synopsis>
+ Specifies the order in which pre-parse search plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse search plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-search</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-parse-unbind">
+ <adm:synopsis>
+ Specifies the order in which pre-parse unbind plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-parse unbind plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-parse-unbind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-add">
+ <adm:synopsis>
+ Specifies the order in which pre-operation add plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation add plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-add</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-bind">
+ <adm:synopsis>
+ Specifies the order in which pre-operation bind plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation bind plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-bind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-compare">
+ <adm:synopsis>
+ Specifies the order in which pre-operation compare plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation compare plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-compare</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-delete">
+ <adm:synopsis>
+ Specifies the order in which pre-operation delete plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation delete plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-delete</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-extended">
+ <adm:synopsis>
+ Specifies the order in which pre-operation extended operation
+ plug-ins are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation extended operation plug-ins
+ are loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-pre-operation-extended
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-modify">
+ <adm:synopsis>
+ Specifies the order in which pre-operation modify plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation modify plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-modify</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which pre-operation modify DN plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation modify DN plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-pre-operation-modify-dn
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-pre-operation-search">
+ <adm:synopsis>
+ Specifies the order in which pre-operation search plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which pre-operation searc plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-pre-operation-search</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-abandon">
+ <adm:synopsis>
+ Specifies the order in which post-operation abandon plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation abandon plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-operation-abandon
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-add">
+ <adm:synopsis>
+ Specifies the order in which post-operation add plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation add plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-add</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-bind">
+ <adm:synopsis>
+ Specifies the order in which post-operation bind plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation bind plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-bind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-compare">
+ <adm:synopsis>
+ Specifies the order in which post-operation compare plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation compare plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-operation-compare
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-delete">
+ <adm:synopsis>
+ Specifies the order in which post-operation delete plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation delete plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-delete</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-extended">
+ <adm:synopsis>
+ Specifies the order in which post-operation extended operation
+ plug-ins are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation extended operation plug-ins
+ are loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-operation-extended
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-modify">
+ <adm:synopsis>
+ Specifies the order in which post-operation modify plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation modify plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-modify</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which post-operation modify DN plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation modify DN plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-operation-modify-dn
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-search">
+ <adm:synopsis>
+ Specifies the order in which post-operation search plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation search plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-search</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-operation-unbind">
+ <adm:synopsis>
+ Specifies the order in which post-operation unbind plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-operation unbind plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-operation-unbind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-add">
+ <adm:synopsis>
+ Specifies the order in which post-response add plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response add plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-add</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-bind">
+ <adm:synopsis>
+ Specifies the order in which post-response bind plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response bind plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-bind</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-compare">
+ <adm:synopsis>
+ Specifies the order in which post-response compare plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response compare plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-compare</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-delete">
+ <adm:synopsis>
+ Specifies the order in which post-response delete plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response delete plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-delete</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-extended">
+ <adm:synopsis>
+ Specifies the order in which post-response extended operation
+ plug-ins are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response extended operation plug-ins
+ are loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-response-extended
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-modify">
+ <adm:synopsis>
+ Specifies the order in which post-response modify plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response modify plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-modify</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which post-response modify DN plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response modify DN plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-response-modify-dn
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-synchronization-add">
+ <adm:synopsis>
+ Specifies the order in which post-synchronization add plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-synchronization add plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-synchronization-add
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-synchronization-delete">
+ <adm:synopsis>
+ Specifies the order in which post-synchronization delete plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-synchronization delete plug-ins are
+ loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-synchronization-delete
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-synchronization-modify">
+ <adm:synopsis>
+ Specifies the order in which post-synchronization modify plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-synchronization modify plug-ins are
+ loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-synchronization-modify
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-synchronization-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which post-synchronization modify DN
+ plug-ins are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-synchronization modify DN plug-ins are
+ loaded and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-post-synchronization-modify-dn
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-post-response-search">
+ <adm:synopsis>
+ Specifies the order in which post-response search plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which post-response search plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-post-response-search</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-search-result-entry">
+ <adm:synopsis>
+ Specifies the order in which search result entry plug-ins are to be
+ loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of
+ plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which search result entry plug-ins are loaded and
+ invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-search-result-entry</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-search-result-reference">
+ <adm:synopsis>
+ Specifies the order in which search result reference plug-ins
+ are to be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a
+ comma-delimited list of plug-in names (where the plug-in name is the
+ RDN value from the plug-in configuration entry DN). The list can
+ include at most one asterisk to indicate the position of any
+ unspecified plug-in (and the relative order of those unspecified
+ plug-ins is undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which search result reference plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-plugin-order-search-result-reference
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-subordinate-modify-dn">
+ <adm:synopsis>
+ Specifies the order in which subordinate modify DN plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which subordinate modify DN plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-subordinate-modify-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-subordinate-delete">
+ <adm:synopsis>
+ Specifies the order in which subordinate delete plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which subordinate delete plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-subordinate-delete</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="plugin-order-intermediate-response">
+ <adm:synopsis>
+ Specifies the order in which intermediate response plug-ins are to
+ be loaded and invoked.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list
+ of plug-in names (where the plug-in name is the RDN value from the
+ plug-in configuration entry DN). The list can include at most one
+ asterisk to indicate the position of any unspecified plug-in (and
+ the relative order of those unspecified plug-ins is
+ undefined).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The order in which intermediate response plug-ins are loaded
+ and invoked is undefined.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-plugin-order-intermediate-response</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ProfilerPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ProfilerPluginConfiguration.xml
new file mode 100644
index 0000000..5e43582
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ProfilerPluginConfiguration.xml
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="profiler-plugin"
+ plural-name="profiler-plugins" package="org.forgerock.opendj.admin"
+ extends="plugin" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The Profiler plug-in
+ captures profiling information about operations performed
+ inside the JVM while the <adm:product-name /> directory server is running.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-profiler-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.profiler.ProfilerPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>startup</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="invoke-for-internal-operations">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="profile-sample-interval" mandatory="true">
+ <adm:synopsis>
+ Specifies the sample interval in milliseconds to be used when
+ capturing profiling information in the server.
+ </adm:synopsis>
+ <adm:description>
+ When capturing
+ data, the profiler thread sleeps for this length of time
+ between calls to obtain traces for all threads running in the
+ JVM.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this configuration attribute take effect the
+ next time the profiler is started.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:duration lower-limit="1" upper-limit="2147483647" base-unit="ms" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-profile-sample-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="profile-directory" mandatory="true">
+ <adm:synopsis>
+ Specifies the path to the directory where profile information
+ is to be written. This path may be either an absolute path or a path
+ that is relative to the root of the <adm:product-name /> directory server
+ instance.
+ </adm:synopsis>
+ <adm:description>
+ The directory must exist and the directory server must have
+ permission to create new files in it.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>DIR</adm:usage>
+ <adm:synopsis>
+ The path to any directory that exists on the filesystem
+ and that can be read and written by the server user.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-profile-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="enable-profiling-on-startup" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the profiler plug-in is to start collecting data
+ automatically when the directory server is started.
+ </adm:synopsis>
+ <adm:description>
+ This property is read only when the server is
+ started, and any changes take effect on the next restart.
+ This property is typically set to "false" unless startup
+ profiling is required, because otherwise the volume of data that
+ can be collected can cause the server to run out of memory if it
+ is not turned off in a timely manner.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enable-profiling-on-startup</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="profile-action">
+ <adm:synopsis>
+ Specifies the action that should be taken by the profiler.
+ </adm:synopsis>
+ <adm:description>
+ A value of "start" causes the profiler thread to start
+ collecting data if it is not already active. A value of "stop"
+ causes the profiler thread to stop collecting data and write
+ it to disk, and a value of "cancel" causes the profiler thread
+ to stop collecting data and discard anything that has been
+ captured. These operations occur immediately.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>none</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="none">
+ <adm:synopsis>Do not take any action.</adm:synopsis>
+ </adm:value>
+ <adm:value name="start">
+ <adm:synopsis>Start collecting profile data.</adm:synopsis>
+ </adm:value>
+ <adm:value name="stop">
+ <adm:synopsis>
+ Stop collecting profile data and write what has been
+ captured to a file in the profile directory.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="cancel">
+ <adm:synopsis>
+ Stop collecting profile data and discard what has been
+ captured.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-profile-action</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/QOSPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/QOSPolicyConfiguration.xml
new file mode 100644
index 0000000..7e1358e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/QOSPolicyConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ !
+-->
+<adm:managed-object name="qos-policy"
+ plural-name="qos-policies"
+ abstract="true"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name/>
+ determine the quality of service (QoS) clients receive when
+ interacting with the server.
+ </adm:synopsis>
+ <adm:tag name="core-server"/>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-qos-policy</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.QOSPolicyFactory
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RC4PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RC4PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..5d61348
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RC4PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="rc4-password-storage-scheme"
+ plural-name="rc4-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the RC4
+ reversible encryption mechanism.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "RC4".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-rc4-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.RC4PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RandomPasswordGeneratorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RandomPasswordGeneratorConfiguration.xml
new file mode 100644
index 0000000..4e66c86
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RandomPasswordGeneratorConfiguration.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="random-password-generator"
+ plural-name="random-password-generators"
+ package="org.forgerock.opendj.admin" extends="password-generator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ creates random passwords based on fixed-length strings
+ built from one or more character sets.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-random-password-generator</ldap:name>
+ <ldap:superior>ds-cfg-password-generator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.RandomPasswordGenerator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="password-character-set" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies one or more named character sets.
+ </adm:synopsis>
+ <adm:description>
+ This is a multi-valued property, with each value defining a different
+ character set. The format of the character set is the name of the set
+ followed by a colon and the characters that are in that set.
+ For example, the value "alpha:abcdefghijklmnopqrstuvwxyz" defines a
+ character set named "alpha" containing all of the lower-case ASCII
+ alphabetic characters.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FORMAT</adm:usage>
+ <adm:synopsis>
+ A character set name (consisting of ASCII letters) followed by
+ a colon and the set of characters that are included in that
+ character set.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-character-set</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="password-format" mandatory="true">
+ <adm:synopsis>
+ Specifies the format to use for the generated password.
+ </adm:synopsis>
+ <adm:description>
+ The value is a comma-delimited list of elements in which each of those
+ elements is comprised of the name of a character set defined in
+ the password-character-set property, a colon, and the number of
+ characters to include from that set. For example, a value of
+ "alpha:3,numeric:2,alpha:3" generates an 8-character password
+ in which the first three characters are from the "alpha" set, the
+ next two are from the "numeric" set, and the final three are from
+ the "alpha" set.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FORMAT</adm:usage>
+ <adm:synopsis>
+ A comma-delimited list whose elements comprise a valid character
+ set name, a colon, and a positive integer indicating the number
+ of characters from that set to be included.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-password-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReferentialIntegrityPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReferentialIntegrityPluginConfiguration.xml
new file mode 100644
index 0000000..d2c48b5
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReferentialIntegrityPluginConfiguration.xml
@@ -0,0 +1,264 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions copyright 2011 profiq s.r.o.
+ ! -->
+<adm:managed-object name="referential-integrity-plugin"
+ plural-name="referential-integrity-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maintains referential integrity for DN valued attributes.
+ </adm:synopsis>
+ <adm:description>
+ The values of these attributes can reference entries that have been
+ deleted by a delete operation or renamed by a modify DN operation.
+ The referential integrity plug-in either removes stale references to
+ deleted entries or updates references to renamed entries. The
+ plug-in allows the scope of this referential
+ check to be limited to a set of base DNs if desired. The plug-in
+ also can be
+ configured to perform the referential checking in the background
+ mode specified intervals.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-referential-integrity-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.ReferentialIntegrityPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>postoperationdelete</adm:value>
+ <adm:value>postoperationmodifydn</adm:value>
+ <adm:value>subordinatemodifydn</adm:value>
+ <adm:value>subordinatedelete</adm:value>
+ <adm:value>preoperationadd</adm:value>
+ <adm:value>preoperationmodify</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="attribute-type" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the attribute types for which referential integrity
+ is to be maintained.
+ </adm:synopsis>
+ <adm:description>
+ At least one attribute type must be specified, and the syntax
+ of any attributes must be either a distinguished name
+ (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID
+ (1.3.6.1.4.1.1466.115.121.1.34).
+ </adm:description>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-attribute-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DN that limits the scope within which
+ referential integrity is maintained.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Referential integrity is maintained in all public naming
+ contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-file">
+ <adm:synopsis>
+ Specifies the log file location where the update records are
+ written when the plug-in is in background-mode processing.
+ </adm:synopsis>
+ <adm:description>
+ The default location is the logs directory of the server
+ instance, using the file name "referint".
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>logs/referint</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="update-interval">
+ <adm:synopsis>
+ Specifies the interval in seconds when referential integrity
+ updates are made.
+ </adm:synopsis>
+ <adm:description>
+ If this value is 0, then the updates are made synchronously in the
+ foreground.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" allow-unlimited="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-update-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="check-references">
+ <adm:synopsis>
+ Specifies whether or not reference attributes must refer to existing
+ entries.
+ </adm:synopsis>
+ <adm:description>
+ When this property is set to true, this plugin will ensure that any new
+ references added as part of an add or modify operation point to existing
+ entries, and that the referenced entries match the filter criteria for the
+ referencing attribute, if specified.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-references</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="check-references-filter-criteria"
+ multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ Specifies additional filter criteria which will be enforced when checking
+ references.
+ </adm:synopsis>
+ <adm:description>
+ If a reference attribute has filter criteria defined then this plugin
+ will ensure that any new references added as part of an add or modify
+ operation refer to an existing entry which matches the specified filter.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^[^:]+:\\(.+\\)$</adm:regex>
+ <adm:usage>ATTRIBUTE:FILTER</adm:usage>
+ <adm:synopsis>An attribute-filter mapping.</adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-references-filter-criteria</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="check-references-scope-criteria">
+ <adm:synopsis>
+ Specifies whether or not referenced entries must reside within the same
+ naming context as the entry containing the reference.
+ </adm:synopsis>
+ <adm:description>
+ The reference scope will only be enforced when reference checking is
+ enabled.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>global</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="global">
+ <adm:synopsis>
+ References may refer to existing entries located anywhere in the
+ Directory.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="naming-context">
+ <adm:synopsis>
+ References must refer to existing entries located within the same
+ naming context.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-check-references-scope-criteria</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RegularExpressionIdentityMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RegularExpressionIdentityMapperConfiguration.xml
new file mode 100644
index 0000000..1246987
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RegularExpressionIdentityMapperConfiguration.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="regular-expression-identity-mapper"
+ plural-name="regular-expression-identity-mappers"
+ package="org.forgerock.opendj.admin" extends="identity-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a way to use a regular expression to translate the
+ provided identifier when searching for the appropriate user entry.
+ </adm:synopsis>
+ <adm:description>
+ This may be used, for example, if the provided identifier is
+ expected to be an e-mail address or Kerberos principal, but only the
+ username portion (the part before the "@" symbol) should be used in
+ the mapping process. Note that a replacement will be made only if
+ all or part of the provided ID string matches the given match
+ pattern. If no part of the ID string matches the provided
+ pattern, the given ID string is used without any alteration.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-regular-expression-identity-mapper</ldap:name>
+ <ldap:superior>ds-cfg-identity-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.RegularExpressionIdentityMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="match-attribute" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the name or OID of the attribute whose value should
+ match the provided identifier string after it has been processed
+ by the associated regular expression.
+ </adm:synopsis>
+ <adm:description>
+ All values must refer to the name or OID of an attribute type
+ defined in the directory server schema. If multiple attributes
+ or OIDs are provided, at least one of those attributes must contain
+ the provided ID string value in exactly one entry.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ uid
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="match-base-dn" mandatory="false" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DN(s) that should be used when performing
+ searches to map the provided ID string to a user entry. If multiple
+ values are given, searches are performed below all the specified base DNs.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server searches below all public naming contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="match-pattern" mandatory="true">
+ <adm:synopsis>
+ Specifies the regular expression pattern that is used to
+ identify portions of the ID string that will be replaced.
+ </adm:synopsis>
+ <adm:description>
+ Any portion of the ID string that matches this pattern is
+ replaced in accordance with the provided replace pattern (or is
+ removed if no replace pattern is specified). If multiple
+ substrings within the given ID string match this pattern, all
+ occurrences are replaced. If no part of the given ID string
+ matches this pattern, the ID string is not altered. Exactly one
+ match pattern value must be provided, and it must be a
+ valid regular expression as described in the API documentation for
+ the java.util.regex.Pattern class, including support for capturing
+ groups.
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>REGEXP</adm:usage>
+ <adm:synopsis>
+ Any valid regular expression pattern which is supported by the
+ javax.util.regex.Pattern class
+ (see http://download.oracle.com/docs/cd/E17409_01/javase/6/docs/api/java/util/regex/Pattern.html
+ for documentation about this class for Java SE 6).
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-match-pattern</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="replace-pattern">
+ <adm:synopsis>
+ Specifies the replacement pattern that should be used for
+ substrings in the ID string that match the provided regular
+ expression pattern.
+ </adm:synopsis>
+ <adm:description>
+ If no replacement pattern is provided, then any matching portions
+ of the ID string will be removed (i.e., replaced with an empty
+ string). The replacement pattern may include a string from a
+ capturing group by using a dollar sign ($) followed by an integer
+ value that indicates which capturing group should be used.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The replace pattern will be the empty string.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>REGEXP</adm:usage>
+ <adm:synopsis>
+ Any valid replacement string that is allowed by the
+ javax.util.regex.Matcher class.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replace-pattern</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RepeatedCharactersPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RepeatedCharactersPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..8386732
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RepeatedCharactersPasswordValidatorConfiguration.xml
@@ -0,0 +1,101 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="repeated-characters-password-validator"
+ plural-name="repeated-characters-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to determine whether a proposed password is acceptable based
+ on the number of times any character appears consecutively in a
+ password value.
+ </adm:synopsis>
+ <adm:description>
+ It ensures that user passwords do not contain strings
+ of the same character repeated several times, like "aaaaaa" or
+ "aaabbb".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-repeated-characters-password-validator
+ </ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.RepeatedCharactersPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="max-consecutive-length" mandatory="true">
+ <adm:synopsis>
+ Specifies the maximum number of times that any character can
+ appear consecutively in a password value.
+ </adm:synopsis>
+ <adm:description>
+ A value of zero indicates that no maximum limit is enforced.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-consecutive-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="case-sensitive-validation" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator should treat password
+ characters in a case-sensitive manner.
+ </adm:synopsis>
+ <adm:description>
+ If the value of this property is false, the validator ignores
+ any differences in capitalization
+ when looking for consecutive characters in the
+ password. If the value is true, the validator considers a
+ character to be repeating only if all consecutive occurrences
+ use the same capitalization.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-case-sensitive-validation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationDomainConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationDomainConfiguration.xml
new file mode 100644
index 0000000..965ade3
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationDomainConfiguration.xml
@@ -0,0 +1,549 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011-2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="replication-domain"
+ plural-name="replication-domains"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ A
+ <adm:user-friendly-name />
+ comprises of several Directory Servers sharing the same synchronized
+ set of data.
+ </adm:synopsis>
+ <adm:tag name="replication" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-replication-domain</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="external-changelog-domain">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=External ChangeLog
+ </ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:property name="replication-server" multi-valued="true"
+ mandatory="true">
+ <adm:synopsis>
+ Specifies the addresses of the Replication Servers within the
+ <adm:user-friendly-name />
+ to which the directory server should try to connect at startup
+ time.
+ </adm:synopsis>
+ <adm:description>
+ Addresses must be specified using the syntax: hostname:port
+ </adm:description>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^.+:[0-9]+$</adm:regex>
+ <adm:usage>HOST:PORT</adm:usage>
+ <adm:synopsis>
+ A host name followed by a ":" and a port number.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-server</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="server-id" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies a unique identifier for the directory server within the
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:description>
+ Each directory server within the same
+ <adm:user-friendly-name />
+ must have a different server ID. A directory server which is a
+ member of multiple
+ <adm:user-friendly-plural-name />
+ may use the same server ID for each of its
+ <adm:user-friendly-name />
+ configurations.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-server-id</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies the base DN of the replicated data.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="window-size" advanced="true">
+ <adm:synopsis>
+ Specifies the window size that the directory server will use when
+ communicating with Replication Servers.
+ </adm:synopsis>
+ <adm:description>
+ This option may be deprecated and removed in future releases.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-window-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="heartbeat-interval">
+ <adm:synopsis>
+ Specifies the heart-beat interval that the directory server will
+ use when communicating with Replication Servers.
+ </adm:synopsis>
+ <adm:description>
+ The directory server expects a regular heart-beat coming from
+ the Replication Server within the specified interval. If a
+ heartbeat is not received within the interval, the Directory
+ Server closes its connection and connects to another
+ Replication Server.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>10000ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="100" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-heartbeat-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="changetime-heartbeat-interval" advanced="true">
+ <adm:synopsis>
+ Specifies the heart-beat interval that the directory server will
+ use when sending its local change time to the Replication Server.
+ </adm:synopsis>
+ <adm:description>
+ The directory server sends a regular heart-beat to the Replication
+ within the specified interval. The heart-beat indicates the
+ change time of the directory server to the Replication Server.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1000ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-changetime-heartbeat-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="isolation-policy">
+ <adm:synopsis>
+ Specifies the behavior of the directory server if a write
+ operation is attempted on the data within the
+ <adm:user-friendly-name />
+ when none of the configured Replication Servers are available.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>reject-all-updates</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="accept-all-updates">
+ <adm:synopsis>
+ Indicates that updates should be accepted even though it is
+ not possible to send them to any Replication Server. Best
+ effort is made to re-send those updates to a
+ Replication Servers when one of them is available, however
+ those changes are at risk because they are only
+ available from the historical information. This mode can
+ also introduce high replication latency.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="reject-all-updates">
+ <adm:synopsis>
+ Indicates that all updates attempted on this
+ <adm:user-friendly-name />
+ are rejected when no Replication Server is available.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-isolation-policy</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="assured-type" mandatory="false">
+ <adm:synopsis>
+ Defines the assured replication mode of the replicated domain.
+ </adm:synopsis>
+ <adm:description>
+ The assured replication can be disabled or enabled. When enabled, two
+ modes are available: Safe Data or Safe Read modes.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>not-assured</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="not-assured">
+ <adm:synopsis>
+ Assured replication is not enabled. Updates sent for replication
+ (for being replayed on other LDAP servers in the topology) are sent
+ without waiting for any acknowledgment and the LDAP client call
+ returns immediately.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="safe-data">
+ <adm:synopsis>
+ Assured replication is enabled in Safe Data mode: updates sent for
+ replication are subject to acknowledgment from the replication
+ servers that have the same group ID as the local server (defined
+ with the group-id property). The number of acknowledgments to expect
+ is defined by the assured-sd-level property. After acknowledgments
+ are received, LDAP client call returns.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="safe-read">
+ <adm:synopsis>
+ Assured replication is enabled in Safe Read mode: updates sent for
+ replication are subject to acknowledgments from the LDAP servers in
+ the topology that have the same group ID as the local server
+ (defined with the group-id property). After acknowledgments are
+ received, LDAP client call returns.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-assured-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="assured-sd-level" mandatory="false">
+ <adm:synopsis>
+ The level of acknowledgment for Safe Data assured sub mode.
+ </adm:synopsis>
+ <adm:description>
+ When assured replication is configured in Safe Data mode, this value
+ defines the number of replication servers (with the same group ID of the
+ local server) that should acknowledge the sent update before the LDAP
+ client call can return.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="127"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-assured-sd-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="assured-timeout" mandatory="false">
+ <adm:synopsis>
+ The timeout value when waiting for assured replication acknowledgments.
+ </adm:synopsis>
+ <adm:description>
+ Defines the amount of milliseconds the server will wait for assured
+ acknowledgments (in either Safe Data or Safe Read assured replication
+ modes) before returning anyway the LDAP client call.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2000ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-assured-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="group-id" mandatory="false">
+ <adm:synopsis>
+ The group ID associated with this replicated domain.
+ </adm:synopsis>
+ <adm:description>
+ This value defines the group ID of the replicated domain. The replication
+ system will preferably connect and send updates to replicate to a
+ replication server with the same group ID as its own one (the local server
+ group ID).
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="127"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-group-id</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="referrals-url" multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ The URLs other LDAP servers should use to refer to the local server.
+ </adm:synopsis>
+ <adm:description>
+ URLs used by peer servers in the topology to refer to the local server
+ through LDAP referrals. If this attribute is not defined, every URLs
+ available to access this server will be used. If defined, only URLs
+ specified here will be used.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^[lL][dD][aA][pP][sS]?://.+$</adm:regex>
+ <adm:usage>LDAP URL</adm:usage>
+ <adm:synopsis>
+ A LDAP URL compliant with RFC 2255.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-referrals-url</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="fractional-include" multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ Allows to include some attributes to replicate to this server.
+ </adm:synopsis>
+ <adm:description>
+ If fractional-include configuration attribute is used, only attributes
+ specified in this attribute will be added/modified/deleted when an
+ operation performed from another directory server is being replayed in the
+ local server. Note that the usage of this configuration attribute is
+ mutually exclusive with the usage of the fractional-exclude attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <!-- This java regex is mostly derived from keystring BNF definition
+ that can be found in RFC 2252, section "4.1. Common Encoding Aspects".
+ This can be read as: (oid|\*):oid(,oid)*+
+ -->
+ <adm:regex>^((([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+)|\\*):(([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+)(,(([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+))*+$</adm:regex>
+ <adm:usage>OC:AT[,...,AT]</adm:usage>
+ <adm:synopsis>
+ The name of one or more attribute types in the named object class to
+ be included. The object class may be "*" indicating that the
+ attribute type(s) should be included regardless of the type of entry
+ they belong to.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-fractional-include</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="fractional-exclude" multi-valued="true" mandatory="false">
+ <adm:synopsis>
+ Allows to exclude some attributes to replicate to this server.
+ </adm:synopsis>
+ <adm:description>
+ If fractional-exclude configuration attribute is used, attributes
+ specified in this attribute will be ignored (not added/modified/deleted)
+ when an operation performed from another directory server is being
+ replayed in the local server. Note that the usage of this configuration
+ attribute is mutually exclusive with the usage of the fractional-include
+ attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined/>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <!-- This java regex is mostly derived from keystring BNF definition
+ that can be found in RFC 2252, section "4.1. Common Encoding Aspects".
+ This can be read as: (oid|\*):oid(,oid)*+
+ -->
+ <adm:regex>^((([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+)|\\*):(([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+)(,(([a-zA-Z]([a-zA-Z]|[0-9]|-|;)*+)|(0|([1-9]([0-9])*+))(\\.(0|([1-9]([0-9])*+)))*+))*+$</adm:regex>
+ <adm:usage>OC:AT[,...,AT]</adm:usage>
+ <adm:synopsis>
+ The name of one or more attribute types in the named object class to
+ be excluded. The object class may be "*" indicating that the
+ attribute type(s) should be excluded regardless of the type of entry
+ they belong to.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-fractional-exclude</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="solve-conflicts" advanced="true">
+ <adm:synopsis>
+ Indicates if this server solves conflict.
+ </adm:synopsis>
+ <adm:description>
+ This boolean indicates if this domain keeps the historical information
+ necessary to solve conflicts.
+ When set to false the server will not maintain historical information
+ and will therefore not be able to solve conflict. This should therefore
+ be done only if the replication is used in a single master type
+ of deployment.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-solve-conflicts</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="log-changenumber" advanced="false">
+ <adm:synopsis>
+ Indicates if this server logs the ChangeNumber in access log.
+ </adm:synopsis>
+ <adm:description>
+ This boolean indicates if the domain should log the ChangeNumber
+ of replicated operations in the access log.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-log-changenumber</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="initialization-window-size">
+ <adm:synopsis>
+ Specifies the window size that this directory server may use when
+ communicating with remote Directory Servers for initialization.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-initialization-window-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="conflicts-historical-purge-delay">
+ <adm:synopsis>
+ This delay indicates the time (in minutes) the domain keeps the historical
+ information necessary to solve conflicts.When a change stored in the
+ historical part of the user entry has a date (from its replication ChangeNumber)
+ older than this delay, it is candidate to be purged.
+ The purge is applied on 2 events: modify of the entry, dedicated purge task.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1440m</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="m" allow-unlimited="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-conflicts-historical-purge-delay</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationServerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationServerConfiguration.xml
new file mode 100644
index 0000000..44c63cf
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationServerConfiguration.xml
@@ -0,0 +1,331 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions copyright 2011-2013 ForgeRock AS
+ ! -->
+<adm:managed-object name="replication-server"
+ plural-name="replication-servers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ publish updates to Directory Servers within a
+ Replication Domain.
+ </adm:synopsis>
+ <adm:tag name="replication" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-replication-server</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="replication-server" multi-valued="true">
+ <adm:synopsis>
+ Specifies the addresses of other
+ <adm:user-friendly-plural-name />
+ to which this
+ <adm:user-friendly-name />
+ tries to connect at startup time.
+ </adm:synopsis>
+ <adm:description>
+ Addresses must be specified using the syntax: "hostname:port". If IPv6
+ addresses are used as the hostname, they must be specified using the
+ syntax "[IPv6Address]:port".
+ </adm:description>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>^.+:[0-9]+$</adm:regex>
+ <adm:usage>HOST:PORT</adm:usage>
+ <adm:synopsis>
+ A host name followed by a ":" and a port number.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-server</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="replication-server-id" mandatory="true"
+ read-only="true">
+ <adm:synopsis>
+ Specifies a unique identifier for the
+ <adm:user-friendly-name />.
+ </adm:synopsis>
+ <adm:description>
+ Each
+ <adm:user-friendly-name />
+ must have a different server ID.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-server-id</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="window-size" advanced="true">
+ <adm:synopsis>
+ Specifies the window size that the
+ <adm:user-friendly-name />
+ uses when communicating with other
+ <adm:user-friendly-plural-name />.
+ </adm:synopsis>
+ <adm:description>
+ This option may be deprecated and removed in future releases.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>100000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-window-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="queue-size" advanced="true">
+ <adm:synopsis>
+ Specifies the number of changes that are kept in memory for
+ each directory server in the Replication Domain.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>10000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-queue-size</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="replication-db-directory" mandatory="true"
+ read-only="true">
+ <adm:synopsis>
+ The path where the
+ <adm:user-friendly-name />
+ stores all persistent information.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>changelogDb</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string></adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-db-directory</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="replication-purge-delay">
+ <adm:synopsis>
+ The time (in seconds) after which the
+ <adm:user-friendly-name />
+ erases all persistent information.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>3 days</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" allow-unlimited="false" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-purge-delay</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="replication-port" mandatory="true">
+ <adm:synopsis>
+ The port on which this
+ <adm:user-friendly-name />
+ waits for connections from other
+ <adm:user-friendly-plural-name />
+ or Directory Servers.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-replication-port</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="group-id" mandatory="false">
+ <adm:synopsis>
+ The group id for the replication server.
+ </adm:synopsis>
+ <adm:description>
+ This value defines the group id of the replication server. The replication
+ system of a LDAP server uses the group id of the replicated domain and
+ tries to connect, if possible, to a replication with the same group id.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="127"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-group-id</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="assured-timeout" mandatory="false">
+ <adm:synopsis>
+ The timeout value when waiting for assured mode acknowledgments.
+ </adm:synopsis>
+ <adm:description>
+ Defines the number of milliseconds that the replication server will wait
+ for assured acknowledgments (in either Safe Data or Safe Read assured sub
+ modes) before forgetting them and answer to the entity that sent an update
+ and is waiting for acknowledgment.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1000ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-assured-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="degraded-status-threshold" mandatory="false">
+ <adm:synopsis>
+ The number of pending changes as threshold value for putting a directory
+ server in degraded status.
+ </adm:synopsis>
+ <adm:description>
+ This value represents a number of pending changes a replication server has
+ in queue for sending to a directory server. Once this value is crossed,
+ the matching directory server goes in degraded status. When number of
+ pending changes goes back under this value, the directory server is put
+ back in normal status. 0 means status analyzer is disabled and directory
+ servers are never put in degraded status.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-degraded-status-threshold</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="weight" mandatory="false">
+ <adm:synopsis>
+ The weight of the replication server.
+ </adm:synopsis>
+ <adm:description>
+ The weight affected to the replication server.
+ Each replication server of the topology has a weight. When combined
+ together, the weights of the replication servers of a same group can be
+ translated to a percentage that determines the quantity of directory
+ servers of the topology that should be connected to a replication server.
+ For instance imagine a topology with 3 replication servers (with the same
+ group id) with the following weights: RS1=1, RS2=1, RS3=2. This means that
+ RS1 should have 25% of the directory servers connected in the topology,
+ RS2 25%, and RS3 50%. This may be useful if the replication servers of the
+ topology have a different power and one wants to spread the load between
+ the replication servers according to their power.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-weight</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="monitoring-period" mandatory="false">
+ <adm:synopsis>
+ The period between sending of monitoring messages.
+ </adm:synopsis>
+ <adm:description>
+ Defines the duration that the replication server will wait
+ before sending new monitoring messages to its peers (replication servers
+ and directory servers). Larger values increase the length of time it
+ takes for a directory server to detect and switch to a more suitable
+ replication server, whereas smaller values increase the amount of
+ background network traffic.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>60s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-monitoring-period</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationSynchronizationProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationSynchronizationProviderConfiguration.xml
new file mode 100644
index 0000000..7b6bb44
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ReplicationSynchronizationProviderConfiguration.xml
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="replication-synchronization-provider"
+ plural-name="replication-synchronization-providers"
+ package="org.forgerock.opendj.admin"
+ extends="synchronization-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides multi-master replication of data across multiple
+ directory server instances.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-replication-synchronization-provider</ldap:name>
+ <ldap:superior>ds-cfg-synchronization-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="replication-domain">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=domains</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="server-id" />
+ <cli:default-property name="replication-server" />
+ <cli:default-property name="base-dn" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="replication-server">
+ <adm:one-to-zero-or-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=replication server</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="replication-server-id" />
+ <cli:default-property name="replication-port" />
+ <cli:default-property name="replication-server" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.replication.plugin.MultimasterReplication
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="num-update-replay-threads" mandatory="false" read-only="false" advanced="true">
+ <adm:synopsis>
+ Specifies the number of update replay threads.
+ </adm:synopsis>
+ <adm:description>
+ This value is the number of threads created for replaying every updates
+ received for all the replication domains.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ 10
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="65535"></adm:integer>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-num-update-replay-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="connection-timeout" advanced="true">
+ <adm:synopsis>
+ Specifies the timeout used when connecting to peers and when performing
+ SSL negotiation.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5 seconds</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-connection-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RequestFilteringQOSPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RequestFilteringQOSPolicyConfiguration.xml
new file mode 100644
index 0000000..002d2de
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RequestFilteringQOSPolicyConfiguration.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="request-filtering-qos-policy"
+ plural-name="request-filtering-qos-policies"
+ extends="qos-policy"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name/>
+ is used to define the type of requests allowed by the server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-request-filtering-qos-policy</ldap:name>
+ <ldap:superior>ds-cfg-qos-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.core.networkgroups.RequestFilteringPolicyFactory
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="allowed-operations" multi-valued="true">
+ <adm:synopsis>
+ Specifies which operations are allowed by the server.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All operations are allowed.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="add">
+ <adm:synopsis>Add operations.</adm:synopsis>
+ </adm:value>
+ <adm:value name="bind">
+ <adm:synopsis>Bind operations.</adm:synopsis>
+ </adm:value>
+ <adm:value name="compare">
+ <adm:synopsis>Compare operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="delete">
+ <adm:synopsis>Delete operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="extended">
+ <adm:synopsis>Extended operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="inequality-search">
+ <adm:synopsis>Inequality Search operations
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="modify">
+ <adm:synopsis>Modify operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="rename">
+ <adm:synopsis>Rename operations</adm:synopsis>
+ </adm:value>
+ <adm:value name="search">
+ <adm:synopsis>Search operations</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-operations</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-attributes" multi-valued="true">
+ <adm:synopsis>
+ Specifies which attributes are allowed in search and
+ compare operations.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All non-prohibited attributes.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="prohibited-attributes" mandatory="false"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies which attributes are not allowed in search
+ and compare operations.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All allowed attributes.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-prohibited-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-search-scopes" multi-valued="true">
+ <adm:synopsis>
+ Specifies which search scopes are allowed by the server.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All search scopes are allowed.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="base">
+ <adm:synopsis>Base-object search.</adm:synopsis>
+ </adm:value>
+ <adm:value name="one">
+ <adm:synopsis>One-level search.</adm:synopsis>
+ </adm:value>
+ <adm:value name="sub">
+ <adm:synopsis>Whole subtree search</adm:synopsis>
+ </adm:value>
+ <adm:value name="children">
+ <adm:synopsis>Subordinate subtree search</adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-search-scopes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="allowed-subtrees" multi-valued="true">
+ <adm:synopsis>
+ Specifies which subtrees are accessible to clients.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All non-prohibited subtrees.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-subtrees</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="prohibited-subtrees" multi-valued="true">
+ <adm:synopsis>
+ Specifies which subtrees must be hidden from clients. Each
+ prohibited subtree must be subordinate to an allowed subtree.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>All allowed subtrees.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-prohibited-subtrees</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ResourceLimitsQOSPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ResourceLimitsQOSPolicyConfiguration.xml
new file mode 100644
index 0000000..29eca9e
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/ResourceLimitsQOSPolicyConfiguration.xml
@@ -0,0 +1,275 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009-2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="resource-limits-qos-policy"
+ plural-name="resource-limits-qos-policies"
+ extends="qos-policy"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name/>
+ are used to define resource limits enforced by the server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-resource-limits-qos-policy</ldap:name>
+ <ldap:superior>ds-cfg-qos-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.core.networkgroups.ResourceLimitsPolicyFactory
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="max-connections">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum number of concurrent client connections
+ to the server.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 means that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-connections</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-connections-from-same-ip">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum number of client connections from the
+ same source address.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 means that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-connections-from-same-ip</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-ops-per-connection">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum number of operations per
+ client connection.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 means that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-ops-per-connection</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-concurrent-ops-per-connection">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum number of concurrent operations
+ per client connection.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 means that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-concurrent-ops-per-connection</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="size-limit">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum number of entries that can be returned
+ to the client during a single search operation.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 indicates that no size limit is enforced. Note
+ that this is the default for the server, but it may be
+ overridden on a per-user basis using the ds-rlim-size-limit
+ operational attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:inherited>
+ <adm:absolute property-name="size-limit"
+ path="/relation=global-configuration"/>
+ </adm:inherited>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-size-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="time-limit">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the maximum length of time that should be spent processing
+ a search operation.
+ </adm:synopsis>
+ <adm:description>
+ A value of 0 seconds indicates that no time limit is
+ enforced. Note that this is the default for the server,
+ but it may be overridden on a per-user basis using the
+ ds-rlim-time-limit operational attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:inherited>
+ <adm:absolute property-name="time-limit"
+ path="/relation=global-configuration"/>
+ </adm:inherited>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="s" lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-time-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="min-substring-length">
+ <adm:TODO>Make use of unlimited.</adm:TODO>
+ <adm:synopsis>
+ Specifies the minimum length for a search filter substring.
+ </adm:synopsis>
+ <adm:description>
+ Search operations with short search filter substring are
+ likely to match a high number of entries and might degrade
+ performance overall. A value of 0 indicates that no limit is
+ enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-substring-length</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-ops-per-interval">
+ <adm:synopsis>
+ Specifies the maximum number of operations that can take place on
+ the same network group during the specified interval.
+ </adm:synopsis>
+ <adm:description>
+ When the maximum number of operations per interval is reached, all
+ subsequent operations on the same network group are refused until the
+ end of the time interval. This parameter allows to limit the throughput
+ on the network group.
+ A value of 0 indicates that no limit is enforced.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="0"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-ops-per-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-ops-interval">
+ <adm:synopsis>
+ Specifies the interval during which the number of operations is limited.
+ </adm:synopsis>
+ <adm:description>
+ When the maximum number of operations per interval is reached, all
+ subsequent operations on the same network group are refused until the
+ end of the time interval. This parameter allows to limit the throughput
+ on the network group.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1s</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-ops-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootConfiguration.xml
new file mode 100644
index 0000000..9fb9b50
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootConfiguration.xml
@@ -0,0 +1,488 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:root-managed-object xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The root configuration provides an entry point to the rest of the
+ <adm:product-name />
+ configuration.
+ </adm:synopsis>
+ <adm:relation name="global-configuration"
+ managed-object-name="global">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="connection-handler">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=connection handlers, cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ <cli:default-property name="listen-port" />
+ <cli:default-property name="use-ssl" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="synchronization-provider">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Synchronization Providers, cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="access-control-handler">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Access Control Handler,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="crypto-manager">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Crypto Manager,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="group-implementation">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Group Implementations,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="identity-mapper">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Identity Mappers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="certificate-mapper">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Certificate Mappers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="sasl-mechanism-handler">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=SASL Mechanisms,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="password-validator">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Password Validators,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="password-generator">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Password Generators,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="plugin-root" managed-object-name="plugin-root">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Plugins,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="virtual-attribute">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Virtual Attributes,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation naming-argument-override="name">
+ <cli:default-property name="enabled" />
+ <cli:default-property name="attribute-type" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="extended-operation-handler">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Extended Operations,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="entry-cache">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Entry Caches,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="cache-level" />
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="account-status-notification-handler">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Account Status Notification Handlers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="alert-handler">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Alert Handlers,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="password-storage-scheme">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Password Storage Schemes,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="backend">
+ <adm:one-to-many naming-property="backend-id" />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Backends,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ <cli:default-property name="base-dn" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="root-dn">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Root DNs,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="default-root-privilege-name" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="root-dse-backend">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Root DSE,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ <cli:default-property name="show-all-attributes" />
+ <cli:default-property name="subordinate-base-dn" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="password-policy"
+ managed-object-name="authentication-policy">
+ <adm:one-to-many plural-name="password-policies" />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Password Policies,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="password-attribute" />
+ <cli:default-property name="default-password-storage-scheme" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="log-publisher">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Loggers,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="log-rotation-policy">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Log Rotation Policies,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="file-size-limit" />
+ <cli:default-property name="rotation-interval" />
+ <cli:default-property name="time-of-day" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="log-retention-policy">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Log Retention Policies,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="disk-space-used" />
+ <cli:default-property name="free-disk-space" />
+ <cli:default-property name="number-of-files" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="matching-rule">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Matching Rules,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="attribute-syntax">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Syntaxes,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="monitor-provider">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Monitor Providers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="key-manager-provider">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Key Manager Providers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="trust-manager-provider">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Trust Manager Providers,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="work-queue">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Work Queue,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="java-class" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="network-group" hidden="true">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Network Groups,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ <cli:default-property name="priority" />
+ <cli:default-property name="workflow" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="workflow" hidden="true">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Workflows,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="workflow-element" hidden="true">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>
+ cn=Workflow elements,cn=config
+ </ldap:rdn-sequence>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:relation>
+ <cli:default-property name="enabled" />
+ </cli:relation>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="administration-connector">
+ <adm:one-to-one />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Administration Connector,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:relation name="extension" hidden="true">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence>cn=Extensions,cn=config</ldap:rdn-sequence>
+ </adm:profile>
+ </adm:relation>
+ <adm:product-name>OpenDJ</adm:product-name>
+ <adm:tag-definition name="logging">
+ <adm:synopsis>Logging</adm:synopsis>
+ </adm:tag-definition>
+ <adm:tag-definition name="user-management">
+ <adm:synopsis>User management</adm:synopsis>
+ </adm:tag-definition>
+ <adm:tag-definition name="replication">
+ <adm:synopsis>Replication</adm:synopsis>
+ </adm:tag-definition>
+ <adm:tag-definition name="database">
+ <adm:synopsis>Caching and back-ends</adm:synopsis>
+ </adm:tag-definition>
+ <adm:tag-definition name="security">
+ <adm:synopsis>Authentication and authorization</adm:synopsis>
+ </adm:tag-definition>
+ <adm:tag-definition name="core-server">
+ <adm:synopsis>Core server</adm:synopsis>
+ </adm:tag-definition>
+</adm:root-managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNConfiguration.xml
new file mode 100644
index 0000000..fcfe6fe
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNConfiguration.xml
@@ -0,0 +1,229 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="root-dn" plural-name="root-dns"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ configuration contains all the Root DN Users defined in the
+ directory server. In addition, it also defines the default set of
+ privileges that Root DN Users automatically inherit.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-root-dn</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:relation name="root-dn-user" hidden="true">
+ <adm:one-to-many />
+ <adm:profile name="ldap">
+ <ldap:rdn-sequence />
+ <ldap:naming-attribute>cn</ldap:naming-attribute>
+ </adm:profile>
+ </adm:relation>
+ <adm:property name="default-root-privilege-name"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the names of the privileges that root users will be
+ granted by default.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>bypass-lockdown</adm:value>
+ <adm:value>bypass-acl</adm:value>
+ <adm:value>modify-acl</adm:value>
+ <adm:value>config-read</adm:value>
+ <adm:value>config-write</adm:value>
+ <adm:value>ldif-import</adm:value>
+ <adm:value>ldif-export</adm:value>
+ <adm:value>backend-backup</adm:value>
+ <adm:value>backend-restore</adm:value>
+ <adm:value>server-lockdown</adm:value>
+ <adm:value>server-shutdown</adm:value>
+ <adm:value>server-restart</adm:value>
+ <adm:value>disconnect-client</adm:value>
+ <adm:value>cancel-request</adm:value>
+ <adm:value>password-reset</adm:value>
+ <adm:value>update-schema</adm:value>
+ <adm:value>privilege-change</adm:value>
+ <adm:value>unindexed-search</adm:value>
+ <adm:value>subentry-write</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="bypass-lockdown">
+ <adm:synopsis>
+ Allows the associated user to bypass server lockdown mode.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="bypass-acl">
+ <adm:synopsis>
+ Allows the associated user to bypass access control checks
+ performed by the server.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="modify-acl">
+ <adm:synopsis>
+ Allows the associated user to modify the server's access
+ control configuration.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="config-read">
+ <adm:synopsis>
+ Allows the associated user to read the server configuration.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="config-write">
+ <adm:synopsis>
+ Allows the associated user to update the server
+ configuration. The config-read privilege is also required.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-read">
+ <adm:synopsis>
+ Allows the associated user to perform JMX read operations.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-write">
+ <adm:synopsis>
+ Allows the associated user to perform JMX write operations.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="jmx-notify">
+ <adm:synopsis>
+ Allows the associated user to subscribe to receive JMX
+ notifications.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldif-import">
+ <adm:synopsis>
+ Allows the user to request that the server process LDIF
+ import tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="ldif-export">
+ <adm:synopsis>
+ Allows the user to request that the server process LDIF
+ export tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="backend-backup">
+ <adm:synopsis>
+ Allows the user to request that the server process backup
+ tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="backend-restore">
+ <adm:synopsis>
+ Allows the user to request that the server process restore
+ tasks.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-lockdown">
+ <adm:synopsis>
+ Allows the user to place and bring the server of lockdown mode.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-shutdown">
+ <adm:synopsis>
+ Allows the user to request that the server shut down.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="server-restart">
+ <adm:synopsis>
+ Allows the user to request that the server perform an
+ in-core restart.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="proxied-auth">
+ <adm:synopsis>
+ Allows the user to use the proxied authorization control, or
+ to perform a bind that specifies an alternate authorization
+ identity.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="disconnect-client">
+ <adm:synopsis>
+ Allows the user to terminate other client connections.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="cancel-request">
+ <adm:synopsis>
+ Allows the user to cancel operations in progress on other
+ client connections.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="password-reset">
+ <adm:synopsis>
+ Allows the user to reset user passwords.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="data-sync">
+ <adm:synopsis>
+ Allows the user to participate in data synchronization.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="update-schema">
+ <adm:synopsis>
+ Allows the user to make changes to the server schema.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="privilege-change">
+ <adm:synopsis>
+ Allows the user to make changes to the set of defined root
+ privileges, as well as to grant and revoke privileges for
+ users.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="unindexed-search">
+ <adm:synopsis>
+ Allows the user to request that the server process a search
+ that cannot be optimized using server indexes.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subentry-write">
+ <adm:synopsis>
+ Allows the associated user to perform LDAP subentry write
+ operations.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-default-root-privilege-name</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNUserConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNUserConfiguration.xml
new file mode 100644
index 0000000..107e724
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDNUserConfiguration.xml
@@ -0,0 +1,74 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="root-dn-user" plural-name="root-dn-users"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ A
+ <adm:user-friendly-name />
+ are administrative users who can granted special privileges that
+ are not available to non-root users (for example, the ability to bind to
+ the server in lockdown mode).
+ </adm:synopsis>
+ <adm:description>
+ By default a
+ <adm:user-friendly-name />
+ inherits the default set of privileges defined in the Root DN
+ configuration.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-root-dn-user</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="alternate-bind-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies one or more alternate DNs that can be used to bind to
+ the server as this root user.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ This root user is allowed to bind only using the DN of
+ the associated configuration entry.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-alternate-bind-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDSEBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDSEBackendConfiguration.xml
new file mode 100644
index 0000000..f5f5f7d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/RootDSEBackendConfiguration.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="root-dse-backend"
+ plural-name="root-dse-backends" package="org.forgerock.opendj.admin"
+ advanced="true" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ contains the directory server root DSE.
+ </adm:synopsis>
+ <adm:description>
+ This is a special meta-backend that dynamically generates the
+ root DSE entry for base-level searches and simply redirects to
+ other backends for operations in other scopes.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:tag name="database" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-root-dse-backend</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="subordinate-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of base DNs used for singleLevel,
+ wholeSubtree, and subordinateSubtree searches based at the root
+ DSE.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The set of all user-defined suffixes is used.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-subordinate-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="show-all-attributes" mandatory="true">
+ <adm:synopsis>
+ Indicates whether all attributes in the root DSE are to be treated
+ like user attributes (and therefore returned to clients by
+ default) regardless of the directory server schema configuration.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-show-all-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SASLMechanismHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SASLMechanismHandlerConfiguration.xml
new file mode 100644
index 0000000..c74a3d5
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SASLMechanismHandlerConfiguration.xml
@@ -0,0 +1,91 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="sasl-mechanism-handler"
+ plural-name="sasl-mechanism-handlers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The SASL mechanism handler configuration entry is the parent
+ for all SASL mechanism handlers defined in the <adm:product-name />
+ directory server.
+ </adm:synopsis>
+ <adm:description>
+ SASL mechanism handlers are responsible for
+ authenticating users during the course of processing a SASL
+ (Simple Authentication and Security Layer, as defined in
+ RFC 4422) bind.
+ </adm:description>
+ <adm:tag name="security" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-sasl-mechanism-handler</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ SASL mechanism handler is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ SASL mechanism handler implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.SASLMechanismHandler
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SHA1PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SHA1PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..98609ea
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SHA1PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="sha1-password-storage-scheme"
+ plural-name="sha1-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using an unsalted
+ form of the SHA-1 message digest algorithm. Because the implementation
+ does not use any kind of salting mechanism, a given password always has
+ the same encoded form.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "SHA".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-sha1-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SHA1PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAccountStatusNotificationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAccountStatusNotificationHandlerConfiguration.xml
new file mode 100644
index 0000000..65220c4
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAccountStatusNotificationHandlerConfiguration.xml
@@ -0,0 +1,209 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="smtp-account-status-notification-handler"
+ plural-name="smtp-account-status-notification-handlers"
+ extends="account-status-notification-handler"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a notification handler that sends
+ email messages to end users and/or administrators whenever an
+ account status notification is generated.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-smtp-account-status-notification-handler
+ </ldap:name>
+ <ldap:superior>
+ ds-cfg-account-status-notification-handler
+ </ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SMTPAccountStatusNotificationHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="email-address-attribute-type"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies which attribute in the user's entries may be used to obtain
+ the email address when notifying the end user.
+ </adm:synopsis>
+ <adm:description>
+ You can specify more than one email address as separate values. In this case,
+ the <adm:product-name /> server sends a notification to all email addresses identified.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no email address attribute types are specified, then no
+ attempt is made to send email notification messages to
+ end users. Only those users specified in the set of additional
+ recipient addresses are sent the notification messages.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-email-address-attribute-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="recipient-address" multi-valued="true">
+ <adm:synopsis>
+ Specifies an email address to which notification messages are
+ sent, either instead of or in addition to the end user for whom
+ the notification has been generated.
+ </adm:synopsis>
+ <adm:description>
+ This may be used to ensure that server administrators also receive
+ a copy of any notification messages that are generated.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If no additional recipient addresses are specified, then only
+ the end users that are the subjects of the account status
+ notifications receive the notification messages.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-recipient-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="send-message-without-end-user-address"
+ mandatory="true" advanced="true">
+ <adm:synopsis>
+ Indicates whether an email notification message should be
+ generated and sent to the set of notification recipients even if
+ the user entry does not contain any values for any of the email
+ address attributes (that is, in cases when it is not be possible to
+ notify the end user).
+ </adm:synopsis>
+ <adm:description>
+ This is only applicable if both one or more email address
+ attribute types and one or more additional recipient addresses are
+ specified.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-send-message-without-end-user-address
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="sender-address" mandatory="true">
+ <adm:synopsis>
+ Specifies the email address from which the message is sent.
+ Note that this does not necessarily have to be a legitimate email
+ address.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-sender-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="message-subject" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the subject that should be used for email messages
+ generated by this account status notification handler.
+ </adm:synopsis>
+ <adm:description>
+ The values for this property should begin with the name of an
+ account status notification type followed by a colon and the
+ subject that should be used for the associated notification
+ message. If an email message is generated for an account status
+ notification type for which no subject is defined, then that
+ message is given a generic subject.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-message-subject</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="message-template-file" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the path to the file containing the message template
+ to generate the email notification messages.
+ </adm:synopsis>
+ <adm:description>
+ The values for this property should begin with the name of an
+ account status notification type followed by a colon and the path
+ to the template file that should be used for that notification
+ type. If an account status notification has a notification type
+ that is not associated with a message template file, then no email
+ message is generated for that notification.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-message-template-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAlertHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAlertHandlerConfiguration.xml
new file mode 100644
index 0000000..6d3adea
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SMTPAlertHandlerConfiguration.xml
@@ -0,0 +1,130 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="smtp-alert-handler"
+ plural-name="smtp-alert-handlers"
+ package="org.forgerock.opendj.admin" extends="alert-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ may be used to send e-mail messages to notify administrators of
+ significant events that occur within the server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-smtp-alert-handler</ldap:name>
+ <ldap:superior>ds-cfg-alert-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SMTPAlertHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="sender-address" mandatory="true">
+ <adm:synopsis>
+ Specifies the email address to use as the sender for messages
+ generated by this alert handler.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-sender-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="recipient-address" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies an email address to which the messages should be sent.
+ </adm:synopsis>
+ <adm:description>
+ Multiple values may be provided if there should be more than one
+ recipient.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-recipient-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="message-subject" mandatory="true">
+ <adm:synopsis>
+ Specifies the subject that should be used for email messages
+ generated by this alert handler.
+ </adm:synopsis>
+ <adm:description>
+ The token "%%%%alert-type%%%%" is dynamically replaced with
+ the alert type string. The token "%%%%alert-id%%%%" is
+ dynamically replaced with the alert ID value. The token
+ "%%%%alert-message%%%%" is dynamically replaced with the
+ alert message. The token "\\n" is replaced with an
+ end-of-line marker.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-message-subject</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="message-body" mandatory="true">
+ <adm:synopsis>
+ Specifies the body that should be used for email messages
+ generated by this alert handler.
+ </adm:synopsis>
+ <adm:description>
+ The token "%%%%alert-type%%%%" is dynamically replaced with
+ the alert type string. The token "%%%%alert-id%%%%" is
+ dynamically replaced with the alert ID value. The token
+ "%%%%alert-message%%%%" is dynamically replaced with the
+ alert message. The token "\\n" is replaced with an
+ end-of-line marker.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-message-body</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SNMPConnectionHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SNMPConnectionHandlerConfiguration.xml
new file mode 100644
index 0000000..42eb800
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SNMPConnectionHandlerConfiguration.xml
@@ -0,0 +1,348 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Portions Copyright 2008-2009 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+! -->
+<adm:managed-object name="snmp-connection-handler"
+ plural-name="snmp-connection-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="connection-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap" >
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ can be used to process SNMP requests to retrieve monitoring information
+ described by the MIB 2605. Supported protocol are SNMP V1, V2c and V3.
+ </adm:synopsis>
+ <adm:description>
+ The SNMP connection handler will process SNMP requests sent by SNMP
+ Managers to retrieve information described the MIB 2605. To enable
+ the SNMP Connection Handler, the ds-cfg-opendmk-jarfile parameter
+ has to be set to the OpenDMK jar files location.
+ </adm:description>
+
+ <!-- Connection Handler ldap profile -->
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-snmp-connection-handler</ldap:name>
+ <ldap:superior>ds-cfg-connection-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <!-- Class to instanciate -->
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.snmp.SNMPConnectionHandler
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <!-- SNMP Port -->
+ <adm:property-reference name="listen-port" />
+ <adm:property name="listen-address" multi-valued="true" read-only="true">
+ <adm:synopsis>
+ Specifies the address or set of addresses on which this
+ <adm:user-friendly-name />
+ should listen for connections from SNMP clients.
+ </adm:synopsis>
+ <adm:description>
+ Multiple addresses may be provided as separate values for this
+ attribute. If no values are provided, then the
+ <adm:user-friendly-name />
+ listens on all interfaces.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>0.0.0.0</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:ip-address />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-listen-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trap-port" mandatory="true">
+ <adm:synopsis>
+ Specifies the port to use to send SNMP Traps.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:integer />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trap-port</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- SNMP Version -->
+ <!-- SNMP Community or Context Name -->
+ <adm:property name="community">
+ <adm:synopsis>
+ Specifies the v1,v2 community or the v3 context name allowed to
+ access the MIB 2605 monitoring information or the USM MIB. The
+ mapping between "community" and "context name" is set.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>OpenDJ</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-community</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- SNMP V1/V2 Allowed managers -->
+ <adm:property name="allowed-manager" multi-valued="true">
+ <adm:synopsis>
+ Specifies the hosts of the managers to be granted the access rights.
+ This property is required for SNMP v1 and v2 security configuration.
+ An asterisk (*) opens access to all managers.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>*</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-manager</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- SNMP V3 Allowed users -->
+ <adm:property name="allowed-user" multi-valued="true">
+ <adm:synopsis>
+ Specifies the users to be granted the access rights. This property
+ is required for SNMP v3 security configuration.
+ An asterisk (*) opens access to all users.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>*</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-allowed-user</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- SNMP V3 Security level -->
+ <adm:property name="security-level">
+ <adm:synopsis>
+ Specifies the type of security level : NoAuthNoPriv : No security
+ mechanisms activated, AuthNoPriv : Authentication activated with no
+ privacy, AuthPriv : Authentication with privacy activated.
+ This property is required for SNMP V3 security configuration.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>authnopriv</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="noauthnopriv">
+ <adm:synopsis>
+ No security mechanisms activated.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="authnopriv">
+ <adm:synopsis>
+ Authentication activated with no privacy.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="authpriv">
+ <adm:synopsis>
+ Authentication with privacy activated.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-security-level</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- Trap Community -->
+ <adm:property name="traps-community" >
+ <adm:synopsis>
+ Specifies the community string that must be included in the traps
+ sent to define managers (trap-destinations).
+ This property is used in the context of SNMP v1, v2 and v3.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>OpenDJ</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-traps-community</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- Traps destinations -->
+ <adm:property name="traps-destination" multi-valued="true">
+ <adm:synopsis>
+ Specifies the hosts to which V1 traps will be sent. V1 Traps are
+ sent to every host listed.
+ </adm:synopsis>
+ <adm:description>
+ If this list is empty, V1 traps are sent to "localhost".
+ Each host in the list must be identifed by its name or complete IP Addess.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ If the list is empty, V1 traps are sent to "localhost".
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-traps-destination</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- Agent Engine Security USM Configuration -->
+ <adm:property name="security-agent-file">
+ <adm:synopsis>
+ Specifies the USM security configuration to receive authenticated
+ only SNMP requests.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ config/snmp/security/opendj-snmp.security
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-security-agent-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <!-- SNMP Registration or not -->
+ <adm:property name="registered-mbean">
+ <adm:synopsis>
+ Indicates whether the SNMP objects have to be registered in the
+ directory server MBeanServer or not allowing to access SNMP Objects
+ with RMI connector if enabled.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-registered-mbean</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+
+ <adm:property name="opendmk-jarfile">
+ <adm:synopsis>
+ Indicates the OpenDMK runtime jar file location
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:undefined />
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-opendmk-jarfile</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
\ No newline at end of file
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedMD5PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedMD5PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..07d976d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedMD5PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="salted-md5-password-storage-scheme"
+ plural-name="salted-md5-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using a salted form
+ of the MD5 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "SMD5", and an implementation of the
+ auth password syntax, with a storage scheme name of "MD5". Although the
+ MD5 digest algorithm is relatively secure, recent cryptanalysis work has
+ identified mechanisms for generating MD5 collisions. This does not
+ impact the security of this algorithm as it is used in <adm:product-name />,
+ but it is recommended that the MD5 password storage scheme only be used if
+ client applications require it for compatibility purposes, and that a
+ stronger digest like SSHA or SSHA256 be used for environments in which
+ MD5 support is not required.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-salted-md5-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SaltedMD5PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA1PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA1PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..2a0731c
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA1PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="salted-sha1-password-storage-scheme"
+ plural-name="salted-sha1-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using a salted form
+ of the SHA-1 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "SSHA", and an implementation of the
+ auth password syntax, with a storage scheme name of "SHA1".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-salted-sha1-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SaltedSHA1PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA256PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA256PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..090d47b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA256PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="salted-sha256-password-storage-scheme"
+ plural-name="salted-sha256-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using a salted form
+ of the 256-bit SHA-2 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "SSHA256", and an implementation of
+ the auth password syntax, with a storage scheme name of "SHA256".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-salted-sha256-password-storage-scheme
+ </ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SaltedSHA256PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA384PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA384PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..1f1683f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA384PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="salted-sha384-password-storage-scheme"
+ plural-name="salted-sha384-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using a salted form
+ of the 384-bit SHA-2 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "SSHA384", and an implementation of
+ the auth password syntax, with a storage scheme name of "SHA384".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-salted-sha384-password-storage-scheme
+ </ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SaltedSHA384PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA512PasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA512PasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..dabcff0
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SaltedSHA512PasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="salted-sha512-password-storage-scheme"
+ plural-name="salted-sha512-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using a salted form
+ of the 512-bit SHA-2 message digest algorithm.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains an implementation for the user password syntax,
+ with a storage scheme name of "SSHA512", and an implementation of
+ the auth password syntax, with a storage scheme name of "SHA512".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-salted-sha512-password-storage-scheme
+ </ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SaltedSHA512PasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SambaPasswordPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SambaPasswordPluginConfiguration.xml
new file mode 100644
index 0000000..9f6aeea
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SambaPasswordPluginConfiguration.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2011 profiq s.r.o.
+ ! Portions copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="samba-password-plugin"
+ plural-name="samba-password-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>Samba Password Synchronization Plugin.</adm:synopsis>
+ <adm:description>
+ This plugin captures clear-text password changes for a user and generates
+ LanMan or NTLM hashes for the respective Samba attributes (sambaLMPassword
+ and sambaNTPassword).
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-samba-password-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.plugins.SambaPasswordPlugin</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>preoperationmodify</adm:value>
+ <adm:value>postoperationextended</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="pwd-sync-policy" mandatory="true" multi-valued="true">
+ <adm:synopsis>
+ Specifies which Samba passwords should be kept synchronized.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>sync-nt-password</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="sync-nt-password">
+ <adm:synopsis>
+ Synchronize the NT password attribute "sambaNTPassword"
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="sync-lm-password">
+ <adm:synopsis>
+ Synchronize the LanMan password attribute "sambaLMPassword"
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>
+ ds-cfg-pwd-sync-policy
+ </ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="samba-administrator-dn" mandatory="false">
+ <adm:synopsis>
+ Specifies the distinguished name of the user which Samba uses to
+ perform Password Modify extended operations against this directory
+ server in order to synchronize the userPassword attribute after the
+ LanMan or NT passwords have been updated.
+ </adm:synopsis>
+ <adm:description>
+ The user must have the 'password-reset' privilege and should not be
+ a root user. This user name can be used in order to identify Samba
+ connections and avoid double re-synchronization of the same password.
+ If this property is left undefined, then no password updates will be
+ skipped.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>Synchronize all updates to user passwords</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-samba-administrator-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SchemaBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SchemaBackendConfiguration.xml
new file mode 100644
index 0000000..9a72fd8
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SchemaBackendConfiguration.xml
@@ -0,0 +1,122 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="schema-backend" plural-name="schema-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ advanced="true" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides access to the directory server schema information,
+ including the attribute types, object classes, attribute syntaxes,
+ matching rules, matching rule uses, DIT content rules, and DIT
+ structure rules that it contains.
+ </adm:synopsis>
+ <adm:description>
+ The server allows "modify" operations in this backend to alter the
+ server schema definitions. The configuration entry for this backend
+ is based on the ds-cfg-schema-backend structural object class. Note
+ that any attribute types included in this entry that are not
+ included in this object class (or the parent ds-cfg-backend class)
+ appears directly in the schema entry.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-schema-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.backends.SchemaBackend</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="schema-entry-dn" advanced="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Defines the base DNs of the subtrees in which the schema
+ information is published in addition to the value included
+ in the base-dn property.
+ </adm:synopsis>
+ <adm:description>
+ The value provided in the base-dn property is the only one that
+ appears in the subschemaSubentry operational attribute of the
+ server's root DSE (which is necessary because that is a
+ single-valued attribute) and as a virtual attribute in other
+ entries. The schema-entry-dn attribute may be used to make the
+ schema information available in other locations to accommodate
+ certain client applications that have been hard-coded to expect the
+ schema to reside in a specific location.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>cn=schema</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-schema-entry-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="show-all-attributes" mandatory="true">
+ <adm:synopsis>
+ Indicates whether to treat all attributes in the schema entry as
+ if they were user attributes regardless of their configuration.
+ </adm:synopsis>
+ <adm:description>
+ This may provide compatibility with some applications that expect
+ schema attributes like attributeTypes and objectClasses to be
+ included by default even if they are not requested. Note that the
+ ldapSyntaxes attribute is always treated as operational in
+ order to avoid problems with attempts to modify the schema over
+ protocol.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-show-all-attributes</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SevenBitCleanPluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SevenBitCleanPluginConfiguration.xml
new file mode 100644
index 0000000..3d03b81
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SevenBitCleanPluginConfiguration.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="seven-bit-clean-plugin"
+ plural-name="seven-bit-clean-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ ensures that values for a specified set of attributes
+ are 7-bit clean.
+ </adm:synopsis>
+ <adm:description>
+ That is, for those attributes, the values are not allowed to contain
+ any bytes having the high-order bit set, which is used to indicate
+ the presence of non-ASCII characters. Some applications do not
+ properly handle attribute values that contain non-ASCII characters,
+ and this plug-in can help ensure that attributes used by those
+ applications do not contain characters that can cause problems in
+ those applications.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-seven-bit-clean-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.SevenBitCleanPlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>ldifimport</adm:value>
+ <adm:value>preparseadd</adm:value>
+ <adm:value>preparsemodify</adm:value>
+ <adm:value>preparsemodifydn</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="attribute-type" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies the name or OID of an attribute type for which values
+ should be checked to ensure that they are 7-bit clean.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>uid</adm:value>
+ <adm:value>mail</adm:value>
+ <adm:value>userPassword</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-attribute-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DN below which the checking is performed.
+ </adm:synopsis>
+ <adm:description>
+ Any attempt to update a value for one of the configured attributes
+ below this base DN must be 7-bit clean for the operation to be
+ allowed.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ All entries below all public naming contexts will be checked.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SimilarityBasedPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SimilarityBasedPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..cb1a394
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SimilarityBasedPasswordValidatorConfiguration.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="similarity-based-password-validator"
+ plural-name="similarity-based-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ determines whether a proposed password is acceptable by measuring
+ how similar it is to the user's current password.
+ </adm:synopsis>
+ <adm:description>
+ In particular,
+ it uses the Levenshtein Distance algorithm to determine the
+ minimum number of changes (where a change may be inserting,
+ deleting, or replacing a character) to transform one string into
+ the other. It can be used to prevent users from making only minor
+ changes to their current password when setting a new password.
+ Note that for this password validator to be effective, it is
+ necessary to have access to the user's current password.
+ Therefore, if this password validator is to be enabled, the
+ password-change-requires-current-password attribute in the
+ password policy configuration must also be set to true.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-similarity-based-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SimilarityBasedPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="min-password-difference" mandatory="true">
+ <adm:synopsis>
+ Specifies the minimum difference of new and old password.
+ </adm:synopsis>
+ <adm:description>
+ A value of zero indicates that no difference between passwords is
+ acceptable.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-password-difference</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRetentionPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRetentionPolicyConfiguration.xml
new file mode 100644
index 0000000..d29ff3c
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRetentionPolicyConfiguration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="size-limit-log-retention-policy"
+ plural-name="size-limit-log-retention-policies"
+ package="org.forgerock.opendj.admin" extends="log-retention-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Retention policy based on the amount of space taken by all the log
+ files on disk.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-size-limit-log-retention-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-retention-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.SizeBasedRetentionPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="disk-space-used" mandatory="true">
+ <adm:synopsis>
+ Specifies the maximum total disk space used by the log files.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-disk-space-used</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRotationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRotationPolicyConfiguration.xml
new file mode 100644
index 0000000..7228f89
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SizeLimitLogRotationPolicyConfiguration.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="size-limit-log-rotation-policy"
+ plural-name="size-limit-log-rotation-policies"
+ package="org.forgerock.opendj.admin" extends="log-rotation-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Rotation policy based on the size of the log file.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-size-limit-log-rotation-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-rotation-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.SizeBasedRotationPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="file-size-limit" mandatory="true">
+ <adm:synopsis>
+ Specifies the maximum size that a log file can reach before
+ it is rotated.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:size lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-file-size-limit</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SoftReferenceEntryCacheConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SoftReferenceEntryCacheConfiguration.xml
new file mode 100644
index 0000000..8616eb5
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SoftReferenceEntryCacheConfiguration.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="soft-reference-entry-cache"
+ plural-name="soft-reference-entry-caches"
+ package="org.forgerock.opendj.admin" extends="entry-cache"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a directory server entry cache implementation that uses soft
+ references to manage objects to allow them to be
+ freed if the JVM is running low on memory.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-soft-reference-entry-cache</ldap:name>
+ <ldap:superior>ds-cfg-entry-cache</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SoftReferenceEntryCache
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="lock-timeout" advanced="true">
+ <adm:synopsis>
+ Specifies the length of time in milliseconds to wait while attempting to
+ acquire a read or write lock.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>3000ms</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="0"
+ allow-unlimited="true" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-lock-timeout</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="include-filter" />
+ <adm:property-reference name="exclude-filter" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StackTraceMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StackTraceMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..3f4c1df
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StackTraceMonitorProviderConfiguration.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="stack-trace-monitor-provider"
+ plural-name="stack-trace-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ enables clients to obtain a stack trace of all the threads that are
+ currently running in the directory server.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-stack-trace-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.StackTraceMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StartTLSExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StartTLSExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..2946a0b
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StartTLSExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="start-tls-extended-operation-handler"
+ plural-name="start-tls-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides the ability clients to use the StartTLS extended operation
+ to initiate a secure communication channel over an otherwise
+ clear-text LDAP connection.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-start-tls-extended-operation-handler</ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.StartTLSExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StaticGroupImplementationConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StaticGroupImplementationConfiguration.xml
new file mode 100644
index 0000000..a96c625
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StaticGroupImplementationConfiguration.xml
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="static-group-implementation"
+ plural-name="static-group-implementations"
+ package="org.forgerock.opendj.admin" extends="group-implementation"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a grouping mechanism in which the group membership is based
+ on an explicit list of the DNs of the users that are members of the
+ group.
+ </adm:synopsis>
+ <adm:description>
+ Note that it is possible to nest static groups by including the DN of a
+ nested group in the member list for the parent group.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-static-group-implementation</ldap:name>
+ <ldap:superior>ds-cfg-group-implementation</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>org.opends.server.extensions.StaticGroup</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StructuralObjectClassVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StructuralObjectClassVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..539ca51
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/StructuralObjectClassVirtualAttributeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="structural-object-class-virtual-attribute"
+ plural-name="structural-object-class-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that specifies the structural object class
+ with the schema definitions in effect for the
+ entry. This attribute is defined in RFC 4512.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-structural-object-class-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>structuralObjectClass</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectAttributeToUserAttributeCertificateMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectAttributeToUserAttributeCertificateMapperConfiguration.xml
new file mode 100644
index 0000000..69da46f
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectAttributeToUserAttributeCertificateMapperConfiguration.xml
@@ -0,0 +1,104 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object
+ name="subject-attribute-to-user-attribute-certificate-mapper"
+ plural-name="subject-attribute-to-user-attribute-certificate-mappers"
+ package="org.forgerock.opendj.admin" extends="certificate-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maps client certificates to user entries by mapping the values of
+ attributes contained in the certificate subject to attributes
+ contained in user entries.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-subject-attribute-to-user-attribute-certificate-mapper
+ </ldap:name>
+ <ldap:superior>ds-cfg-certificate-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SubjectAttributeToUserAttributeCertificateMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="subject-attribute-mapping" mandatory="true"
+ multi-valued="true">
+ <adm:synopsis>
+ Specifies a mapping between certificate attributes and user
+ attributes.
+ </adm:synopsis>
+ <adm:description>
+ Each value should be in the form "certattr:userattr" where
+ certattr is the name of the attribute in the certificate subject
+ and userattr is the name of the corresponding attribute in user
+ entries. There may be multiple mappings defined, and when
+ performing the mapping values for all attributes present in the
+ certificate subject that have mappings defined must be present in
+ the corresponding user entries.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-subject-attribute-mapping</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DNs that should be used when performing
+ searches to map the client certificate to a user entry.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server will perform the search in all public naming
+ contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectDNToUserAttributeCertificateMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectDNToUserAttributeCertificateMapperConfiguration.xml
new file mode 100644
index 0000000..cf3f3b3
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectDNToUserAttributeCertificateMapperConfiguration.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object
+ name="subject-dn-to-user-attribute-certificate-mapper"
+ plural-name="subject-dn-to-user-attribute-certificate-mappers"
+ package="org.forgerock.opendj.admin" extends="certificate-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maps client certificates to user entries by looking for the
+ certificate subject DN in a specified attribute of user entries.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>
+ ds-cfg-subject-dn-to-user-attribute-certificate-mapper
+ </ldap:name>
+ <ldap:superior>ds-cfg-certificate-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SubjectDNToUserAttributeCertificateMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="subject-attribute" mandatory="true">
+ <adm:synopsis>
+ Specifies the name or OID of the attribute whose value should
+ exactly match the certificate subject DN.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-subject-attribute</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="user-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DNs that should be used when performing
+ searches to map the client certificate to a user entry.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The server will perform the search in all public naming
+ contexts.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-user-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectEqualsDNCertificateMapperConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectEqualsDNCertificateMapperConfiguration.xml
new file mode 100644
index 0000000..3d194b2
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubjectEqualsDNCertificateMapperConfiguration.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="subject-equals-dn-certificate-mapper"
+ plural-name="subject-equals-dn-certificate-mappers"
+ package="org.forgerock.opendj.admin" extends="certificate-mapper"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ maps client certificates to user entries based on the assumption
+ that the certificate subject is the same as the DN of the target
+ user entry.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-subject-equals-dn-certificate-mapper</ldap:name>
+ <ldap:superior>ds-cfg-certificate-mapper</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SubjectEqualsDNCertificateMapper
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubschemaSubentryVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubschemaSubentryVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..8aa17eb
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SubschemaSubentryVirtualAttributeConfiguration.xml
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="subschema-subentry-virtual-attribute"
+ plural-name="subschema-subentry-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ generates a virtual attribute that specifies the location of the
+ subschemaSubentry with the schema definitions in effect for the
+ entry. This attribute is defined in RFC 4512.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-subschema-subentry-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="conflict-behavior" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>virtual-overrides-real</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="attribute-type">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>subschemaSubentry</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SynchronizationProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SynchronizationProviderConfiguration.xml
new file mode 100644
index 0000000..f1dced4
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SynchronizationProviderConfiguration.xml
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="synchronization-provider"
+ plural-name="synchronization-providers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for handling synchronization of the directory server
+ data with other <adm:product-name /> instances or other data repositories.
+ </adm:synopsis>
+ <adm:description>
+ The <adm:product-name /> directory server takes a centralized approach to
+ replication, rather than the point-to-point approach taken by Sun
+ Java System Directory Server. In <adm:product-name />, one or more replication
+ servers are created in the environment. The replication servers
+ typically do not store user data but keep a log of all changes made
+ within the topology. Each directory server instance in the topology
+ is pointed at the replication servers. This plan simplifies the
+ deployment and management of the environment. Although you can run
+ the replication server on the same system (or even in the same
+ instance) as the directory server, the two servers can be separated
+ onto different systems. This approach can provide better performance
+ or functionality in large environments.
+ </adm:description>
+ <adm:tag name="replication" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-synchronization-provider</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.SynchronizationProvider
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SystemInfoMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SystemInfoMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..d658b97
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/SystemInfoMonitorProviderConfiguration.xml
@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="system-info-monitor-provider"
+ plural-name="system-info-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ can be used to publish information about the system and virtual
+ machine on which the directory server is running.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-system-info-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.SystemInfoMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TaskBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TaskBackendConfiguration.xml
new file mode 100644
index 0000000..d8a0207
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TaskBackendConfiguration.xml
@@ -0,0 +1,133 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="task-backend" plural-name="task-backends"
+ package="org.forgerock.opendj.admin" extends="backend"
+ advanced="true" xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The Task Backend provides a mechanism for scheduling tasks in the
+ <adm:product-name /> directory server. Tasks are intended to provide access to
+ certain types of administrative functions in the server that may not
+ be convenient to perform remotely.
+ </adm:synopsis>
+ <adm:description>
+ <adm:product-name /> supports tasks to backup and restore backends, to import and export LDIF
+ files, and to stop and restart the server. The details of a task are
+ in an entry that is below the root of the Task Backend. The Task Backend
+ is responsible for decoding that task entry and ensuring that it is processed
+ as requested. Tasks may be invoked immediately, but they may also be scheduled for execution at
+ some future time. The task backend can also process recurring tasks to
+ ensure that maintenance operations (for example, backups) are
+ performed automatically on a regular basis.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-task-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.backends.task.TaskBackend
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="task-backing-file" mandatory="true">
+ <adm:synopsis>
+ Specifies the path to the backing file for storing
+ information about the tasks configured in the server.
+ </adm:synopsis>
+ <adm:description>
+ It may be either an absolute path or a relative path to
+ the base of the <adm:product-name /> directory server instance.
+ </adm:description>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-task-backing-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="task-retention-time">
+ <adm:synopsis>
+ Specifies the length of time that task entries should be
+ retained after processing on the associated task has been
+ completed.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>24 hours</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:duration />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-task-retention-time</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="notification-sender-address">
+ <adm:synopsis>
+ Specifies the email address to use as the sender (that is,
+ the "From:" address) address for notification mail messages generated
+ when a task completes execution.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The default sender address used is
+ "opendj-task-notification@" followed by the canonical address
+ of the system on which the server is running.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-notification-sender-address</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TelephoneNumberAttributeSyntaxConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TelephoneNumberAttributeSyntaxConfiguration.xml
new file mode 100644
index 0000000..a049b63
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TelephoneNumberAttributeSyntaxConfiguration.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="telephone-number-attribute-syntax"
+ plural-name="telephone-number-attribute-syntaxes"
+ extends="attribute-syntax" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ define an attribute syntax for storing telephone number information.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-telephone-number-attribute-syntax</ldap:name>
+ <ldap:superior>ds-cfg-attribute-syntax</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.schema.TelephoneNumberSyntax
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="strict-format" advanced="true">
+ <adm:synopsis>
+ Indicates whether to require telephone number values to strictly
+ comply with the standard definition for this syntax.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-strict-format</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TimeLimitLogRotationPolicyConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TimeLimitLogRotationPolicyConfiguration.xml
new file mode 100644
index 0000000..c763c49
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TimeLimitLogRotationPolicyConfiguration.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="time-limit-log-rotation-policy"
+ plural-name="time-limit-log-rotation-policies"
+ package="org.forgerock.opendj.admin" extends="log-rotation-policy"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ Rotation policy based on the time since last rotation.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-time-limit-log-rotation-policy</ldap:name>
+ <ldap:superior>ds-cfg-log-rotation-policy</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.loggers.TimeLimitRotationPolicy
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="rotation-interval" mandatory="true">
+ <adm:synopsis>
+ Specifies the time interval between rotations.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:duration base-unit="ms" lower-limit="1" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-rotation-interval</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TraditionalWorkQueueConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TraditionalWorkQueueConfiguration.xml
new file mode 100644
index 0000000..77c1d9d
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TraditionalWorkQueueConfiguration.xml
@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="traditional-work-queue"
+ plural-name="traditional-work-queues" extends="work-queue"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a type of work queue that uses a number of worker threads that
+ watch a queue and pick up an operation to process whenever one
+ becomes available.
+ </adm:synopsis>
+ <adm:description>
+ The traditional work queue is a FIFO queue serviced by a fixed
+ number of worker threads. This fixed number of threads can be
+ changed on the fly, with the change taking effect as soon as
+ it is made. You can limit the size of the work queue to a specified
+ number of operations. When this many operations are in the
+ queue, waiting to be picked up by threads, any new requests are
+ rejected with an error message.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-traditional-work-queue</ldap:name>
+ <ldap:superior>ds-cfg-work-queue</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.TraditionalWorkQueue
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="num-worker-threads">
+ <adm:synopsis>
+ Specifies the number of worker threads to be used for processing
+ operations placed in the queue.
+ </adm:synopsis>
+ <adm:description>
+ If the value is increased,
+ the additional worker threads are created immediately. If the
+ value is reduced, the appropriate number of threads are destroyed
+ as operations complete processing.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Let the server decide.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-num-worker-threads</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="max-work-queue-capacity">
+ <adm:synopsis>
+ Specifies the maximum number of queued operations that can be in the work
+ queue at any given time.
+ </adm:synopsis>
+ <adm:description>
+ If the work queue is already full and additional requests are
+ received by the server, then the server front end, and possibly the
+ client, will be blocked until the work queue has available capacity.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>1000</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:integer lower-limit="1" upper-limit="2147483647"/>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-max-work-queue-capacity</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TripleDESPasswordStorageSchemeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TripleDESPasswordStorageSchemeConfiguration.xml
new file mode 100644
index 0000000..11393d3
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TripleDESPasswordStorageSchemeConfiguration.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="triple-des-password-storage-scheme"
+ plural-name="triple-des-password-storage-schemes"
+ package="org.forgerock.opendj.admin"
+ extends="password-storage-scheme"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a mechanism for encoding user passwords using the
+ triple-DES (DES/EDE) reversible encryption mechanism.
+ </adm:synopsis>
+ <adm:description>
+ This scheme contains only an implementation for the user password
+ syntax, with a storage scheme name of "3DES".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-triple-des-password-storage-scheme</ldap:name>
+ <ldap:superior>ds-cfg-password-storage-scheme</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.TripleDESPasswordStorageScheme
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustManagerProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustManagerProviderConfiguration.xml
new file mode 100644
index 0000000..2581fb1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustManagerProviderConfiguration.xml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="trust-manager-provider"
+ plural-name="trust-manager-providers"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ determine whether to trust presented
+ certificates.
+ </adm:synopsis>
+ <adm:tag name="security" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-trust-manager-provider</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicate whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ The fully-qualified name of the Java class that provides
+ the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.TrustManagerProvider
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustStoreBackendConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustStoreBackendConfiguration.xml
new file mode 100644
index 0000000..5e00fa1
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/TrustStoreBackendConfiguration.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="trust-store-backend"
+ plural-name="trust-store-backends" extends="backend"
+ package="org.forgerock.opendj.admin" advanced="true"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides an LDAP view of a file-based trust store. It is used by the
+ administrative cryptographic framework.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-trust-store-backend</ldap:name>
+ <ldap:superior>ds-cfg-backend</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.backends.TrustStoreBackend
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="writability-mode">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>enabled</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="trust-store-file" mandatory="true">
+ <adm:TODO>Should use a file-based property definition?</adm:TODO>
+ <adm:synopsis>
+ Specifies the path to the file that stores the trust information.
+ </adm:synopsis>
+ <adm:description>
+ It may be an absolute path, or a path that is relative to the
+ <adm:product-name />
+ instance root.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>config/ads-truststore</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-file</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="trust-store-type">
+ <adm:TODO>
+ Can we restrict this to an enumeration? How can the client guess
+ which values are possible? What is the default value?
+ </adm:TODO>
+ <adm:synopsis>
+ Specifies the format for the data in the key store file.
+ </adm:synopsis>
+ <adm:description>
+ Valid values should always include 'JKS' and 'PKCS12', but
+ different implementations may allow other values as well.
+ </adm:description>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Changes to this property take effect the next time that
+ the key manager is accessed.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>The JVM default value is used.</adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-trust-store-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property-reference name="trust-store-pin" />
+ <adm:property-reference name="trust-store-pin-property" />
+ <adm:property-reference name="trust-store-pin-environment-variable" />
+ <adm:property-reference name="trust-store-pin-file" />
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueAttributePluginConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueAttributePluginConfiguration.xml
new file mode 100644
index 0000000..f9aa374
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueAttributePluginConfiguration.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="unique-attribute-plugin"
+ plural-name="unique-attribute-plugins"
+ package="org.forgerock.opendj.admin" extends="plugin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ enforces constraints on the value of an attribute within a
+ portion of the directory.
+ </adm:synopsis>
+ <adm:description>
+ The values for each attribute must be unique within each base DN
+ specified in the plugin's base-dn property or within all of the
+ server's public naming contexts if no base DNs were specified.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-unique-attribute-plugin</ldap:name>
+ <ldap:superior>ds-cfg-plugin</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.plugins.UniqueAttributePlugin
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property-override name="plugin-type" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>preoperationadd</adm:value>
+ <adm:value>preoperationmodify</adm:value>
+ <adm:value>preoperationmodifydn</adm:value>
+ <adm:value>postoperationadd</adm:value>
+ <adm:value>postoperationmodify</adm:value>
+ <adm:value>postoperationmodifydn</adm:value>
+ <adm:value>postsynchronizationadd</adm:value>
+ <adm:value>postsynchronizationmodify</adm:value>
+ <adm:value>postsynchronizationmodifydn</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="type" mandatory="true" multi-valued="true">
+ <adm:synopsis>
+ Specifies the type of attributes to check for value uniqueness.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies a base DN within which the attribute must be unique.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The plug-in uses the server's public naming contexts in the
+ searches.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueCharactersPasswordValidatorConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueCharactersPasswordValidatorConfiguration.xml
new file mode 100644
index 0000000..cf0a328
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UniqueCharactersPasswordValidatorConfiguration.xml
@@ -0,0 +1,97 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="unique-characters-password-validator"
+ plural-name="unique-characters-password-validators"
+ package="org.forgerock.opendj.admin" extends="password-validator"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is used to determine whether a proposed password is acceptable based
+ on the number of unique characters that it contains.
+ </adm:synopsis>
+ <adm:description>
+ This validator can be used to prevent simple passwords that contain only
+ a few characters like "aabbcc" or "abcabc".
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-unique-characters-password-validator</ldap:name>
+ <ldap:superior>ds-cfg-password-validator</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.UniqueCharactersPasswordValidator
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="min-unique-characters" mandatory="true">
+ <adm:synopsis>
+ Specifies the minimum number of unique characters that a password
+ will be allowed to contain.
+ </adm:synopsis>
+ <adm:description>
+ A value of zero indicates that no minimum value is
+ enforced.
+ </adm:description>
+ <adm:syntax>
+ <adm:integer lower-limit="0" />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-min-unique-characters</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="case-sensitive-validation" mandatory="true">
+ <adm:synopsis>
+ Indicates whether this password validator should treat password
+ characters in a case-sensitive manner.
+ </adm:synopsis>
+ <adm:description>
+ A value of true indicates that the validator does not consider
+ a capital letter to be the same as its lower-case counterpart.
+ A value of false indicates that the validator ignores
+ differences in capitalization when looking at the number of
+ unique characters in the password.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-case-sensitive-validation</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UserDefinedVirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UserDefinedVirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..64aa365
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/UserDefinedVirtualAttributeConfiguration.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="user-defined-virtual-attribute"
+ plural-name="user-defined-virtual-attributes"
+ package="org.forgerock.opendj.admin" extends="virtual-attribute"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ creates virtual attributes with user-defined values in
+ entries that match the criteria defined in the plug-in's
+ configuration.
+ </adm:synopsis>
+ <adm:description>
+ The functionality of these attributes is similar to Class
+ of Service (CoS) in the Sun Java System Directory Server.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-user-defined-virtual-attribute</ldap:name>
+ <ldap:superior>ds-cfg-virtual-attribute</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.UserDefinedVirtualAttributeProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+ <adm:property name="value" mandatory="true" multi-valued="true">
+ <adm:synopsis>
+ Specifies the values to be included in the virtual
+ attribute.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:string />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-value</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VersionMonitorProviderConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VersionMonitorProviderConfiguration.xml
new file mode 100644
index 0000000..bd70e87
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VersionMonitorProviderConfiguration.xml
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="version-monitor-provider"
+ plural-name="version-monitor-providers"
+ package="org.forgerock.opendj.admin" extends="monitor-provider"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ can be used to publish directory server version information.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-version-monitor-provider</ldap:name>
+ <ldap:superior>ds-cfg-monitor-provider</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.monitors.VersionMonitorProvider
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualAttributeConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualAttributeConfiguration.xml
new file mode 100644
index 0000000..a407387
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualAttributeConfiguration.xml
@@ -0,0 +1,276 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="virtual-attribute"
+ plural-name="virtual-attributes" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ are responsible for dynamically generating attribute values that
+ appear in entries but are not persistently stored in the backend.
+ </adm:synopsis>
+ <adm:description>
+ Virtual attributes are associated with a virtual attribute
+ provider, which contains the logic for generating the value.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-virtual-attribute</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the virtual attribute
+ provider class that generates the attribute values.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.VirtualAttributeProvider
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="attribute-type" mandatory="true">
+ <adm:synopsis>
+ Specifies the attribute type for the attribute whose values are to
+ be dynamically assigned by the virtual attribute.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:attribute-type />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-attribute-type</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the base DNs for the branches containing entries that
+ are eligible to use this virtual attribute.
+ </adm:synopsis>
+ <adm:description>
+ If no values are given, then the server generates virtual attributes
+ anywhere in the server.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The location of the entry in the server is not taken into
+ account when determining whether an entry is eligible to use
+ this virtual attribute.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="scope">
+ <adm:synopsis>
+ Specifies the LDAP scope associated with base DNs for entries that are
+ eligible to use this virtual attribute.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>whole-subtree</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="base-object">
+ <adm:synopsis>Search the base object only.</adm:synopsis>
+ </adm:value>
+ <adm:value name="single-level">
+ <adm:synopsis>
+ Search the immediate children of the base object but do not
+ include any of their descendants or the base object itself.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="subordinate-subtree">
+ <adm:synopsis>
+ Search the entire subtree below the base object but do not
+ include the base object itself.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="whole-subtree">
+ <adm:synopsis>
+ Search the base object and the entire subtree below the base
+ object.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-scope</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="group-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the DNs of the groups whose members can be eligible to
+ use this virtual attribute.
+ </adm:synopsis>
+ <adm:description>
+ If no values are given, then group
+ membership is not taken into account when generating the virtual
+ attribute. If one or more group DNs are specified, then only
+ members of those groups are allowed to have the virtual attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ Group membership is not taken into account when
+ determining whether an entry is eligible to use this virtual
+ attribute.
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-group-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="filter" multi-valued="true">
+ <adm:synopsis>
+ Specifies the search filters to be applied against entries to
+ determine if the virtual attribute is to be generated for those
+ entries.
+ </adm:synopsis>
+ <adm:description>
+ If no values are given, then any entry is eligible to
+ have the value generated. If one or more filters are specified,
+ then only entries that match at least one of those filters are
+ allowed to have the virtual attribute.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>(objectClass=*)</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid search filter string.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-filter</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="conflict-behavior">
+ <adm:synopsis>
+ Specifies the behavior that the server is to exhibit for entries
+ that already contain one or more real values for the associated
+ attribute.
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>real-overrides-virtual</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:enumeration>
+ <adm:value name="real-overrides-virtual">
+ <adm:synopsis>
+ Indicates that any real values contained in the entry are
+ preserved and used, and virtual values are not generated.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="virtual-overrides-real">
+ <adm:synopsis>
+ Indicates that the virtual attribute provider suppresses
+ any real values contained in the entry
+ and generates virtual values and uses them.
+ </adm:synopsis>
+ </adm:value>
+ <adm:value name="merge-real-and-virtual">
+ <adm:synopsis>
+ Indicates that the virtual attribute provider
+ is to preserve any real values contained in the entry
+ and merge them with the set of generated virtual values
+ so that both the real and virtual values are used.
+ </adm:synopsis>
+ </adm:value>
+ </adm:enumeration>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-conflict-behavior</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualStaticGroupImplementationConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualStaticGroupImplementationConfiguration.xml
new file mode 100644
index 0000000..badef88
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/VirtualStaticGroupImplementationConfiguration.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="virtual-static-group-implementation"
+ plural-name="virtual-static-group-implementations"
+ package="org.forgerock.opendj.admin" extends="group-implementation"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides a grouping mechanism in which the membership for the
+ virtual static group is based on the membership for another group
+ defined within the server.
+ </adm:synopsis>
+ <adm:description>
+ The primary benefit of virtual static groups is that they make it
+ possible to present other types of groups (for example, dynamic groups) as
+ if they were static groups for the benefit of applications that do
+ not support alternate grouping mechanisms.
+ </adm:description>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-virtual-static-group-implementation</ldap:name>
+ <ldap:superior>ds-cfg-group-implementation</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.VirtualStaticGroup
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WhoAmIExtendedOperationHandlerConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WhoAmIExtendedOperationHandlerConfiguration.xml
new file mode 100644
index 0000000..d327629
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WhoAmIExtendedOperationHandlerConfiguration.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="who-am-i-extended-operation-handler"
+ plural-name="who-am-i-extended-operation-handlers"
+ package="org.forgerock.opendj.admin"
+ extends="extended-operation-handler"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides the ability for clients to request their authorization
+ identity using the "Who Am I?" extended operation as defined in RFC
+ 4532.
+ </adm:synopsis>
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-who-am-i-extended-operation-handler</ldap:name>
+ <ldap:superior>ds-cfg-extended-operation-handler</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property-override name="java-class" advanced="true">
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ org.opends.server.extensions.WhoAmIExtendedOperation
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
+ </adm:property-override>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkQueueConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkQueueConfiguration.xml
new file mode 100644
index 0000000..759a231
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkQueueConfiguration.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="work-queue" plural-name="work-queues"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ provides the configuration for the server work queue and
+ is responsible for ensuring that requests received from clients are
+ processed in a timely manner.
+ </adm:synopsis>
+ <adm:description>
+ Only a single work queue can be defined in the server.
+ Whenever a connection handler receives a client request, it should
+ place the request in the work queue to be processed
+ appropriately.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-work-queue</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:profile name="cli">
+ <cli:managed-object custom="true" />
+ </adm:profile>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.api.WorkQueue
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowConfiguration.xml
new file mode 100644
index 0000000..ed137fb
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowConfiguration.xml
@@ -0,0 +1,107 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions Copyright 2011 ForgeRock AS
+ ! -->
+<adm:managed-object name="workflow" plural-name="workflows"
+ package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ The
+ <adm:user-friendly-name />
+ is a list of processing steps (Work Flow Elements) that are applied
+ to data as it is retrieved from the directory server.
+ </adm:synopsis>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-workflow</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use in the server.
+ </adm:synopsis>
+ <adm:description>
+ If a
+ <adm:user-friendly-name />
+ is not enabled, then its contents are not accessible when
+ processing operations.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="workflow-element" mandatory="true">
+ <adm:synopsis>
+ Specifies the root Workflow Element in the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:aggregation relation-name="workflow-element"
+ parent-path="/">
+ <adm:constraint>
+ <adm:synopsis>
+ The referenced workflow element must be enabled.
+ </adm:synopsis>
+ <adm:target-is-enabled-condition>
+ <adm:contains property="enabled" value="true" />
+ </adm:target-is-enabled-condition>
+ </adm:constraint>
+ </adm:aggregation>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-workflow-element</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="base-dn" mandatory="true" read-only="true">
+ <adm:synopsis>
+ Specifies the base DN of the data targeted by the
+ <adm:user-friendly-name />
+ .
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowElementConfiguration.xml b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowElementConfiguration.xml
new file mode 100644
index 0000000..6284ef9
--- /dev/null
+++ b/opendj-admin/src/main/resources/definitions/org/forgerock/opendj/admin/WorkflowElementConfiguration.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! -->
+<adm:managed-object name="workflow-element"
+ plural-name="workflow-elements" package="org.forgerock.opendj.admin"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <adm:synopsis>
+ <adm:user-friendly-plural-name />
+ implement a single processing step in a Work Flow.
+ </adm:synopsis>
+ <adm:description>
+ A
+ <adm:user-friendly-name />
+ can perform a task such as mapping DNs, renaming attributes,
+ filtering attributes, joining data sources, proxying, or
+ load-balancing. The simplest
+ <adm:user-friendly-name />
+ is the Local Backend Work Flow Element, which routes data
+ to a Backend.
+ </adm:description>
+ <adm:tag name="core-server" />
+ <adm:profile name="ldap">
+ <ldap:object-class>
+ <ldap:name>ds-cfg-workflow-element</ldap:name>
+ <ldap:superior>top</ldap:superior>
+ </ldap:object-class>
+ </adm:profile>
+ <adm:property name="enabled" mandatory="true">
+ <adm:synopsis>
+ Indicates whether the
+ <adm:user-friendly-name />
+ is enabled for use in the server.
+ </adm:synopsis>
+ <adm:description>
+ If a
+ <adm:user-friendly-name />
+ is not enabled, then its contents are not accessible when
+ processing operations.
+ </adm:description>
+ <adm:syntax>
+ <adm:boolean />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-enabled</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+ <adm:property name="java-class" mandatory="true">
+ <adm:synopsis>
+ Specifies the fully-qualified name of the Java class that provides the
+ <adm:user-friendly-name />
+ implementation.
+ </adm:synopsis>
+ <adm:syntax>
+ <adm:java-class>
+ <adm:instance-of>
+ org.opends.server.workflowelement.WorkflowElement
+ </adm:instance-of>
+ </adm:java-class>
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-java-class</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
+</adm:managed-object>
diff --git a/opendj-admin/src/main/resources/stylesheets/abbreviations.xsl b/opendj-admin/src/main/resources/stylesheets/abbreviations.xsl
new file mode 100644
index 0000000..6c02a0d
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/abbreviations.xsl
@@ -0,0 +1,61 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008-2009 Sun Microsystems, Inc.
+ ! Portions copyright 2011-2013 ForgeRock AS
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ This XSLT file contains a list of acronyms and abbreviations which should
+ be converted to upper-case when used in applications (e.g. as Java names).
+ -->
+ <!--
+ Determines whether or not the provided word is a known abbreviation or
+ acronym.
+
+ @param value The word.
+
+ @return Returns the string "true" if the word is an abbreviation.
+ -->
+ <xsl:template name="is-abbreviation">
+ <xsl:param name="value" select="/.." />
+ <xsl:value-of
+ select="$value = 'aci' or $value = 'ip' or $value = 'ssl'
+ or $value = 'dn' or $value = 'rdn' or $value = 'jmx'
+ or $value = 'smtp' or $value = 'http' or $value = 'https'
+ or $value = 'ldap' or $value = 'ldaps' or $value = 'ldif'
+ or $value = 'jdbc' or $value = 'tcp' or $value = 'tls'
+ or $value = 'pkcs11' or $value = 'sasl' or $value = 'gssapi'
+ or $value = 'md5' or $value = 'je' or $value = 'dse'
+ or $value = 'fifo' or $value = 'vlv' or $value = 'uuid'
+ or $value = 'md5' or $value = 'sha1' or $value = 'sha256'
+ or $value = 'sha384' or $value = 'sha512' or $value = 'tls'
+ or $value = 'des' or $value = 'aes' or $value = 'rc4'
+ or $value = 'db' or $value = 'snmp' or $value = 'qos'
+ or $value = 'ecl' or $value = 'ttl' or $value = 'jpeg'
+ or $value = 'pbkdf2'
+ "/>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/admin-cli.xsd b/opendj-admin/src/main/resources/stylesheets/admin-cli.xsd
new file mode 100644
index 0000000..f9f2d55
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/admin-cli.xsd
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema targetNamespace="http://www.opends.org/admin-cli"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified" xmlns:adm="http://www.opends.org/admin"
+ xmlns:tns="http://www.opends.org/admin-cli">
+ <xsd:import namespace="http://www.opends.org/admin"
+ schemaLocation="admin.xsd" />
+ <xsd:annotation>
+ <xsd:documentation>
+ This schema defines the elements and attributes of the "cli"
+ profile. This profile provides the ability to annotate managed
+ object definitions, properties, and relations with additional
+ information which the CLI can use to provide a better user
+ experience.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="managed-object">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines CLI annotations for use with managed object definitions.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="custom" default="false" type="xsd:boolean">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether the CLI should refer to this managed
+ object type as "custom" as opposed to "generic". Custom
+ managed object types generally are the top-level type of
+ component (e.g. connection-handler but not
+ ldap-connection-handler) having a non-advanced java-class
+ property. Users create this type of component with a custom
+ implementation class. It is better to refer to these as
+ "custom" since the term "generic" can mislead users (e.g.
+ many users confuse a generic backend as being a JE backend).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="relation">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines CLI annotations for use with relation definitions.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="default-property" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of a property in the referenced managed object
+ (or one of its sub-types) which will be displayed by
+ default in list-xxx sub-commands.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="name" type="adm:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of a property in the referenced managed
+ object (or one of its sub-types) which will be
+ displayed by default in list-xxx sub-commands.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="naming-argument-override"
+ type="adm:name-type" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ A command-line argument name which should be used to
+ override the default argument name used to identify managed
+ objects referenced by this relation. By default the
+ command-line argument name is derived by taking the last
+ word in the relation name and appending "-name". For
+ example, the relation "certificate-mapper" becomes
+ "mapper-name".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>
diff --git a/opendj-admin/src/main/resources/stylesheets/admin-ldap.xsd b/opendj-admin/src/main/resources/stylesheets/admin-ldap.xsd
new file mode 100644
index 0000000..7bebcb7
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/admin-ldap.xsd
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema targetNamespace="http://www.opends.org/admin-ldap"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ xmlns:tns="http://www.opends.org/admin-ldap">
+ <xsd:annotation>
+ <xsd:documentation>
+ This schema defines the elements and attributes of the "ldap"
+ profile. This profile specifies the relationship between managed
+ objects and their representation in LDAP. For example, each
+ managed object is associated with an LDAP object class and each
+ property is associated with an LDAP attribute. Using this profile
+ it should also be possible to generate the LDAP configuration
+ schema.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType name="name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A LDAP attribute type or object class name.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:restriction base="xsd:token">
+ <xsd:pattern value="[a-zA-Z][a-zA-Z0-9\-_]*" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="object-class">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines which LDAP object class a managed object should be
+ mapped to.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="name" type="tns:name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the LDAP object class.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="superior" type="tns:name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the parent LDAP object class.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="attribute">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines which LDAP attribute a managed object property should be
+ mapped to.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="name" type="tns:name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the LDAP attribute.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="naming-attribute" type="tns:name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines which LDAP attribute should be used to name child
+ managed objects referenced by a relation. When not specified,
+ "cn" is used by default. When the relation uses a naming
+ property this element is not required, instead the LDAP
+ attribute associated with the naming property will be used.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="rdn-sequence" type="xsd:token">
+ <xsd:annotation>
+ <xsd:documentation>A sequence of RDNs.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+</xsd:schema>
diff --git a/opendj-admin/src/main/resources/stylesheets/admin-preprocessor.xsd b/opendj-admin/src/main/resources/stylesheets/admin-preprocessor.xsd
new file mode 100644
index 0000000..1049f00
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/admin-preprocessor.xsd
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema targetNamespace="http://www.opends.org/admin-preprocessor"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:admin="http://www.opends.org/admin"
+ elementFormDefault="qualified"
+ xmlns:tns="http://www.opends.org/admin-preprocessor">
+ <xsd:import namespace="http://www.opends.org/admin"
+ schemaLocation="admin.xsd" />
+ <xsd:annotation>
+ <xsd:documentation>
+ This schema defines the elements and attributes which are added to
+ managed object definitions and property definitions in the
+ "preprocessor" profile.
+ </xsd:documentation>
+ <xsd:documentation>
+ Managed object definitions are annotated by listing the parent
+ managed objects which the definition inherits from. This can be
+ used to enforce a simple managed object naming scheme where
+ sub-definitions use the uppermost definition's name as a suffix.
+ For example, "ldap-connection-handler" is derived from
+ "connection-handler", and therefore has the suffix
+ "-connection-handler". Applications can take advantage of this
+ naming schema to shorten sub-definition names where appropriate.
+ For example, a CLI which supports creation of connection handlers,
+ can use remove the suffix from "ldap-connection-handler" in order
+ to derive a "type", in this case "ldap".
+ </xsd:documentation>
+ <xsd:documentation>
+ Each property definition is annotated as follows: firstly a
+ "managed-object" element is added defining the name and package of
+ the managed object which defines the property (i.e. this will be a
+ parent managed object for inherited properties). Secondly, if the
+ property is referenced from a Property.xml file, an additional
+ "package" element is appended identifying the referenced package.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="last-defined-in">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the name and package of the last managed object
+ definition which defined or overrides this property definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="name" type="admin:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="admin:package-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the package containing the managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="first-defined-in">
+ <xsd:annotation>
+ <xsd:documentation>
+ This optional element specifies the location where the property
+ was first defined. This may be in a referenced Package.xml
+ definition, or in an overridden parent definition. This element
+ is only present when the package/name attributes would differ
+ from those specified in the last-defined-in element.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="name" type="admin:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the managed object if applicable.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="admin:package-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the package.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="parent-managed-object">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the name and package of a parent managed object
+ definition. Elements are order such that the immediate parent is
+ the first node in document order and the last element represents
+ the uppermost definition in the inheritance hierarchy.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="name" type="admin:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the parent managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="admin:package-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the package containing the parent managed
+ object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>
\ No newline at end of file
diff --git a/opendj-admin/src/main/resources/stylesheets/admin.xsd b/opendj-admin/src/main/resources/stylesheets/admin.xsd
new file mode 100644
index 0000000..01bb283
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/admin.xsd
@@ -0,0 +1,2243 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xsd:schema targetNamespace="http://www.opends.org/admin"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ xmlns:tns="http://www.opends.org/admin">
+ <xsd:import namespace="http://www.opends.org/admin-ldap"
+ schemaLocation="admin-ldap.xsd" />
+ <xsd:import namespace="http://www.opends.org/admin-preprocessor"
+ schemaLocation="admin-preprocessor.xsd" />
+ <xsd:annotation>
+ <xsd:documentation>
+ This schema defines the XML schema elements and attributes which
+ should be used to specify the server's configuration model.
+ Broadly speaking, there are three main components to this schema:
+ managed objects, properties, and relations. Using these components
+ it is possible to model the server's configuration based on its
+ configurable components (managed objects), their configurable
+ attributes (properties), and their relationships with other
+ configurable components (relations).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType name="managed-object-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the structure of a configurable component within the
+ configuration. A managed object comprises of zero or more
+ properties, and zero or more relations with other managed
+ objects. A managed object can be abstract, indicating that it
+ cannot be instantiated directly, and that it is intended as a
+ base definition from which other child managed objects inherit
+ their behavior. Conversely, a managed object can be derived from
+ a parent managed object definition. In this case, the managed
+ object will inherit the properties and relations defined by the
+ parent. Multiple levels of inheritance are supported, but
+ multiple inheritance is not.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="TODO" minOccurs="0" type="xsd:string"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation specifying remaining work or unsolved problems
+ relating to this managed object definition. Its use is
+ primarily for development purposes and should not be
+ processed by applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="user-friendly-name" minOccurs="0"
+ type="tns:description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The user friendly name of this managed object. This element
+ is optional and by default the user friendly name is derived
+ from the definition's name attribute.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="user-friendly-plural-name" minOccurs="0"
+ type="tns:description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The user friendly plural name of this managed object. This
+ element is optional and by default the user friendly plural
+ name is derived from the definition's plural-name attribute.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="synopsis" type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this managed object. The description
+ should describe, preferably in one sentence, the purpose of
+ this managed object. The synopsis should be suitable for use
+ in applications such as tool-tips, CLI help, and the summary
+ description in Javadoc. It is possible to embed rich content
+ including XHTML markup (this will only be used where
+ supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="description" minOccurs="0"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A detailed description of this managed object. The
+ description should describe in detail the purpose of this
+ managed object. The description should be suitable for use
+ in applications such as manual pages or detailed help. It
+ does not need to repeat anything described in the synopsis
+ as applications should normally display the two together. It
+ is possible to embed rich content including XHTML markup
+ (this will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="tag" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of a tag defined in the root configuration
+ definition. Tags can be used to group related managed object
+ definitions together. For example, all managed objects that
+ are associated with password management might be tagged with
+ "password" (assuming that there is a "password" tag defined
+ in the root configuration). Tags are inherited by derived
+ managed object definitions.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the referenced tag. There must be an
+ accompanying tag definition in the root configuration
+ definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="constraint" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ A constraint on the properties of this managed object. A
+ constraint comprises of a condition which must always
+ evaluate to true before a modification is permitted.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this constraint. The
+ description should describe, preferably in one
+ sentence, the purpose the condition associated with
+ this constraint. The synopsis should be suitable for
+ use in applications such as tool-tips, CLI help, and
+ the summary description in Javadoc. It is possible to
+ embed rich content including XHTML markup (this will
+ only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="condition">
+ <xsd:annotation>
+ <xsd:documentation>
+ The condition associated with this constraint. The
+ condition must evaluate to true before modifications
+ are permitted.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="profile" type="tns:profile-type" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation relating to this managed object. Annotations
+ can define additional information which cannot be directly
+ represented using this XML schema. The additional
+ information can relate to specific applications such as LDAP
+ (e.g. LDAP object classes), CLIs (e.g. sub-command name),
+ GUIs (e.g. how properties should be arranged and grouped in
+ a window).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="relation" maxOccurs="unbounded" minOccurs="0"
+ type="tns:relation-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies a composition relationship between this managed
+ object and other "child" managed objects. The relationship
+ can be a singleton relationship (i.e. one to one), an
+ optional relationship (i.e. one to zero or one), or a one to
+ many relationship.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="property" type="tns:property-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a configurable property of this managed object. A
+ property's value or values affects the behavior of this
+ managed object. Various different types of properties are
+ supported, for example, strings, integers, etc. A property
+ definition must not override a property defined elsewhere
+ in this managed object or property inherited from a parent
+ definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="property-override"
+ type="tns:property-override-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Overrides a property definition inherited from a parent
+ managed object definition. Using a property override it is
+ possible to modify the behavior of an inherited property
+ definition in a non-critical way. For example, a managed
+ object definition might override the default behavior of
+ an inherited Java implementation class property so that
+ new instances are created with the correct default
+ implementation class.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="property-reference"
+ type="tns:property-reference-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A reference to a common property definition defined in a
+ package, which should be part of this managed object's
+ definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="rich-description-type" mixed="true">
+ <xsd:annotation>
+ <xsd:documentation>
+ An internationalized description string which can contain XHTML
+ markup.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:any namespace="http://www.w3.org/1999/xhtml"
+ processContents="lax" />
+ <xsd:element name="product-name">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the product associated with this definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="user-friendly-name">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the managed object associated with this
+ definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="user-friendly-plural-name">
+ <xsd:annotation>
+ <xsd:documentation>
+ The plural name of the managed object associated with this
+ definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An internationalized description string which cannot contain
+ XHTML markup.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:token" />
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="property-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a configurable property of a managed object. A
+ property's value or values affects the behavior of the
+ associated managed object. Various different types of properties
+ are supported, for example, strings, integers, etc. A property
+ definition must not override a property defined elsewhere in the
+ managed object or property inherited from a parent managed
+ object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="TODO" minOccurs="0" type="xsd:string"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation specifying remaining work or unsolved problems
+ relating to this property definition. Its use is primarily
+ for development purposes and should not be processed by
+ applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="synopsis" type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this property. The description should
+ describe, preferably in one sentence, the purpose of this
+ property. It does not need to provide details regarding
+ default behavior, syntax, nor how changes take effect (e.g.
+ immediately, post-restart, etc). The synopsis should be
+ suitable for use in applications such as tool-tips, CLI
+ help, and the summary description in Javadoc. It is possible
+ to embed rich content including XHTML markup (this will only
+ be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="description" minOccurs="0"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A detailed description of this property. The description
+ should describe in detail the purpose of this property. The
+ description should be suitable for use in applications such
+ as manual pages or detailed help. It does not need to repeat
+ anything described in the synopsis as applications should
+ normally display the two together. In addition, it does not
+ need to provide details regarding default behavior, syntax,
+ nor how changes take effect (e.g. immediately, post-restart,
+ etc). It is possible to embed rich content including XHTML
+ markup (this will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="requires-admin-action"
+ type="tns:admin-action-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines an optional action which administators must perform
+ after they have modified this property. By default
+ modifications to properties are assumed to take effect
+ immediately and require no additional administrative action.
+ Developers should be aware that, where feasible, they should
+ implement components such that property modifications
+ require no additional administrative action. This is
+ required in order to minimize server downtime during
+ administration and provide a more user-friendly experience.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="default-behavior" type="tns:default-type"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a default behavior for the property when it has no
+ values specified. All properties must have a default
+ behavior defined unless they are mandatory.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="syntax" type="tns:syntax-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the syntax of this property. This includes the data
+ type used for the property and additional constraints (e.g.
+ upper/lower bounds).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="profile" type="tns:profile-type" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation relating to this property. Annotations can
+ define additional information which cannot be directly
+ represented using this XML schema. The additional
+ information can relate to specific applications such as LDAP
+ (e.g. LDAP attributes), CLIs (e.g. operand name), GUIs (e.g.
+ how properties should be arranged and grouped in a window).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this property. The name should describe as
+ concisely as possible the purpose of this property and should
+ be suitable for use in Java method names (e.g. getters and
+ setters). The property name should be a string comprising of
+ short lower-case words joined with hyphens "-". For example,
+ "use-ssl".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="multi-valued" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property is multi-valued. By
+ default, properties are single-valued.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="read-only" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property is read-only. By
+ default, properties are not read-only. Read-only properties
+ can only be initialized during construction of the associated
+ managed object and cannot be modified once the managed object
+ has been created.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="monitoring" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property is read-only and
+ generated automatically by the server as monitoring
+ information. By default, properties are not for monitoring.
+ Monitoring properties are always read-only because their
+ values are generated by the server. During construction of a
+ managed object their values are undefined.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="mandatory" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property is mandatory. Mandatory
+ properties are usually those properties which have no sensible
+ default behavior and must, therefore, be specified by
+ administrators. If a mandatory property has default values
+ these will be used as the values for the property if none are
+ specified by the user.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="hidden" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property should be hidden from
+ client applications. Hidden properties should rarely be used
+ but are sometimes required in order to provide functionality
+ that needs to be exposed in management APIs but not in
+ front-ends such as CLIs.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="advanced" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property should be treated as an
+ advanced property and hidden by default in client
+ applications. Advanced properties should either be optional
+ (i.e. not mandatory) or be mandatory with default values. This
+ constraint is required so that users do not have to specify
+ values for advanced properties.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="property-reference-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A reference to a common property definition defined in a
+ package, which should be part of a managed object's definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="requires-admin-action"
+ type="tns:admin-action-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optionally override the administrative action defined in the
+ referenced property definition. An administrative action
+ defines an optional action which administators must perform
+ after they have modified this property. By default
+ modifications to properties are assumed to take effect
+ immediately and require no additional administrative action.
+ Developers should be aware that, where feasible, they should
+ implement components such that property modifications
+ require no additional administrative action. This is
+ required in order to minimize server downtime during
+ administration and provide a more user-friendly experience.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="default-behavior" type="tns:default-type"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optionally override the default behavior defined in the
+ referenced property definition. The default behavior is
+ applicable when the property has no values specified. All
+ properties must have a default behavior defined unless they
+ are mandatory.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the referenced property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="tns:package-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the referenced property. By default,
+ the package in which this managed object is defined will be
+ used.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="property-override-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Overrides a property definition inherited from a parent managed
+ object definition. Using a property override it is possible to
+ modify the behavior of an inherited property definition in a
+ non-critical way. For example, a managed object definition might
+ override the default behavior of an inherited Java
+ implementation class property so that new instances are created
+ with the correct default implementation class.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="requires-admin-action"
+ type="tns:admin-action-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optionally override the administrative action defined in the
+ overridden property definition. An administrative action
+ defines an optional action which administators must perform
+ after they have modified this property. By default
+ modifications to properties are assumed to take effect
+ immediately and require no additional administrative action.
+ Developers should be aware that, where feasible, they should
+ implement components such that property modifications
+ require no additional administrative action. This is
+ required in order to minimize server downtime during
+ administration and provide a more user-friendly experience.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="default-behavior" type="tns:default-type"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optionally override the default behavior defined in the
+ overridden property definition. The default behavior is
+ applicable when the property has no values specified. All
+ properties must have a default behavior defined unless they
+ are mandatory.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the overridden property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="advanced" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Optionally override the advanced option defined in the
+ overridden property definition. Indicates whether or not this
+ property should be treated as an advanced property and hidden
+ by default in client applications. Advanced properties should
+ either be optional (i.e. not mandatory) or be mandatory with
+ default values. This constraint is required so that users do
+ not have to specify values for advanced properties.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="default-managed-object-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the configuration of a default managed object which
+ should be created when a parent managed object is created. For
+ example, creation of a back-end could result in default indexes
+ being created.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="property" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies one or more initial values for a property in the
+ default managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" minOccurs="1"
+ maxOccurs="unbounded" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ The string representation of a value of this property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="managed-object-name" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The type of default managed object to be created. This must be
+ either the type of the managed object referenced by this
+ relation (this is the default behavior) or a sub-type.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-package" type="tns:package-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the default managed object definition
+ if it is not the same as this managed object's package.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="relation-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies a relationship between a managed object and other
+ managed objects. The relationship can be a singleton
+ relationship (i.e. one to one), an optional relationship (i.e.
+ one to zero or one), or a one to many relationship. Both
+ compositions (the default) and aggregations are supported.
+ Aggregations are defined by specifying the path to the
+ referenced managed objects in the aggregation attribute.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="TODO" minOccurs="0" type="xsd:string"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation specifying remaining work or unsolved problems
+ relating to this relation definition. Its use is primarily
+ for development purposes and should not be processed by
+ applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="synopsis" type="tns:rich-description-type"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional brief description of this relation. The
+ description should describe, preferably in one sentence, the
+ purpose of this relation. If a synopsis is not defined this
+ relation will inherit the synopsis of the referenced managed
+ object. If present, the synopsis should be suitable for use
+ in applications such as tool-tips, CLI help, and the summary
+ description in Javadoc. It is possible to embed rich content
+ including XHTML markup (this will only be used where
+ supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="description" minOccurs="0"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional detailed description of this relation. The
+ description should describe in detail the purpose of this
+ relation. The description should be suitable for use in
+ applications such as manual pages or detailed help. It does
+ not need to repeat anything described in the synopsis as
+ applications should normally display the two together. If a
+ description is not defined this relation will inherit the
+ description of the referenced managed object. It is possible
+ to embed rich content including XHTML markup (this will only
+ be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element name="one-to-one">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies a one to one (singleton) relationship with
+ another type of managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="default-managed-object"
+ type="tns:default-managed-object-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a default managed object configuration which
+ should be automatically created when the parent
+ managed object is created.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="one-to-zero-or-one">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies a one to zero or one (optional) relationship
+ with another type of managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="default-managed-object"
+ type="tns:default-managed-object-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a default managed object configuration which
+ should be automatically created when the parent
+ managed object is created.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="one-to-many">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies a one to many (instantiable) relationship with
+ another type of managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="default-managed-object" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines one or more default managed object
+ configurations which should be automatically created
+ when the parent managed object is created.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension
+ base="tns:default-managed-object-type">
+ <xsd:attribute name="name" type="xsd:string"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the name that should be used to
+ identify this default managed object
+ instance.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="unique" type="xsd:boolean"
+ use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this relation contains
+ unique members. If set to true then each
+ referenced managed object must have a distinct type.
+ In other words, there must not be more than one
+ referenced managed object having the same type. By
+ default, properties are single-valued.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="plural-name" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the plural name of this relation if
+ different from the plural name of the referenced
+ managed object type.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="naming-property" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the name of a property in the referenced
+ managed object which should be used for naming
+ instances. For example, an attribute index managed
+ object could be named according to the attribute that
+ it indexes. If present, the naming property must
+ reference a single-valued, mandatory, read-only
+ property. If it is not present, the administration
+ framework will use the default naming mechanism.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ <xsd:sequence>
+ <xsd:element name="profile" type="tns:profile-type"
+ minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation relating to this relation. Annotations can
+ define additional information which cannot be directly
+ represented using this XML schema. The additional
+ information can relate to specific applications such as
+ LDAP (e.g. an LDAP RDN representing the entry beneath
+ which managed objects should be located).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this relation. The name should describe as
+ concisely as possible the purpose of this relation and should
+ be suitable for use in Java method names (e.g. getters and
+ setters). The property name should be a string comprising of
+ short lower-case words joined with hyphens "-". For example,
+ "key-manager-provider". Usually the name will correspond to
+ the name of the referenced type of managed object. If it this
+ is not the case, then the type of referenced managed object
+ should be specified using the "managed-object-name" attribute.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-name" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The type of managed object referenced by this relation if
+ different from this relation's name.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-package" type="tns:package-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the referenced managed object
+ definition if it is not the same as this managed object's
+ package.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="advanced" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not managed objects referenced by this
+ relation should be treated as advanced and be hidden by
+ default in client applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="hidden" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this relation should be hidden from
+ client applications. Hidden relations should rarely be used
+ but are sometimes required in order to provide functionality
+ that needs to be exposed in management APIs but not in
+ front-ends such as CLIs.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="admin-action-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines an optional action which administators must perform
+ after they have modified a property. By default modifications to
+ properties are assumed to take effect immediately and require no
+ additional administrative action. Developers should be aware
+ that, where feasible, they should implement components such that
+ property modifications require no additional administrative
+ action. This is required in order to minimize server downtime
+ during administration and provide a more user-friendly
+ experience.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:choice>
+ <xsd:element name="none">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when modifications to a property take effect
+ immediately, and no additional administrator action is
+ required.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional description which can be used to describe
+ how changes to the modified property will take effect.
+ If present, the synopsis should be suitable for use in
+ applications such as tool-tips, CLI help, and the
+ summary description in Javadoc. It is possible to
+ embed rich content including XHTML markup (this will
+ only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="server-restart">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when modifications to a property require a server
+ restart in order to take effect.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional description of this required
+ administrative action. The description should
+ describe, preferably in one sentence, what additional
+ administrator action is required when the server is
+ restarted. If present, the synopsis should be suitable
+ for use in applications such as tool-tips, CLI help,
+ and the summary description in Javadoc. It is possible
+ to embed rich content including XHTML markup (this
+ will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="component-restart">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when modifications to a property require a component
+ restart in order to take effect (usually by disabling and
+ re-enabling the component).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional description of this required
+ administrative action. The description should
+ describe, preferably in one sentence, what additional
+ administrator action is required when the component is
+ restarted. If present, the synopsis should be suitable
+ for use in applications such as tool-tips, CLI help,
+ and the summary description in Javadoc. It is possible
+ to embed rich content including XHTML markup (this
+ will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="other">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when modifications to a property require an additional
+ administrative action in order to take effect. This should
+ be used when neither a server restart nor a component
+ restart are applicable.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this required administrative
+ action. The description should describe, preferably in
+ one sentence, what additional administrator action is
+ required when this property is modified. If present,
+ the synopsis should be suitable for use in
+ applications such as tool-tips, CLI help, and the
+ summary description in Javadoc. It is possible to
+ embed rich content including XHTML markup (this will
+ only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="default-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a default behavior for a property when it has no values
+ specified. All properties must have a default behavior defined
+ unless they are mandatory.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:choice>
+ <xsd:element name="undefined">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when a property has no tangible default behavior - its
+ default behavior is undefined.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="alias">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when a property defaults to some special behavior that
+ cannot be represented using property values.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this default behavior. The
+ description should describe, preferably in one
+ sentence, the default behavior. If present, the
+ synopsis should be suitable for use in applications
+ such as tool-tips, CLI help, and the summary
+ description in Javadoc. It is possible to embed rich
+ content including XHTML markup (this will only be used
+ where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="profile" type="tns:profile-type"
+ minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation relating to this default behavior.
+ Annotations can define additional information which
+ cannot be directly represented using this XML schema.
+ The additional information can relate to specific
+ applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="defined">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when a property defaults to one or more real values of
+ the property.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" minOccurs="1"
+ maxOccurs="unbounded" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ The string representation of a value of this property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="inherited">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when a property defaults one or more values taken from
+ a property in another managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element name="relative">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when the managed object providing the default
+ values is located relative to this managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="offset" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The relative location of the managed object (where
+ 0 is this managed object, 1 is the parent, and 2
+ is the grand-parent).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:integer">
+ <xsd:minInclusive value="0" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-name"
+ type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The type of managed object providing the default
+ values.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-package"
+ type="tns:package-type" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the managed object
+ definition if it is not the same as this managed
+ object's package.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="property-name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the property containing the default
+ values.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="absolute">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used when the managed object providing the default
+ values is in a known absolute location.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="path" type="tns:path-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The location of the managed object containing the
+ default values.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="property-name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the property containing the default
+ values.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="syntax-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the syntax of a property. This includes the data type
+ used for the property and additional constraints on the values
+ it contains (e.g. upper/lower bounds).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:choice>
+ <xsd:element name="aggregation">
+ <xsd:annotation>
+ <xsd:documentation>
+ An aggregation property names one or more managed objects
+ which are required by the managed object associated with
+ this property. An aggregation property definition takes care
+ to perform referential integrity checks: referenced managed
+ objects cannot be deleted. Nor can an aggregation reference
+ non-existent managed objects. Referential integrity checks
+ are not performed during value validation. Instead they are
+ performed when changes to the managed object are committed.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="constraint" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional constraint on the relationship between
+ this managed object and referenced managed objects.
+ The constraint specifies when and how referenced
+ managed objects must be enabled.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of the constraints
+ applicable to referenced managed objects. The
+ description should describe, preferably in one
+ sentence, when referenced should be enabled and
+ how they should be enabled. The synopsis should
+ be suitable for use in applications such as
+ tool-tips, CLI help, and the summary description
+ in Javadoc. It is possible to embed rich content
+ including XHTML markup (this will only be used
+ where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="target-needs-enabling-condition"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which indicates whether or not
+ referenced managed objects must be enabled. The
+ default behavior is that all referenced managed
+ objects must be enabled.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="target-is-enabled-condition"
+ minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which indicates whether or not
+ referenced managed objects are enabled. Managed
+ objects are assumed to be enabled by default.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" />
+ </xsd:sequence>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="parent-path" type="tns:path-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the managed object which is the parent of
+ the aggregated managed objects.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="relation-name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The relation in the parent managed object which contains
+ the aggregated managed objects.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-name" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The type of managed object referenced by this
+ aggregation if different from this relation's name.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="managed-object-package"
+ type="tns:package-type" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the referenced managed object
+ definition if it is not the same as this managed
+ object's package.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="attribute-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain LDAP attribute type names.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="extensible-matching-rule-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain Extensible matching rule type names.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="boolean">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which are best represented using boolean
+ on/off type values.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="dn">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain LDAP distinguished names.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="base" minOccurs="0" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates that values of this property must be
+ immediately subordinate to the specified base DN.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="aci">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain dseecompat ACIs.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="java-class">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which reference a Java class. These are
+ typically used in plugins where the java class property
+ identifies a class implementing the plugin's functionality.
+ It is possible to restrict the values of this property using
+ the instance-of attribute. Note that it is only possible to
+ validate values on the server, since client applications
+ don't necessarily have the same classes on their class-path.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="instance-of" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates that values of this property must implement
+ the specified Java interface. Note that it is only
+ possible to perform validation on the server, since
+ client applications don't necessarily have the same
+ classes on their class-path.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:whiteSpace value="collapse" />
+ <xsd:pattern
+ value="([A-Za-z][A-Za-z0-9_]*\.)*[A-Za-z][A-Za-z0-9_]*" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="integer">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain integer values. Where
+ appropriate it is possible to provide a description of the
+ units for values of this property (e.g. "number of
+ threads").
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="unit-synopsis" minOccurs="0"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An optional description of the units for this value of
+ this property (e.g. "number of threads"). The
+ description should describe the unit, preferably in
+ one sentence. If present, the description should be
+ suitable for use in applications such as tool-tips,
+ CLI help, and the summary description in Javadoc. It
+ is possible to embed rich content including XHTML
+ markup (this will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="allow-unlimited" type="xsd:boolean"
+ use="optional" default="true">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property supports a
+ special value representing infinity. This is useful
+ where properties are used to constrain some behavior and
+ the administrator wishes to remove the constraint (e.g.
+ number of simultaneous client connections).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="lower-limit" type="xsd:integer"
+ use="optional" default="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates a lower limit for this integer property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="upper-limit" type="xsd:integer"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates an upper limit for this integer property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ip-address">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain IP addresses. IPv4 and
+ IPv6 address forms are supported. In addition name
+ resolution is performed when non-numeric addresses are
+ specified.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="ip-address-mask">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain IP address masks. IPv4 and
+ IPv6 address mask forms are supported.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="size">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which represent a computer storage size.
+ Sizes can be specified using both decimal and binary units.
+ For example, "1kb" represents 1000 bytes, and "1kib"
+ represents 1024 bytes. Values must always specify the unit
+ and can include a fractional part (e.g. 1.5mb). Both short
+ and long unit names are supported (e.g. "kb" and
+ "kilobytes").
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="allow-unlimited" type="xsd:boolean"
+ use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property supports a
+ special value representing infinity. This is useful
+ where properties are used to constrain some behavior and
+ the administrator wishes to remove the constraint (e.g.
+ maximum log size).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="lower-limit" type="xsd:string"
+ use="optional" default="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates a lower limit for this size property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="upper-limit" type="xsd:string"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates an upper limit for this size property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="duration">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain a time duration.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="base-unit" use="optional" default="s">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the minimum granularity which can be used to
+ specify duration property values. For example, if the
+ base unit is in seconds then values represented in
+ milliseconds will not be permitted. The default base
+ unit is seconds.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="ms" />
+ <xsd:enumeration value="s" />
+ <xsd:enumeration value="m" />
+ <xsd:enumeration value="h" />
+ <xsd:enumeration value="d" />
+ <xsd:enumeration value="w" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="maximum-unit" use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Specifies the biggest duration unit which can be used to
+ specify duration property values. Values presented in
+ units greater than this unit will not be permitted.
+ There is no default maximum unit.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="ms" />
+ <xsd:enumeration value="s" />
+ <xsd:enumeration value="m" />
+ <xsd:enumeration value="h" />
+ <xsd:enumeration value="d" />
+ <xsd:enumeration value="w" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="allow-unlimited" type="xsd:boolean"
+ use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this property supports a
+ special value representing infinity. This is useful
+ where properties are used to constrain some behavior and
+ the administrator wishes to remove the constraint (e.g.
+ connection time-out).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="lower-limit" type="xsd:string"
+ use="optional" default="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates a lower limit for this duration property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="upper-limit" type="xsd:string"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates an upper limit for this duration property.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="password">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain passwords. Values will be
+ represented using strings which are then encrypted.
+ Typically password properties are write-only and should
+ never be displayed in client applications (even during
+ creation).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ <xsd:element name="enumeration">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain values taken from a finite
+ set of values. There must be at least one possible value
+ defined.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="value" minOccurs="1"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines one of the possible values that this property
+ can contain.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A description of this enumeration value. The
+ description should describe the behavior
+ indicated by the value preferably in one
+ sentence. The description should be suitable for
+ use in applications such as tool-tips, CLI help,
+ and the summary description in Javadoc. It is
+ possible to embed rich content including XHTML
+ markup (this will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" use="required"
+ type="tns:name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this enumeration value. The name
+ should describe as concisely as possible the
+ behavior indicated by this value and should be
+ suitable for use in Java source code (e.g.
+ enumerations). The enumeration value name should
+ be a string comprising of short lower-case words
+ joined with hyphens "-". For example, "optional".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="string">
+ <xsd:annotation>
+ <xsd:documentation>
+ Used for properties which contain string values. It is
+ possible to contrain the permitted set of values using a
+ regular expression.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="pattern" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>
+ Constrains the permitted set of values using a regular
+ expression. All values of this property must match the
+ provided regular expression.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="regex" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ The regular expression conforming to the syntax
+ supported by the Java "java.util.regex.Pattern"
+ class.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="usage" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>
+ The usage string which should be displayed in
+ help relating to this string based property. For
+ example, a pattern which is used to match a
+ host/port string could have the usage HOST:PORT.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="synopsis"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An description of the regular expression (e.g.
+ "email address"). The description should
+ describe the type of string represented by the
+ regular expression, preferably in one sentence.
+ If present, the description should be suitable
+ for use in applications such as tool-tips, CLI
+ help, and the summary description in Javadoc. It
+ is possible to embed rich content including
+ XHTML markup (this will only be used where
+ supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="case-insensitive" type="xsd:boolean"
+ use="optional" default="true">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not values of this property should
+ be treated in a case-insensitive manner.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:simpleType name="name-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An identifier name comprising of a 1 or more sequences of lower
+ case letters or digits separated by a single hyphen '-'. The
+ first sequence must begin with a letter.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:restriction base="xsd:token">
+ <xsd:pattern value="[a-z][a-z0-9]*(-[a-z0-9]+)*" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="package-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An identifier name comprising of a 1 or more sequences of lower
+ case letters or digits separated by a single dot '.'. The first
+ sequence must begin with a letter.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:restriction base="xsd:token">
+ <xsd:pattern value="[a-z][a-z0-9]*(\.[a-z0-9]+)*" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="path-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A managed object path which can be used to specify the location
+ of referenced managed objects. A managed object path has a
+ similar syntax to unix file system paths, and comprises of zero
+ or more path elements separated by a forward slash "/". The root
+ configuration is referenced using the path "/". Subsequent path
+ elements identify subordinate managed objects. Each path element
+ is comprised of the relation name, an optional definition name,
+ and the name of the managed object instance if the relation is
+ one-to-many. The path "/relation=connection-handler+name=my
+ handler" identifies a connection handler called "my handler"
+ where "my handler" can be any type of connection handler. If "my
+ handler" must be an LDAP connection handler then the type needs
+ to be specified in the path:
+ "/relation=connection-handler+type=ldap-connection-handler+name=my
+ handler". The global configuration is identified by the path
+ "/relation=global-configuration" (no name is required because
+ the relation is one-to-one).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:restriction base="xsd:string">
+ <xsd:pattern
+ value="/|(/relation=[^/+]+(\+type=[^/+]+)?(\+name=[^/]+)?)+">
+ </xsd:pattern>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="profile-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation relating to the associated element. Annotations
+ can define additional information which cannot be directly
+ represented using this XML schema. The additional information
+ can relate to specific applications such as CLIs, GUIs, etc.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:any processContents="strict" maxOccurs="unbounded" />
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type" use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this profile e.g. "ldap".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:element name="root-managed-object">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the root managed object and its relationships with
+ top-level managed objects. The root managed object serves as a
+ single point of access to the rest of the configuration. It is
+ essentially a virtual managed object and has no properties of
+ its own, just relationships. There can only be a single root
+ managed object defined per configuration model.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="tns:managed-object-type">
+ <xsd:sequence>
+ <xsd:element name="product-name">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the product associated with this
+ configuration model.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:whiteSpace value="collapse" />
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:element name="tag-definition" minOccurs="0"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a tag which can be used to group related types
+ of managed object. Administration tools can take
+ advantage of managed object tags to make it easier for
+ users to discover related components.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="synopsis">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this tag. The description
+ should describe, preferably in one sentence, the
+ types of managed object that this tag applies
+ to. The synopsis should be suitable for use in
+ applications such as tool-tips, CLI help, and
+ the summary description in Javadoc. It is
+ possible to embed rich content including XHTML
+ markup (this will only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType mixed="true">
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:any
+ namespace="http://www.w3.org/1999/xhtml"
+ processContents="lax" />
+ <xsd:element name="product-name">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the product associated with
+ this definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType />
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this tag. The name should describe as
+ concisely as possible the purpose of this tag and
+ should be suitable for use in Java method names
+ (e.g. getters and setters). The property name
+ should be a string comprising of short lower-case
+ words joined with hyphens "-". For example,
+ "security".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:name-type"
+ fixed="root">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this root managed object, which is always
+ "root".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="tns:package-type"
+ fixed="org.forgerock.opendj.admin">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing this root managed object, which
+ is always "org.forgerock.opendj.admin".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="managed-object">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines the structure of a configurable component within the
+ configuration. A managed object comprises of zero or more
+ properties, and zero or more relations with other managed
+ objects. A managed object can be abstract, indicating that it
+ cannot be instantiated directly, and that it is intended as a
+ base definition from which other child managed objects inherit
+ their behavior. Conversely, a managed object can be derived from
+ a parent managed object definition. In this case, the managed
+ object will inherit the properties and relations defined by the
+ parent. Multiple levels of inheritance are supported, but
+ multiple inheritance is not.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="tns:managed-object-type">
+ <xsd:attribute name="name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of this managed object. The name should
+ describe as concisely as possible the role of this
+ managed object and should be suitable for use in Java
+ method names (e.g. class names). The managed object name
+ should be a string comprising of short lower-case words
+ joined with hyphens "-". For example,
+ "ldap-connection-handler". NOTE: a managed object name
+ must end in the name of the definition's uppermost
+ super-type. For example, "ldap-connection-handler" is a
+ sub-type of "connection-handler" and therefore ends in
+ "-connection-handler".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="plural-name" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The plural name of this managed object. The plural name
+ should correspond to the singular name defined in the
+ "name" attribute and it should be suitable for use in
+ Java method names (e.g. getters). The managed object
+ plural name should be a string comprising of short
+ lower-case words joined with hyphens "-". For example,
+ "ldap-connection-handlers".
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="package" type="tns:package-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing this managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="abstract" type="xsd:boolean"
+ use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this managed object is
+ abstract. Abstract managed objects cannot be
+ instantiated directly and are intended for use as base
+ definitions for inheritance.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="advanced" type="xsd:boolean"
+ use="optional" default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this managed object should be
+ treated as advanced and therefore should be hidden by
+ default in client applications. This feature is not
+ inherited by child managed objects.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="hidden" type="xsd:boolean" use="optional"
+ default="false">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this managed object should be
+ hidden from client applications. Hidden managed objects
+ should rarely be used but are sometimes required in
+ order to provide functionality that needs to be exposed
+ in management APIs but not in front-ends such as CLIs.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="extends" type="tns:name-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ Indicates whether or not this managed object inherits
+ from a parent managed object and, if so, the name of the
+ parent. If specified, this managed object will inherit
+ all of the properties and relations defined in the
+ parent managed object.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="parent-package" type="tns:package-type"
+ use="optional">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing the parent managed object. By
+ default, the package in which this managed object is
+ defined will be used.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="package">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a common information associated with all managed objects
+ defined in the containing package. A package definition
+ comprises of a description of the package together with common
+ property definitions which can be referenced from within managed
+ objects using "property-reference" elements. Sharing property
+ definitions in this way makes maintenance easier in situations
+ where the property definition needs modifying, since all
+ referencing managed objects will automatically inherit the
+ changes.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TODO" minOccurs="0" type="xsd:string"
+ maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>
+ An annotation specifying remaining work or unsolved
+ problems relating to this package definition. Its use is
+ primarily for development purposes and should not be
+ processed by applications.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="synopsis" type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A brief description of this package. The description
+ should describe, preferably in one sentence, the purpose
+ of this package, for example, the type of managed objects
+ it defines. The synopsis should be suitable for use in
+ applications such as tool-tips, CLI help, and the summary
+ description in Javadoc. It is possible to embed rich
+ content including XHTML markup (this will only be used
+ where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="description" minOccurs="0"
+ type="tns:rich-description-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ A detailed description of this package. The description
+ should describe in detail the purpose of this package. The
+ description should be suitable for use in applications
+ such as manual pages or detailed help. It does not need to
+ repeat anything described in the synopsis as applications
+ should normally display the two together. It is possible
+ to embed rich content including XHTML markup (this will
+ only be used where supported).
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="property" minOccurs="0" maxOccurs="unbounded"
+ type="tns:property-type">
+ <xsd:annotation>
+ <xsd:documentation>
+ Defines a common configurable property for this package.
+ Managed objects can inherit this property definition by
+ referencing it using a "property-reference" element.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="name" type="tns:package-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The package containing this package definition.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:group name="condition-group">
+ <xsd:choice>
+ <xsd:element name="not">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which evaluates to true if the sub-condition is
+ false, or false if the sub-condition is true.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="and">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which evaluates to true if and only if all of
+ its sub-conditions are true.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="or">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which evaluates to false if and only if none of
+ its sub-conditions are true.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" maxOccurs="unbounded" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="implies">
+ <xsd:annotation>
+ <xsd:documentation>
+ Creates a condition which evaluates to false if and only if
+ the first sub-condition evaluates to true and the second
+ sub-condition evaluates to false. This can be used to
+ represent if-then relationships.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:group ref="tns:condition-group" />
+ <xsd:group ref="tns:condition-group" />
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="contains">
+ <xsd:annotation>
+ <xsd:documentation>
+ A condition which evaluates to true if and only if a
+ property contains a particular value.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="property" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the property to be tested.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>The property value.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="is-present">
+ <xsd:annotation>
+ <xsd:documentation>
+ Creates a condition which evaluates to true if and only if a
+ particular property has any values specified.
+ </xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="property" type="tns:name-type"
+ use="required">
+ <xsd:annotation>
+ <xsd:documentation>
+ The name of the property to be tested.
+ </xsd:documentation>
+ </xsd:annotation>
+ </xsd:attribute>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:group>
+</xsd:schema>
diff --git a/opendj-admin/src/main/resources/stylesheets/cliMOProfile.xsl b/opendj-admin/src/main/resources/stylesheets/cliMOProfile.xsl
new file mode 100644
index 0000000..617321c
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/cliMOProfile.xsl
@@ -0,0 +1,77 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:cli="http://www.opends.org/admin-cli">
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Document parsing.
+ -->
+ <xsl:template match="/">
+ <!--
+ Determine if the managed object is for customization.
+ -->
+ <xsl:choose>
+ <xsl:when
+ test="$this/adm:profile[@name='cli']/cli:managed-object/@custom='true'">
+ <xsl:value-of select="'is-for-customization=true
'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'is-for-customization=false
'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <!--
+ Process each relation definition.
+ -->
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <!--
+ Generate the naming argument override if present
+ -->
+ <xsl:value-of
+ select="concat('relation.', @name,
+ '.naming-argument-override=',
+ adm:profile[@name='cli']/cli:relation/@naming-argument-override,
+ '
')" />
+ <!--
+ Generate list of properties which should be displayed by default in list-xxx operations.
+ -->
+ <xsl:value-of
+ select="concat('relation.', @name, '.list-properties=')" />
+ <xsl:for-each
+ select="adm:profile[@name='cli']/cli:relation/cli:default-property">
+ <xsl:value-of select="@name" />
+ <xsl:if test="current() != last()">
+ <xsl:value-of select="','" />
+ </xsl:if>
+ </xsl:for-each>
+ <xsl:value-of select="'
'" />
+ </xsl:for-each>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/clientMO.xsl b/opendj-admin/src/main/resources/stylesheets/clientMO.xsl
new file mode 100644
index 0000000..bc2b893
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/clientMO.xsl
@@ -0,0 +1,511 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008-2009 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:admpp="http://www.opends.org/admin-preprocessor"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:import href="property-types.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Template for generating the interface declaration.
+ -->
+ <xsl:template name="generate-interface-declaration">
+ <xsl:value-of select="'/**
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('A client-side interface for reading and modifying ',
+ $this-ufn, ' settings.')" />
+ </xsl:call-template>
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="$this/adm:synopsis" />
+ </xsl:call-template>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of
+ select="concat('public interface ',
+ $this-java-class,
+ 'CfgClient extends ')" />
+ <xsl:choose>
+ <xsl:when test="boolean($this/@extends)">
+ <xsl:value-of select="concat($parent-java-class,'CfgClient ')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'ConfigurationClient '" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:text>{
</xsl:text>
+ </xsl:template>
+ <!--
+ Template for generating the configuration definition getter.
+ -->
+ <xsl:template name="generate-configuration-definition-getter">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Get the configuration definition associated with this ', $this-ufn, '.
',
+ ' *
',
+ ' * @return Returns the configuration definition associated with this ', $this-ufn, '.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' ManagedObjectDefinition<? extends ', $this-java-class,'CfgClient, ? extends ', $this-java-class,'Cfg> definition();
')" />
+ </xsl:template>
+ <!--
+ Template for generating the relation getter declarations.
+ -->
+ <xsl:template name="generate-relation-declarations">
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="ufn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Gets the ', $ufn,'.
',
+ '
',
+ '@return Returns the ', $ufn,'.
',
+ '@throws DefinitionDecodingException
',
+ ' If the ', $ufn, ' was found but its type could not be determined.
',
+ '@throws ManagedObjectDecodingException
',
+ ' If the ', $ufn, ' was found but one or more of its properties could not be decoded.
',
+ '@throws ManagedObjectNotFoundException
',
+ ' If the ', $ufn, ' could not be found on the server.
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to retrieve the ', $ufn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'CfgClient get', $java-relation-name, '()
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException;
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat('Determines whether or not the ', $ufn,' exists.
',
+ '
',
+ '@return Returns <true> if the ', $ufn,' exists.
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to make the determination because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' boolean has',
+ $java-relation-name, '() throws ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Gets the ', $ufn,' if it is present.
',
+ '
',
+ '@return Returns the ', $ufn, ' if it is present.
',
+ '@throws DefinitionDecodingException
',
+ ' If the ', $ufn, ' was found but its type could not be determined.
',
+ '@throws ManagedObjectDecodingException
',
+ ' If the ', $ufn, ' was found but one or more of its properties could not be decoded.
',
+ '@throws ManagedObjectNotFoundException
',
+ ' If the ', $ufn, ' is not present.
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to retrieve the ', $ufn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'CfgClient get', $java-relation-name, '()
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Creates a new ', $ufn,'. The new ', $ufn,' will initially ',
+ 'not contain any property values (including mandatory ',
+ 'properties). Once the ', $ufn,' has been configured it ',
+ 'can be added to the server using the {@link #commit()} ',
+ 'method.
',
+ '
',
+ '@param <C>
',
+ ' The type of the ', $ufn,' being created.
',
+ '@param d
',
+ ' The definition of the ', $ufn,' to be created.
',
+ '@param exceptions
',
+ ' An optional collection in which to place any ',
+ '{@link DefaultBehaviorException}s that occurred whilst ',
+ 'attempting to determine the default values of the ', $ufn,
+ '. This argument can be <code>null<code>.
',
+ '@return Returns a new ', $ufn,' configuration instance.
')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' <C extends ', $java-class-name,'CfgClient> C create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<C, ? extends ', $java-class-name,'Cfg> d, Collection<DefaultBehaviorException> exceptions);
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Removes the ', $ufn,' if it exists.
',
+ '
',
+ '@throws ManagedObjectNotFoundException
',
+ ' If the ', $ufn, ' does not exist.
',
+ '@throws OperationRejectedException
',
+ ' If the server refuses to remove the ', $ufn, ' due to some server-side constraint which cannot be satisfied (for example, if it is referenced by another managed object).
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to remove the ', $ufn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name, '()
',
+ ' throws ManagedObjectNotFoundException, OperationRejectedException,
',
+ ' ConcurrentModificationException, AuthorizationException,
',
+ ' CommunicationException;
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-many">
+ <xsl:variable name="plural-name"
+ select="adm:one-to-many/@plural-name" />
+ <xsl:variable name="ufpn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-plural-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat('Lists the ', $ufpn,'.
',
+ '
',
+ '@return Returns an array containing the names of the ', $ufpn,'.
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to list the ', $ufpn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' String[] list',
+ $java-relation-plural-name, '() throws ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Gets the named ', $ufn, '.
',
+ '
',
+ '@param name
',
+ ' The name of the ', $ufn,' to retrieve.
',
+ '@return Returns the named ', $ufn, '.
',
+ '@throws DefinitionDecodingException
',
+ ' If the named ', $ufn, ' was found but its type could not be determined.
',
+ '@throws ManagedObjectDecodingException
',
+ ' If the named ', $ufn, ' was found but one or more of its properties could not be decoded.
',
+ '@throws ManagedObjectNotFoundException
',
+ ' If the named ', $ufn, ' was not found on the server.
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to retrieve the named ', $ufn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'CfgClient get', $java-relation-name, '(String name)
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:choose>
+ <xsl:when test="string(adm:one-to-many/@unique) != 'true'">
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Creates a new ', $ufn,'. The new ', $ufn,' will initially ',
+ 'not contain any property values (including mandatory ',
+ 'properties). Once the ', $ufn,' has been configured it ',
+ 'can be added to the server using the {@link #commit()} ',
+ 'method.
',
+ '
',
+ '@param <C>
',
+ ' The type of the ', $ufn,' being created.
',
+ '@param d
',
+ ' The definition of the ', $ufn,' to be created.
',
+ '@param name
',
+ ' The name of the new ', $ufn,'.
',
+ '@param exceptions
',
+ ' An optional collection in which to place any ',
+ '{@link DefaultBehaviorException}s that occurred whilst ',
+ 'attempting to determine the default values of the ', $ufn,
+ '. This argument can be <code>null<code>.
',
+ '@return Returns a new ', $ufn,' configuration instance.
',
+ '@throws IllegalManagedObjectNameException
',
+ ' If the name of the new ', $ufn,' is invalid.
')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' <C extends ', $java-class-name,'CfgClient> C create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<C, ? extends ', $java-class-name,'Cfg> d, String name, Collection<DefaultBehaviorException> exceptions) throws IllegalManagedObjectNameException;
')" />
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) = 'true'">
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Creates a new ', $ufn,'. The new ', $ufn,' will initially ',
+ 'not contain any property values (including mandatory ',
+ 'properties). Once the ', $ufn,' has been configured it ',
+ 'can be added to the server using the {@link #commit()} ',
+ 'method.
',
+ '
',
+ '@param <C>
',
+ ' The type of the ', $ufn,' being created.
',
+ '@param d
',
+ ' The definition of the ', $ufn,' to be created.
',
+ '@param exceptions
',
+ ' An optional collection in which to place any ',
+ '{@link DefaultBehaviorException}s that occurred whilst ',
+ 'attempting to determine the default values of the ', $ufn,
+ '. This argument can be <code>null<code>.
',
+ '@return Returns a new ', $ufn,' configuration instance.
')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' <C extends ', $java-class-name,'CfgClient> C create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<C, ? extends ', $java-class-name,'Cfg> d, Collection<DefaultBehaviorException> exceptions);
')" />
+ </xsl:when>
+ </xsl:choose>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Removes the named ', $ufn,'.
',
+ '
',
+ '@param name
',
+ ' The name of the ', $ufn,' to remove.
',
+ '@throws ManagedObjectNotFoundException
',
+ ' If the ', $ufn, ' does not exist.
',
+ '@throws OperationRejectedException
',
+ ' If the server refuses to remove the ', $ufn, ' due to some server-side constraint which cannot be satisfied (for example, if it is referenced by another managed object).
',
+ '@throws ConcurrentModificationException
',
+ ' If this ', $this-ufn, ' has been removed from the server by another client.
',
+ '@throws AuthorizationException
',
+ ' If the server refuses to remove the ', $ufn, ' because the client does not have the correct privileges.
',
+ '@throws CommunicationException
',
+ ' If the client cannot contact the server due to an underlying communication problem.')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name, '(String name)
',
+ ' throws ManagedObjectNotFoundException, OperationRejectedException,
',
+ ' ConcurrentModificationException, AuthorizationException,
',
+ ' CommunicationException;
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', $name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Main document parsing template.
+ -->
+ <xsl:template match="/">
+ <xsl:call-template name="copyright-notice" />
+ <xsl:value-of
+ select="concat('package ', $this-package, '.client;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-import-statements">
+ <xsl:with-param name="imports">
+ <xsl:for-each select="$this-local-properties">
+ <xsl:call-template name="get-property-java-imports">
+ <xsl:with-param name="interface" select="'client'" />
+ </xsl:call-template>
+ </xsl:for-each>
+ <xsl:if test="$this-local-properties[@multi-valued='true']">
+ <import>java.util.Collection</import>
+ <import>java.util.SortedSet</import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties[not(@monitoring='true')]">
+ <import>
+ org.opends.server.admin.IllegalPropertyValueException
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-local-properties[@read-only='true']">
+ <import>
+ org.opends.server.admin.PropertyIsReadOnlyException
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-local-relations">
+ <import>
+ org.opends.server.admin.DefinitionDecodingException
+ </import>
+ <import>
+ org.opends.server.admin.ManagedObjectNotFoundException
+ </import>
+ <import>
+ org.opends.server.admin.client.ManagedObjectDecodingException
+ </import>
+ <import>
+ org.opends.server.admin.client.ConcurrentModificationException
+ </import>
+ <import>
+ org.opends.server.admin.client.AuthorizationException
+ </import>
+ <import>
+ org.opends.server.admin.client.CommunicationException
+ </import>
+ </xsl:if>
+ <xsl:for-each
+ select="$this-local-relations[adm:one-to-zero-or-one]|$this-local-relations[adm:one-to-many]">
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.server.', $java-class-name, 'Cfg')" />
+ </xsl:element>
+ </xsl:for-each>
+ <xsl:if
+ test="$this-local-relations/adm:one-to-zero-or-one|$this-local-relations/adm:one-to-many">
+ <import>java.util.Collection</import>
+ <import>
+ org.opends.server.admin.DefaultBehaviorException
+ </import>
+ <import>
+ org.opends.server.admin.client.OperationRejectedException
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-local-relations/adm:one-to-many[not(@unique = 'true')]">
+ <import>
+ org.opends.server.admin.client.IllegalManagedObjectNameException
+ </import>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="$this/@extends">
+ <xsl:if test="$parent-package != $this-package">
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($parent-package, '.client.', $parent-java-class, 'CfgClient')" />
+ </xsl:element>
+ </xsl:if>
+ </xsl:when>
+ <xsl:otherwise>
+ <import>org.opends.server.admin.ConfigurationClient</import>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($this-package, '.server.', $this-java-class, 'Cfg')" />
+ </xsl:element>
+ <import>org.opends.server.admin.ManagedObjectDefinition</import>
+ </xsl:with-param>
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-interface-declaration" />
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-configuration-definition-getter" />
+ <xsl:for-each select="$this-local-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-getter-declaration">
+ <xsl:with-param name="interface" select="'client'" />
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-setter-declaration" />
+ </xsl:for-each>
+ <xsl:for-each select="$this-local-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-relation-declarations" />
+ </xsl:for-each>
+ <xsl:text>
</xsl:text>
+ <xsl:text>}
</xsl:text>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/conditions.xsl b/opendj-admin/src/main/resources/stylesheets/conditions.xsl
new file mode 100644
index 0000000..2b856b5
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/conditions.xsl
@@ -0,0 +1,96 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+
+
+
+ Rules for compiling conditions from their XML definition.
+
+
+
+ -->
+ <!--
+ and condition
+ -->
+ <xsl:template match="adm:and" mode="compile-condition">
+ <xsl:value-of select="'Conditions.and('" />
+ <xsl:for-each select="*">
+ <xsl:apply-templates select="." mode="compile-condition" />
+ <xsl:if test="position() != last()">
+ <xsl:value-of select="', '" />
+ </xsl:if>
+ </xsl:for-each>
+ <xsl:value-of select="')'" />
+ </xsl:template>
+ <!--
+ or condition
+ -->
+ <xsl:template match="adm:or" mode="compile-condition">
+ <xsl:value-of select="'Conditions.or('" />
+ <xsl:for-each select="*">
+ <xsl:apply-templates select="." mode="compile-condition" />
+ <xsl:if test="position() != last()">
+ <xsl:value-of select="', '" />
+ </xsl:if>
+ </xsl:for-each>
+ <xsl:value-of select="')'" />
+ </xsl:template>
+ <!--
+ not condition
+ -->
+ <xsl:template match="adm:not" mode="compile-condition">
+ <xsl:value-of select="'Conditions.not('" />
+ <xsl:apply-templates select="*[1]" mode="compile-condition" />
+ <xsl:value-of select="')'" />
+ </xsl:template>
+ <!--
+ implies condition
+ -->
+ <xsl:template match="adm:implies" mode="compile-condition">
+ <xsl:value-of select="'Conditions.implies('" />
+ <xsl:apply-templates select="*[1]" mode="compile-condition" />
+ <xsl:value-of select="', '" />
+ <xsl:apply-templates select="*[2]" mode="compile-condition" />
+ <xsl:value-of select="')'" />
+ </xsl:template>
+ <!--
+ contains condition
+ -->
+ <xsl:template match="adm:contains" mode="compile-condition">
+ <xsl:value-of
+ select="concat('Conditions.contains("', @property, '", "', @value, '")')" />
+ </xsl:template>
+ <!--
+ is-present condition
+ -->
+ <xsl:template match="adm:is-present" mode="compile-condition">
+ <xsl:value-of
+ select="concat('Conditions.isPresent("', @property, '")')" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/java-utilities.xsl b/opendj-admin/src/main/resources/stylesheets/java-utilities.xsl
new file mode 100644
index 0000000..0d32bfc
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/java-utilities.xsl
@@ -0,0 +1,378 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common">
+ <!--
+ This XSLT file contains utility templates which can be used for any
+ generating Java code.
+ -->
+ <xsl:import href="text-utilities.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Add a copyright notice to the top of a Java source file.
+
+ TODO: it would be nice to generate the copyright year automatically.
+ -->
+ <xsl:template name="copyright-notice">
+ <xsl:value-of
+ select="concat('/*
',
+ ' * CDDL HEADER START
',
+ ' *
',
+ ' * The contents of this file are subject to the terms of the
',
+ ' * Common Development and Distribution License, Version 1.0 only
',
+ ' * (the "License"). You may not use this file except in compliance
',
+ ' * with the License.
',
+ ' *
',
+ ' * You can obtain a copy of the license at
',
+ ' * trunk/opends/resource/legal-notices/OpenDS.LICENSE
',
+ ' * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
',
+ ' * See the License for the specific language governing permissions
',
+ ' * and limitations under the License.
',
+ ' *
',
+ ' * When distributing Covered Code, include this CDDL HEADER in each
',
+ ' * file and include the License file at
',
+ ' * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
',
+ ' * add the following below this CDDL HEADER, with the fields enclosed
',
+ ' * by brackets "[]" replaced with your own identifying information:
',
+ ' * Portions Copyright [yyyy] [name of copyright owner]
',
+ ' *
',
+ ' * CDDL HEADER END
',
+ ' *
',
+ ' *
',
+ ' * Copyright 2008 Sun Microsystems, Inc.
',
+ ' */
')" />
+ </xsl:template>
+ <!--
+ Convert an entity or property ID to a Java mixed-cased name.
+ For example, the string "my-string-value" will be converted to
+ the string "myStringValue".
+
+ @param value
+ The ID string to be converted to a Java name.
+ -->
+ <xsl:template name="name-to-java">
+ <xsl:param name="value" />
+ <xsl:if test="string-length($value)">
+ <xsl:choose>
+ <xsl:when test="contains($value, '-')">
+ <xsl:variable name="head"
+ select="substring-before($value, '-')" />
+ <xsl:variable name="tail"
+ select="substring-after($value, '-')" />
+ <xsl:call-template name="to-title-case">
+ <xsl:with-param name="value" select="$head" />
+ </xsl:call-template>
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$tail" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="to-title-case">
+ <xsl:with-param name="value" select="$value" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Convert an entity or property ID to a Java constant name.
+ For example, the string "my-string-value" will be converted to
+ the string "MY_STRING_VALUE".
+
+ @param value
+ The ID string to be converted to a Java constant.
+ -->
+ <xsl:template name="name-to-java-constant">
+ <xsl:param name="value" />
+ <xsl:value-of
+ select="translate($value,
+ 'abcdefghijklmnopqrstuvwxyz-',
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_')" />
+ </xsl:template>
+ <!--
+ Add a Java comment. This template handles two levels of
+ indentation: the indentation string for the first line, and a
+ second indentation string used for subsequent lines. The template
+ will output the content wrapping at the nearest word boundary to
+ column 70.
+
+ @param indent-text
+ The indentation text used for the first line.
+
+ @param indent-text2
+ The indentation text used for all lines except
+ the first - defaults to the value of indent-text.
+
+ @param content
+ The content to be output in the comment.
+ -->
+ <xsl:template name="add-java-comment">
+ <xsl:param name="indent-text" />
+ <xsl:param name="indent-text2" select="$indent-text" />
+ <xsl:param name="content" />
+ <xsl:call-template name="format-text">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="indent-text2" select="$indent-text2" />
+ <xsl:with-param name="wrap-column" select="'70'" />
+ <xsl:with-param name="content" select="$content" />
+ </xsl:call-template>
+ </xsl:template>
+ <!--
+ Add a Java comment at the specified indentation.
+
+ This template handles embedded newline characters
+ and will also indent individual lines according to
+ the number of leading spaces they contain.
+
+ @param indent
+ The indentation column for the comment.
+
+ @param content
+ The content to be output in the comment.
+ -->
+ <xsl:template name="add-java-comment2">
+ <xsl:param name="indent" select="/.." />
+ <xsl:param name="content" select="/.." />
+ <!-- Compute the indentation string. -->
+ <xsl:variable name="indent-text">
+ <xsl:call-template name="add-indent">
+ <xsl:with-param name="indent" select="$indent + 1" />
+ </xsl:call-template>
+ <xsl:value-of select="'*'" />
+ </xsl:variable>
+ <!-- Output the comment header. -->
+ <xsl:call-template name="add-indent">
+ <xsl:with-param name="indent" select="$indent" />
+ </xsl:call-template>
+ <xsl:value-of select="'/**
'" />
+ <!-- Output the comment contents. -->
+ <xsl:call-template name="add-java-comment-line">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="content" select="$content" />
+ </xsl:call-template>
+ <!-- Output the header trailer. -->
+ <xsl:value-of select="concat($indent-text, '/
')" />
+ </xsl:template>
+ <!-- Creates a padding string of the required length. -->
+ <xsl:template name="add-indent">
+ <xsl:param name="indent" select="/.." />
+ <xsl:if test="$indent > 0">
+ <xsl:value-of select="' '" />
+ <xsl:call-template name="add-indent">
+ <xsl:with-param name="indent" select="$indent - 1" />
+ </xsl:call-template>
+ </xsl:if>
+ </xsl:template>
+ <xsl:template name="add-java-comment-line">
+ <xsl:param name="indent-text" select="/.." />
+ <xsl:param name="content" select="/.." />
+ <!-- Get the next line. -->
+ <xsl:variable name="head"
+ select="substring-before($content, '
')" />
+ <xsl:variable name="tail"
+ select="substring-after($content, '
')" />
+ <!--
+ Case #1 - content is empty
+ Case #2 - no newline
+ Case #3 - contains a new line
+ Case #3.1 - begins with newline
+ Case #3.2 - ends with newline
+ -->
+ <xsl:choose>
+ <xsl:when test="string-length($content) = 0">
+ <!-- Do nothing. -->
+ </xsl:when>
+ <xsl:when test="not(contains($content, '
'))">
+ <!-- Single line of text. -->
+ <xsl:call-template name="java-format-line">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="line" select="$content" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <!-- Output the first line and repeat for remaining lines. -->
+ <xsl:call-template name="java-format-line">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="line" select="$head" />
+ </xsl:call-template>
+ <xsl:call-template name="add-java-comment-line">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="content" select="$tail" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!-- Formats a line of comment text. -->
+ <xsl:template name="java-format-line">
+ <xsl:param name="indent-text" select="/.." />
+ <xsl:param name="line" select="/.." />
+ <!-- First count the number of leading spaces to determine the indent. -->
+ <xsl:variable name="leading-spaces">
+ <xsl:call-template name="java-format-line-help">
+ <xsl:with-param name="line" select="$line" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="content"
+ select="substring($line, $leading-spaces + 1)" />
+ <xsl:variable name="padding1">
+ <xsl:value-of select="$indent-text" />
+ <xsl:call-template name="add-indent">
+ <xsl:with-param name="indent" select="$leading-spaces" />
+ </xsl:call-template>
+ </xsl:variable>
+ <!-- We need to use indent2 for certain javadoc keywords. -->
+ <xsl:variable name="padding2">
+ <xsl:choose>
+ <xsl:when test="starts-with($content, '@return')">
+ <xsl:value-of select="concat($padding1, ' ')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$padding1" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <!-- Now output the line, wrapping as necessary. -->
+ <xsl:call-template name="format-text">
+ <xsl:with-param name="indent-text" select="$padding1" />
+ <xsl:with-param name="indent-text2" select="$padding2" />
+ <xsl:with-param name="wrap-column" select="'70'" />
+ <xsl:with-param name="content" select="$content" />
+ </xsl:call-template>
+ </xsl:template>
+ <!-- Determines the number of leading spaces in the provided string. -->
+ <xsl:template name="java-format-line-help">
+ <xsl:param name="line" select="/.." />
+ <xsl:param name="count" select="0" />
+ <xsl:choose>
+ <xsl:when test="starts-with($line, ' ')">
+ <xsl:call-template name="java-format-line-help">
+ <xsl:with-param name="line"
+ select="substring-after($line, ' ')" />
+ <xsl:with-param name="count" select="$count + 1" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$count" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Utility template for removing duplicate values from a node-set.
+
+ This template is based on the version published on the XSLT site.
+ It is not capable of normalizing nodes - so they must be
+ pre-normalized before this template is called.
+
+ @param nodes A node-set containing the duplicate nodes.
+ -->
+ <xsl:template name="set-distinct">
+ <xsl:param name="nodes" select="/.." />
+ <xsl:call-template name="_set-distinct">
+ <xsl:with-param name="nodes" select="$nodes" />
+ </xsl:call-template>
+ </xsl:template>
+ <!-- set-distinct helper template -->
+ <xsl:template name="_set-distinct">
+ <xsl:param name="nodes" select="/.." />
+ <xsl:param name="distinct" select="/.." />
+ <xsl:choose>
+ <xsl:when test="$nodes">
+ <xsl:variable name="value" select="$nodes[1]" />
+ <xsl:choose>
+ <xsl:when test="$distinct[. = $value]">
+ <xsl:call-template name="_set-distinct">
+ <xsl:with-param name="distinct" select="$distinct" />
+ <xsl:with-param name="nodes"
+ select="$nodes[position() > 1]" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="_set-distinct">
+ <xsl:with-param name="distinct"
+ select="$distinct | $nodes[1]" />
+ <xsl:with-param name="nodes"
+ select="$nodes[position() > 1]" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$distinct" mode="set-distinct" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!-- set-distinct helper template -->
+ <xsl:template match="node()|@*" mode="set-distinct">
+ <xsl:copy-of select="." />
+ </xsl:template>
+ <!--
+ Generate a set of import statements.
+
+ This template takes a result tree fragment as a parameter
+ containing elements of the form:
+
+ <import>java.net.InetAddress</import>
+ <import>...</import>
+
+ This template will normalize each element and remove duplicates
+ before generating the output.
+
+ @param imports The result tree fragment containing the import elements.
+ -->
+ <xsl:template name="generate-import-statements">
+ <xsl:param name="imports" select="/.." />
+ <!--
+ Normalize the import elements since the set-distinct
+ template cannot handle additional whitespace
+ -->
+ <xsl:variable name="normalized-imports">
+ <xsl:for-each select="exsl:node-set($imports)/import">
+ <xsl:element name="import">
+ <xsl:value-of select="normalize-space()" />
+ </xsl:element>
+ </xsl:for-each>
+ </xsl:variable>
+ <!--
+ Now remove the duplicates
+ -->
+ <xsl:variable name="unique">
+ <xsl:call-template name="set-distinct">
+ <xsl:with-param name="nodes"
+ select="exsl:node-set($normalized-imports)/import" />
+ </xsl:call-template>
+ </xsl:variable>
+ <!--
+ Now output the import statements
+ -->
+ <xsl:for-each select="exsl:node-set($unique)/import">
+ <xsl:sort select="normalize-space()" />
+ <xsl:value-of
+ select="concat('import ', normalize-space(),';
')" />
+ </xsl:for-each>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/ldapMOProfile.xsl b/opendj-admin/src/main/resources/stylesheets/ldapMOProfile.xsl
new file mode 100644
index 0000000..754028d
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/ldapMOProfile.xsl
@@ -0,0 +1,113 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:import href="property-types.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Document parsing.
+ -->
+ <xsl:template match="/">
+ <xsl:if
+ test="not($this/adm:profile[@name='ldap']/ldap:object-class/ldap:name) and not($this-is-root)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No object class found for managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('objectclass=',
+ normalize-space($this/adm:profile[@name='ldap']/ldap:object-class/ldap:name),
+ '
')" />
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:if
+ test="not(adm:profile[@name='ldap']/ldap:attribute/ldap:name)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No attribute type found for property ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('attribute.',
+ normalize-space(@name),
+ '=',
+ normalize-space(adm:profile[@name='ldap']/ldap:attribute/ldap:name),
+ '
')" />
+ </xsl:for-each>
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <xsl:if test="not(adm:profile[@name='ldap']/ldap:rdn-sequence)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No RDN sequence found for relation ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('rdn.',
+ normalize-space(@name),
+ '=',
+ normalize-space(adm:profile[@name='ldap']/ldap:rdn-sequence),
+ '
')" />
+ <xsl:choose>
+ <xsl:when
+ test="adm:profile[@name='ldap']/ldap:naming-attribute">
+ <xsl:if test="not(adm:one-to-many)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Naming attribute specified for relation ',
+ @name, ' in managed object definition ',
+ $this-name, ' which is not a one-to-many relation.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="adm:one-to-many/@naming-property">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Naming attribute specified for one-to-many relation ',
+ @name, ' in managed object definition ',
+ $this-name, ' which uses a naming property.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('naming-attribute.',
+ normalize-space(@name),
+ '=',
+ normalize-space(adm:profile[@name='ldap']/ldap:naming-attribute),
+ '
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat('naming-attribute.', normalize-space(@name), '=cn
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:for-each>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/manifestMO.xsl b/opendj-admin/src/main/resources/stylesheets/manifestMO.xsl
new file mode 100644
index 0000000..f64fed8
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/manifestMO.xsl
@@ -0,0 +1,52 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Main document parsing template.
+ -->
+ <xsl:template match="/">
+ <xsl:choose>
+ <xsl:when test="adm:root-managed-object">
+ <xsl:value-of
+ select="'org.forgerock.opendj.admin.meta.RootCfgDefn
'" />
+ </xsl:when>
+ <xsl:when test="adm:managed-object">
+ <xsl:value-of
+ select="normalize-space(adm:managed-object/@package)" />
+ <xsl:value-of select="'.meta.'" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="normalize-space(adm:managed-object/@name)" />
+ </xsl:call-template>
+ <xsl:value-of select="'CfgDefn
'" />
+ </xsl:when>
+ </xsl:choose>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/messagesMO.xsl b/opendj-admin/src/main/resources/stylesheets/messagesMO.xsl
new file mode 100644
index 0000000..1d98649
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/messagesMO.xsl
@@ -0,0 +1,225 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:adm="http://www.opends.org/admin"
+ xmlns:ldap="http://www.opends.org/admin-ldap">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:import href="property-types.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Document parsing.
+ -->
+ <xsl:template match="/">
+ <!--
+ Generate user friendly names.
+ -->
+ <xsl:value-of
+ select="concat('user-friendly-name=', $this-ufn, '
')" />
+ <xsl:value-of
+ select="concat('user-friendly-plural-name=', $this-ufpn, '
')" />
+ <!--
+ Pull out the managed object synopsis (mandatory).
+ -->
+ <xsl:if test="not($this/adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No synopsis found for managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('synopsis=', normalize-space($this/adm:synopsis), '
')" />
+ <!--
+ Pull out the managed object description (optional).
+ -->
+ <xsl:if test="$this/adm:description">
+ <xsl:value-of
+ select="concat('description=', normalize-space($this/adm:description), '
')" />
+ </xsl:if>
+ <!--
+ Process tag definitions if this is the root configuration.
+ -->
+ <xsl:if test="$this-is-root">
+ <xsl:for-each select="$this/adm:tag-definition">
+ <xsl:sort select="@name" />
+ <xsl:value-of
+ select="concat('tag.', @name, '.synopsis=', normalize-space(adm:synopsis), '
')" />
+ </xsl:for-each>
+ </xsl:if>
+ <!--
+ Process any constraints associated with this managed object definition.
+ -->
+ <xsl:if test="$this/adm:constraint">
+ <xsl:for-each select="$this/adm:constraint">
+ <xsl:value-of
+ select="concat('constraint.', position(), '.synopsis=', normalize-space(adm:synopsis), '
')" />
+ </xsl:for-each>
+ </xsl:if>
+ <!--
+ Process each property definition.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <!--
+ Pull out the property definition synopsis (mandatory).
+ -->
+ <xsl:if test="not(adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No synopsis found for property ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.synopsis=', normalize-space(adm:synopsis), '
')" />
+ <!--
+ Pull out the property definition description (optional).
+ -->
+ <xsl:if test="adm:description">
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.description=', normalize-space(adm:description), '
')" />
+ </xsl:if>
+ <!--
+ Process alias default behavior synopsis.
+ -->
+ <xsl:if test="adm:default-behavior/adm:alias">
+ <xsl:if
+ test="not(adm:default-behavior/adm:alias/adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No alias default behavior synopsis found for property ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.default-behavior.alias.synopsis=', normalize-space(adm:default-behavior/adm:alias/adm:synopsis), '
')" />
+ </xsl:if>
+ <!--
+ Process requires admin action synopsis if present.
+ -->
+ <xsl:if test="adm:requires-admin-action/*/adm:synopsis">
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.requires-admin-action.synopsis=', normalize-space(adm:requires-admin-action/*/adm:synopsis), '
')" />
+ </xsl:if>
+ <!--
+ Process syntax related descriptions.
+ -->
+ <xsl:choose>
+ <xsl:when test="adm:syntax/adm:aggregation">
+ <!--
+ Process aggregation constraint synopsis (optional).
+ -->
+ <xsl:if
+ test="adm:syntax/adm:aggregation/adm:constraint/adm:synopsis">
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.syntax.aggregation.constraint-synopsis=', normalize-space(adm:syntax/adm:aggregation/adm:constraint/adm:synopsis), '
')" />
+ </xsl:if>
+ </xsl:when>
+ <xsl:when test="adm:syntax/adm:integer">
+ <!--
+ Process integer syntax unit synopsis (optional).
+ -->
+ <xsl:if test="adm:syntax/adm:integer/adm:synopsis">
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.syntax.integer.unit-synopsis=', normalize-space(adm:syntax/adm:integer/adm:synopsis), '
')" />
+ </xsl:if>
+ </xsl:when>
+ <xsl:when test="adm:syntax/adm:string/adm:pattern">
+ <!--
+ Process string syntax pattern synopsis (mandatory if pattern defined).
+ -->
+ <xsl:if
+ test="not(adm:syntax/adm:string/adm:pattern/adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No string pattern synopsis found for property ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('property.', normalize-space(@name), '.syntax.string.pattern.synopsis=', normalize-space(adm:syntax/adm:string/adm:pattern/adm:synopsis), '
')" />
+ </xsl:when>
+ <xsl:when test="adm:syntax/adm:enumeration">
+ <!--
+ Process enumeration value synopsis (mandatory).
+ -->
+ <xsl:for-each select="adm:syntax/adm:enumeration/adm:value">
+ <xsl:sort select="@name" />
+ <xsl:if test="not(adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No synopsis found for enumeration value ', @name, ' for property ', ../../../@name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('property.', normalize-space(../../../@name), '.syntax.enumeration.value.', @name,'.synopsis=', normalize-space(adm:synopsis), '
')" />
+ </xsl:for-each>
+ </xsl:when>
+ </xsl:choose>
+ </xsl:for-each>
+ <!--
+ Process each relation definition.
+ -->
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <!--
+ Generate user friendly names.
+ -->
+ <xsl:value-of
+ select="concat('relation.', normalize-space(@name), '.user-friendly-name=')" />
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ <xsl:value-of select="'
'" />
+ <xsl:if test="adm:one-to-many">
+ <xsl:value-of
+ select="concat('relation.', normalize-space(@name), '.user-friendly-plural-name=')" />
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value"
+ select="adm:one-to-many/@plural-name" />
+ </xsl:call-template>
+ <xsl:value-of select="'
'" />
+ </xsl:if>
+ <!--
+ Pull out the relation definition synopsis (mandatory).
+ -->
+ <xsl:if test="not(adm:synopsis)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No synopsis found for relation ', @name, ' in managed object definition ', $this-name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat('relation.', normalize-space(@name), '.synopsis=', normalize-space(adm:synopsis), '
')" />
+ <!--
+ Pull out the relation definition description (optional).
+ -->
+ <xsl:if test="adm:description">
+ <xsl:value-of
+ select="concat('relation.', normalize-space(@name), '.description=', normalize-space(adm:description), '
')" />
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/metaMO.xsl b/opendj-admin/src/main/resources/stylesheets/metaMO.xsl
new file mode 100644
index 0000000..d77b70e
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/metaMO.xsl
@@ -0,0 +1,2027 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2010 Sun Microsystems, Inc.
+ ! Portions copyright 2011 ForgeRock AS.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:admpp="http://www.opends.org/admin-preprocessor"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:import href="property-types.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Template for generating the class declaration.
+ -->
+ <xsl:template name="generate-meta-class-declaration">
+ <xsl:value-of select="'/**
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('An interface for querying the ', $this-ufn,
+ ' managed object definition meta information.')" />
+ </xsl:call-template>
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="$this/adm:synopsis" />
+ </xsl:call-template>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of
+ select="concat('public final class ',
+ $this-java-class,
+ 'CfgDefn extends ')" />
+ <xsl:choose>
+ <xsl:when test="$this-is-abstract">
+ <xsl:value-of
+ select="concat('AbstractManagedObjectDefinition<',
+ $this-java-class, 'CfgClient, ',
+ $this-java-class, 'Cfg> {
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat('ManagedObjectDefinition<',
+ $this-java-class, 'CfgClient, ',
+ $this-java-class, 'Cfg> {
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Template for generating the meta class body.
+ -->
+ <xsl:template name="generate-meta-class-body">
+ <!--
+ Singleton configuration definition instance.
+ -->
+ <xsl:value-of
+ select="concat(' // The singleton configuration definition instance.
',
+ ' private static final ',
+ $this-java-class ,
+ 'CfgDefn INSTANCE = new ', $this-java-class, 'CfgDefn();
')" />
+ <!--
+ Generate enumerations defined by this managed object..
+ -->
+ <xsl:for-each
+ select="$this-local-properties[adm:syntax/adm:enumeration and not(adm:profile[@name='preprocessor']/adm:first-defined-in)]">
+ <xsl:sort select="@name" />
+ <xsl:if
+ test="not(adm:profile[@name='preprocessor']/admpp:first-defined-in)">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-enumeration" />
+ </xsl:if>
+ </xsl:for-each>
+ <!--
+ Define application tags if this is the root configuration.
+ -->
+ <xsl:if test="$this-is-root">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' // Define managed object tags.
'" />
+ <xsl:value-of select="' static {
'" />
+ <xsl:for-each select="$this/adm:tag-definition">
+ <xsl:sort select="@name" />
+ <xsl:value-of
+ select="concat(' Tag.define("', @name, '");
')" />
+ </xsl:for-each>
+ <xsl:value-of select="' }
'" />
+ </xsl:if>
+ <!--
+ Generate declarations for properties defined or
+ overridden by this managed object.
+ -->
+ <xsl:for-each select="$this-local-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-declaration" />
+ </xsl:for-each>
+ <!--
+ Generate declarations for relations.
+ -->
+ <xsl:for-each select="$this-local-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-relation-declaration" />
+ </xsl:for-each>
+ <!--
+ Generate constructors for properties defined or
+ overridden by this managed object.
+ -->
+ <xsl:for-each select="$this-local-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-constructor" />
+ </xsl:for-each>
+ <!--
+ Generate constructors for relations.
+ -->
+ <xsl:for-each select="$this-local-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-relation-constructor" />
+ </xsl:for-each>
+ <!--
+ Register any optins associated with this managed object definition.
+ -->
+ <xsl:if test="$this-is-advanced or $this-is-hidden">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="' // Register the options associated with this managed object definition.
'" />
+ <xsl:value-of select="' static {
'" />
+ <xsl:if test="$this-is-advanced">
+ <xsl:value-of
+ select="' INSTANCE.registerOption(ManagedObjectOption.ADVANCED);
'" />
+ </xsl:if>
+ <xsl:if test="$this-is-hidden">
+ <xsl:value-of
+ select="' INSTANCE.registerOption(ManagedObjectOption.HIDDEN);
'" />
+ </xsl:if>
+ <xsl:value-of select="' }
'" />
+ </xsl:if>
+ <!--
+ Register any tags associated with this managed object definition.
+ -->
+ <xsl:if test="$this/adm:tag">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="' // Register the tags associated with this managed object definition.
'" />
+ <xsl:value-of select="' static {
'" />
+ <xsl:for-each select="$this/adm:tag">
+ <xsl:sort select="@name" />
+ <xsl:value-of
+ select="concat(' INSTANCE.registerTag(Tag.valueOf("', @name, '"));
')" />
+ </xsl:for-each>
+ <xsl:value-of select="' }
'" />
+ </xsl:if>
+ <!--
+ Register any constraints associated with this managed object definition.
+ -->
+ <xsl:if test="$this/adm:constraint">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="' // Register the constraints associated with this managed object definition.
'" />
+ <xsl:value-of select="' static {
'" />
+ <xsl:for-each select="$this/adm:constraint">
+ <xsl:value-of
+ select="concat(' INSTANCE.registerConstraint(new GenericConstraint(INSTANCE, ', position(), ', ')" />
+ <xsl:apply-templates select="adm:condition/*"
+ mode="compile-condition" />
+ <xsl:value-of select="'));
'" />
+ </xsl:for-each>
+ <xsl:value-of select="' }
'" />
+ </xsl:if>
+ <!--
+ Configuration definition singleton getter.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' /**
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('Get the ', $this-ufn,' configuration definition singleton.')" />
+ </xsl:call-template>
+ <xsl:value-of select="' *
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="indent-text2" select="' * '" />
+ <xsl:with-param name="content"
+ select="concat('@return Returns the ', $this-ufn,
+ ' configuration definition singleton.')" />
+ </xsl:call-template>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of
+ select="concat(' public static ',
+ $this-java-class ,
+ 'CfgDefn getInstance() {
',
+ ' return INSTANCE;
',
+ ' }
')" />
+ <!--
+ Private constructor.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Private constructor.
',
+ ' */
',
+ ' private ',
+ $this-java-class ,
+ 'CfgDefn() {
')" />
+ <xsl:choose>
+ <xsl:when test="boolean($this/@extends)">
+ <xsl:value-of
+ select="concat(' super("',
+ $this/@name,
+ '", ',
+ $parent-java-class,
+ 'CfgDefn.getInstance());
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' super("',
+ $this/@name,
+ '", TopCfgDefn.getInstance());
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' }
'" />
+ <!--
+ Create configuration view factory methods for non-abstract definitions
+ -->
+ <xsl:if test="not($this-is-abstract)">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <!--
+ Generate configuration client factory method.
+ -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ',
+ $this-java-class,
+ 'CfgClient createClientConfiguration(
',
+ ' ManagedObject<? extends ',
+ $this-java-class,
+ 'CfgClient> impl) {
',
+ ' return new ',
+ $this-java-class ,
+ 'CfgClientImpl(impl);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <!--
+ Generate configuration server factory method.
+ -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ',
+ $this-java-class,
+ 'Cfg createServerConfiguration(
',
+ ' ServerManagedObject<? extends ',$this-java-class,'Cfg> impl) {
',
+ ' return new ',
+ $this-java-class ,
+ 'CfgServerImpl(impl);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <!--
+ Generate configuration server class getter..
+ -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public Class<',
+ $this-java-class,
+ 'Cfg> getServerConfigurationClass() {
',
+ ' return ',
+ $this-java-class ,
+ 'Cfg.class;
',
+ ' }
')" />
+ </xsl:if>
+ <!--
+ Generate property definition getters for all properties.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-definition-getter" />
+ </xsl:for-each>
+ <!--
+ Generate relation definition getters for all relations.
+ -->
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-relation-definition-getter" />
+ </xsl:for-each>
+ <!--
+ Managed object class implementations.
+ -->
+ <xsl:if test="not($this-is-abstract)">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-client-impl-class" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-server-impl-class" />
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Generate managed object client class implementation.
+ -->
+ <xsl:template name="generate-client-impl-class">
+ <!--
+ Declaration.
+ -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Managed object client implementation.
',
+ ' */
',
+ ' private static class ',
+ $this-java-class ,
+ 'CfgClientImpl implements
 ',
+ $this-java-class ,
+ 'CfgClient {
')" />
+ <xsl:text>
</xsl:text>
+ <!--
+ Private instance.
+ -->
+ <xsl:value-of
+ select="concat(' // Private implementation.
',
+ ' private ManagedObject<? extends ',
+ $this-java-class,
+ 'CfgClient> impl;
')" />
+ <!--
+ Private constructor.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' // Private constructor.
',
+ ' private ',
+ $this-java-class,
+ 'CfgClientImpl(
',
+ ' ManagedObject<? extends ',
+ $this-java-class,
+ 'CfgClient> impl) {
',
+ ' this.impl = impl;
',
+ ' }
')" />
+ <!--
+ Getters/Setters for all properties.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template
+ name="generate-property-getter-implementation">
+ <xsl:with-param name="interface" select="'client'" />
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-setter-implementation" />
+ </xsl:for-each>
+ <!--
+ Relation methods.
+ -->
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-client-relation-methods" />
+ </xsl:for-each>
+ <!--
+ Managed object definition getter.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ManagedObjectDefinition<? extends ', $this-java-class,'CfgClient, ? extends ', $this-java-class,'Cfg> definition() {
',
+ ' return INSTANCE;
',
+ ' }
')" />
+ <!--
+ Property provider view.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public PropertyProvider properties() {
',
+ ' return impl;
',
+ ' }
')" />
+ <!--
+ Commit method.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void commit() throws ManagedObjectAlreadyExistsException,
',
+ ' MissingMandatoryPropertiesException, ConcurrentModificationException,
',
+ ' OperationRejectedException, AuthorizationException,
',
+ ' CommunicationException {
',
+ ' impl.commit();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' }
'" />
+ </xsl:template>
+ <!--
+ Generate managed object server class implementation.
+ -->
+ <xsl:template name="generate-server-impl-class">
+ <!--
+ Declaration.
+ -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Managed object server implementation.
',
+ ' */
',
+ ' private static class ',
+ $this-java-class ,
+ 'CfgServerImpl implements
 ',
+ $this-java-class ,
+ 'Cfg {
')" />
+ <xsl:text>
</xsl:text>
+ <!--
+ Private instance.
+ -->
+ <xsl:value-of
+ select="concat(' // Private implementation.
',
+ ' private ServerManagedObject<? extends ', $this-java-class, 'Cfg> impl;
')" />
+ <!--
+ Private members for each property.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' // The value of the "', @name, '" property.
')" />
+ <xsl:value-of select="' private final '" />
+ <xsl:choose>
+ <xsl:when test="string(@multi-valued) != 'true'">
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior/adm:defined">
+ <!--
+ The property is guaranteed to contain a value since there is a
+ well-defined default value.
+ -->
+ <xsl:call-template
+ name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:when test="@mandatory = 'true'">
+ <!--
+ The property is guaranteed to contain a value in the server interface.
+ -->
+ <xsl:call-template
+ name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'SortedSet<'" />
+ <xsl:call-template name="get-property-java-type" />
+ <xsl:value-of select="'>'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' p'" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ <xsl:value-of select="';
'" />
+ </xsl:for-each>
+ <!--
+ Private constructor.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' // Private constructor.
',
+ ' private ',
+ $this-java-class,
+ 'CfgServerImpl(ServerManagedObject<? extends ', $this-java-class, 'Cfg> impl) {
',
+ ' this.impl = impl;
')" />
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' this.p', $java-prop-name, ' = ')" />
+ <xsl:choose>
+ <xsl:when test="string(@multi-valued) != 'true'">
+ <xsl:value-of
+ select="concat('impl.getPropertyValue(INSTANCE.get', $java-prop-name , 'PropertyDefinition());
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat('impl.getPropertyValues(INSTANCE.get', $java-prop-name , 'PropertyDefinition());
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:for-each>
+ <xsl:value-of select="' }
'" />
+ <!--
+ Generate all the change listener methods - one for each managed
+ object in the hierarchy.
+ -->
+ <xsl:if test="not($this-is-root)">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-change-listener" />
+ </xsl:if>
+ <!--
+ Getters for all properties.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template
+ name="generate-property-getter-implementation">
+ <xsl:with-param name="interface" select="'server'" />
+ </xsl:call-template>
+ </xsl:for-each>
+ <!--
+ Relation methods.
+ -->
+ <xsl:for-each select="$this-all-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-server-relation-methods" />
+ </xsl:for-each>
+ <!--
+ Configuration class getter.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public Class<? extends ', $this-java-class,'Cfg> configurationClass() {
',
+ ' return ', $this-java-class, 'Cfg.class;
',
+ ' }
')" />
+ <!--
+ Configuration entry DN getter.
+ -->
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public DN dn() {
',
+ ' return impl.getDN();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' }
'" />
+ </xsl:template>
+ <!--
+ Generate a property definition constructor.
+ -->
+ <xsl:template name="generate-property-declaration">
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="type">
+ <xsl:call-template name="get-property-definition-type" />
+ </xsl:variable>
+ <xsl:variable name="generic-type">
+ <xsl:call-template name="get-property-definition-generic-type" />
+ </xsl:variable>
+ <xsl:variable name="pdtype">
+ <xsl:choose>
+ <xsl:when test="string-length($generic-type) != 0">
+ <xsl:value-of
+ select="concat($type, '<', $generic-type, '>')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' // The "',
+ @name,
+ '" property definition.
',
+ ' private static final ', $pdtype, ' PD_', $java-prop-name, ';
')" />
+ </xsl:template>
+ <!--
+ Generate a property definition constructor.
+ -->
+ <xsl:template name="generate-property-constructor">
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="type">
+ <xsl:call-template name="get-property-definition-type" />
+ </xsl:variable>
+ <xsl:variable name="generic-type">
+ <xsl:call-template name="get-property-definition-generic-type" />
+ </xsl:variable>
+ <xsl:variable name="value-type">
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' // Build the "', @name, '" property definition.
',
+ ' static {
')" />
+ <xsl:choose>
+ <xsl:when test="string-length($generic-type) != 0">
+ <xsl:value-of
+ select="concat(' ', $type, '.Builder<', $generic-type, '> builder = ', $type, '.createBuilder(INSTANCE, "',@name, '");
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' ', $type, '.Builder builder = ', $type, '.createBuilder(INSTANCE, "',@name, '");
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:if test="@multi-valued='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.MULTI_VALUED);
'" />
+ </xsl:if>
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.READ_ONLY);
'" />
+ </xsl:if>
+ <xsl:if test="@monitoring='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.MONITORING);
'" />
+ </xsl:if>
+ <xsl:if test="@mandatory='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.MANDATORY);
'" />
+ </xsl:if>
+ <xsl:if test="@hidden='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.HIDDEN);
'" />
+ </xsl:if>
+ <xsl:if test="@advanced='true'">
+ <xsl:value-of
+ select="' builder.setOption(PropertyOption.ADVANCED);
'" />
+ </xsl:if>
+ <xsl:variable name="action-type">
+ <xsl:choose>
+ <xsl:when test="adm:requires-admin-action">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value"
+ select="local-name(adm:requires-admin-action/*)" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'NONE'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.', $action-type, ', INSTANCE, "', @name, '"));
')" />
+ <xsl:choose>
+ <xsl:when
+ test="not(adm:default-behavior) or adm:default-behavior/adm:undefined">
+ <xsl:value-of
+ select="concat(' builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<', $value-type,'>());
')" />
+ </xsl:when>
+ <xsl:when test="adm:default-behavior/adm:alias">
+ <xsl:value-of
+ select="concat(' builder.setDefaultBehaviorProvider(new AliasDefaultBehaviorProvider<', $value-type,'>(INSTANCE, "', @name, '"));
')" />
+ </xsl:when>
+ <xsl:when test="adm:default-behavior/adm:defined">
+ <xsl:value-of
+ select="concat(' DefaultBehaviorProvider<', $value-type,'> provider = ',
+ 'new DefinedDefaultBehaviorProvider<', $value-type,'>(')" />
+ <xsl:for-each
+ select="adm:default-behavior/adm:defined/adm:value">
+ <xsl:value-of
+ select="concat('"', normalize-space(), '"')" />
+ <xsl:if test="position() != last()">
+ <xsl:value-of select="', '" />
+ </xsl:if>
+ </xsl:for-each>
+ <xsl:value-of select="');
'" />
+ <xsl:value-of
+ select="' builder.setDefaultBehaviorProvider(provider);
'" />
+ </xsl:when>
+ <xsl:when
+ test="adm:default-behavior/adm:inherited/adm:relative">
+ <xsl:value-of
+ select="concat(' DefaultBehaviorProvider<', $value-type,'> provider = ',
+ 'new RelativeInheritedDefaultBehaviorProvider<', $value-type,'>(')" />
+ <xsl:variable name="managed-object-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="adm:default-behavior/adm:inherited/adm:relative/@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="property-name"
+ select="adm:default-behavior/adm:inherited/adm:relative/@property-name" />
+ <xsl:variable name="offset"
+ select="adm:default-behavior/adm:inherited/adm:relative/@offset" />
+ <xsl:value-of
+ select="concat($managed-object-name, 'CfgDefn.getInstance(), "', $property-name, '", ', $offset, ');
')" />
+ <xsl:value-of
+ select="' builder.setDefaultBehaviorProvider(provider);
'" />
+ </xsl:when>
+ <xsl:when
+ test="adm:default-behavior/adm:inherited/adm:absolute">
+ <xsl:value-of
+ select="concat(' DefaultBehaviorProvider<', $value-type,'> provider = ',
+ 'new AbsoluteInheritedDefaultBehaviorProvider<', $value-type,'>(')" />
+ <xsl:variable name="property-name"
+ select="adm:default-behavior/adm:inherited/adm:absolute/@property-name" />
+ <xsl:variable name="path"
+ select="adm:default-behavior/adm:inherited/adm:absolute/@path" />
+ <xsl:value-of
+ select="concat('"', $path, '", "', $property-name, '");
')" />
+ <xsl:value-of
+ select="' builder.setDefaultBehaviorProvider(provider);
'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unrecognized default behavior type for property "', @name,
+ '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:call-template name="get-property-definition-ctor" />
+ <xsl:value-of
+ select="concat(' PD_', $java-prop-name, ' = builder.getInstance();
')" />
+ <xsl:value-of
+ select="concat(' INSTANCE.registerPropertyDefinition(PD_', $java-prop-name, ');
')" />
+ <xsl:call-template name="get-property-definition-post-ctor" />
+ <xsl:value-of select="' }
'" />
+ </xsl:template>
+ <!--
+ Generate a relation definition declaration.
+ -->
+ <xsl:template name="generate-relation-declaration">
+ <xsl:variable name="relation-name">
+ <xsl:choose>
+ <xsl:when test="adm:one-to-many">
+ <xsl:value-of select="adm:one-to-many/@plural-name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@name" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="$relation-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-managed-object-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' // The "',
+ $relation-name,
+ '" relation definition.
',
+ ' private static final ')" />
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:text>SingletonRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:text>OptionalRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) != 'true'">
+ <xsl:text>InstantiableRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) = 'true'">
+ <xsl:text>SetRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', @name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of
+ select="concat($java-managed-object-name, 'CfgClient, ', $java-managed-object-name, 'Cfg> RD_', $java-relation-name, ';
')" />
+ </xsl:template>
+ <!--
+ Generate a relation definition constructor.
+ -->
+ <xsl:template name="generate-relation-constructor">
+ <xsl:variable name="relation-name">
+ <xsl:choose>
+ <xsl:when test="adm:one-to-many">
+ <xsl:value-of select="adm:one-to-many/@plural-name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@name" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="$relation-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-managed-object-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-builder-type">
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:text>SingletonRelationDefinition</xsl:text>
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:text>OptionalRelationDefinition</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) != 'true'">
+ <xsl:text>InstantiableRelationDefinition</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) = 'true'">
+ <xsl:text>SetRelationDefinition</xsl:text>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', @name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of
+ select="concat('.Builder<', $java-managed-object-name, 'CfgClient, ', $java-managed-object-name, 'Cfg>')" />
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' // Build the "', $relation-name, '" relation definition.
',
+ ' static {
',
+ ' ', $java-relation-builder-type, ' builder =
',
+ ' new ', $java-relation-builder-type, '(INSTANCE, "', @name, '", ')" />
+ <xsl:if test="adm:one-to-many">
+ <xsl:value-of
+ select="concat('"', adm:one-to-many/@plural-name, '", ')" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat($java-managed-object-name, 'CfgDefn.getInstance());
')" />
+ <xsl:if test="adm:one-to-many/@naming-property">
+ <xsl:if test="string(adm:one-to-many/@unique) = 'true'">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Naming properties found in unique one-to-many relation "', @name, '".')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:variable name="java-property-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="adm:one-to-many/@naming-property" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' builder.setNamingProperty(',
+ $java-managed-object-name,
+ 'CfgDefn.getInstance().get',
+ $java-property-name, 'PropertyDefinition());
')" />
+ </xsl:if>
+ <xsl:for-each select="*/adm:default-managed-object">
+ <xsl:variable name="dmo-java-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of select="' {
'" />
+ <xsl:value-of
+ select="concat(' DefaultManagedObject.Builder<',
+ $dmo-java-name, 'CfgClient, ',
+ $dmo-java-name, 'Cfg> dmoBuilder = new DefaultManagedObject.Builder<',
+ $dmo-java-name, 'CfgClient, ',
+ $dmo-java-name, 'Cfg>(',
+ $dmo-java-name, 'CfgDefn.getInstance());
')" />
+ <xsl:for-each select="adm:property">
+ <xsl:value-of
+ select="concat(' dmoBuilder.setPropertyValues("', @name, '"')" />
+ <xsl:for-each select="adm:value">
+ <xsl:value-of
+ select="concat(', "', normalize-space(), '"')" />
+ </xsl:for-each>
+ <xsl:value-of select="');
'" />
+ </xsl:for-each>
+ <xsl:choose>
+ <xsl:when test="@name">
+ <xsl:value-of
+ select="concat(' builder.setDefaultManagedObject("', @name, '", dmoBuilder.getInstance());
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="' builder.setDefaultManagedObject(dmoBuilder.getInstance());
'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' }
'" />
+ </xsl:for-each>
+ <xsl:if test="@advanced='true'">
+ <xsl:value-of
+ select="' builder.setOption(RelationOption.ADVANCED);
'" />
+ </xsl:if>
+ <xsl:if test="@hidden='true'">
+ <xsl:value-of
+ select="' builder.setOption(RelationOption.HIDDEN);
'" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat(' RD_', $java-relation-name, ' = builder.getInstance();
')" />
+ <xsl:value-of
+ select="concat(' INSTANCE.registerRelationDefinition(RD_', $java-relation-name,');
')" />
+ <xsl:value-of select="' }
'" />
+ </xsl:template>
+ <!--
+ Generate a property definition getter for a locally defined
+ or overriden property.
+ -->
+ <xsl:template name="generate-property-definition-getter">
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-prop-name-constant">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="type">
+ <xsl:call-template name="get-property-definition-type" />
+ </xsl:variable>
+ <xsl:variable name="generic-type">
+ <xsl:call-template name="get-property-definition-generic-type" />
+ </xsl:variable>
+ <xsl:variable name="pdtype">
+ <xsl:choose>
+ <xsl:when test="string-length($generic-type) != 0">
+ <xsl:value-of
+ select="concat($type, '<', $generic-type, '>')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Get the "',
+ @name,
+ '" property definition.
')" />
+ <xsl:if test="adm:synopsis">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:synopsis" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:if test="adm:description">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:description" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when
+ test="adm:profile[@name='preprocessor']/admpp:last-defined-in[@name=$this-name and @package=$this-package]">
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @return Returns the "',
+ @name,
+ '" property definition.
',
+ ' */
',
+ ' public ',
+ $pdtype,
+ ' get',
+ $java-prop-name,
+ 'PropertyDefinition() {
' ,
+ ' return PD_',
+ $java-prop-name-constant ,
+ ';
' ,
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @return Returns the "',
+ @name,
+ '" property definition.
',
+ ' */
',
+ ' public ',
+ $pdtype,
+ ' get',
+ $java-prop-name,
+ 'PropertyDefinition() {
' ,
+ ' return ',
+ $parent-java-class, 'CfgDefn.getInstance().get',
+ $java-prop-name,
+ 'PropertyDefinition();
',
+ ' }
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Generate a relation definition getter.
+ -->
+ <xsl:template name="generate-relation-definition-getter">
+ <xsl:variable name="relation-name">
+ <xsl:choose>
+ <xsl:when test="adm:one-to-many">
+ <xsl:value-of select="adm:one-to-many/@plural-name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@name" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$relation-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name-constant">
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="$relation-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Get the "',
+ $relation-name,
+ '" relation definition.
',
+ ' *
',
+ ' * @return Returns the "',
+ $relation-name,
+ '" relation definition.
',
+ ' */
',
+ ' public ')" />
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:text>SingletonRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:text>OptionalRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) != 'true'">
+ <xsl:text>InstantiableRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) = 'true'">
+ <xsl:text>SetRelationDefinition<</xsl:text>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', @name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:variable name="java-managed-object-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <xsl:when
+ test="adm:profile[@name='preprocessor']/admpp:last-defined-in[@name=$this-name and @package=$this-package]">
+ <xsl:value-of
+ select="concat($java-managed-object-name, 'CfgClient,',
+ $java-managed-object-name, 'Cfg> get',
+ $java-relation-name,
+ 'RelationDefinition() {
' ,
+ ' return RD_',
+ $java-relation-name-constant,
+ ';
' ,
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat($java-managed-object-name, 'CfgClient,',
+ $java-managed-object-name, 'Cfg> get',
+ $java-relation-name,
+ 'RelationDefinition() {
' ,
+ ' return ',
+ $parent-java-class, 'CfgDefn.getInstance().get',
+ $java-relation-name,
+ 'RelationDefinition();
',
+ ' }
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Generate client relation methods.
+ -->
+ <xsl:template name="generate-client-relation-methods">
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'CfgClient get', $java-relation-name, '()
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-name,'RelationDefinition()).getConfiguration();
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public boolean has', $java-relation-name, '() throws ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException {
',
+ ' return impl.hasChild(INSTANCE.get', $java-relation-name,'RelationDefinition());
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'CfgClient get', $java-relation-name, '()
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-name,'RelationDefinition()).getConfiguration();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public <M extends ', $java-class-name, 'CfgClient> M create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<M, ? extends ', $java-class-name,'Cfg> d, Collection<DefaultBehaviorException> exceptions) {
',
+ ' return impl.createChild(INSTANCE.get', $java-relation-name,'RelationDefinition(), d, exceptions).getConfiguration();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, '()
',
+ ' throws ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' OperationRejectedException, AuthorizationException, CommunicationException {
',
+ ' impl.removeChild(INSTANCE.get', $java-relation-name,'RelationDefinition());
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-many">
+ <xsl:variable name="plural-name"
+ select="adm:one-to-many/@plural-name" />
+ <xsl:variable name="java-relation-plural-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public String[] list', $java-relation-plural-name, '() throws ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException {
',
+ ' return impl.listChildren(INSTANCE.get', $java-relation-plural-name,'RelationDefinition());
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'CfgClient get', $java-relation-name, '(String name)
',
+ ' throws DefinitionDecodingException, ManagedObjectDecodingException,
',
+ ' ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' AuthorizationException, CommunicationException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-plural-name,'RelationDefinition(), name).getConfiguration();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:choose>
+ <xsl:when test="string(adm:one-to-many/@unique) != 'true'">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public <M extends ', $java-class-name, 'CfgClient> M create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<M, ? extends ', $java-class-name,'Cfg> d, String name, Collection<DefaultBehaviorException> exceptions) throws IllegalManagedObjectNameException {
',
+ ' return impl.createChild(INSTANCE.get', $java-relation-plural-name,'RelationDefinition(), d, name, exceptions).getConfiguration();
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:when test="string(adm:one-to-many/@unique) = 'true'">
+ <!-- Unique one-to-many children are named implicitly by their definition -->
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public <M extends ', $java-class-name, 'CfgClient> M create', $java-relation-name, '(
',
+ ' ManagedObjectDefinition<M, ? extends ', $java-class-name,'Cfg> d, Collection<DefaultBehaviorException> exceptions) {
',
+ ' return impl.createChild(INSTANCE.get', $java-relation-plural-name,'RelationDefinition(), d, exceptions).getConfiguration();
',
+ ' }
')" />
+ </xsl:when>
+ </xsl:choose>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, '(String name)
',
+ ' throws ManagedObjectNotFoundException, ConcurrentModificationException,
',
+ ' OperationRejectedException, AuthorizationException, CommunicationException {
',
+ ' impl.removeChild(INSTANCE.get', $java-relation-plural-name,'RelationDefinition(), name);
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', $name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Generate server relation methods.
+ -->
+ <xsl:template name="generate-server-relation-methods">
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'Cfg get',
+ $java-relation-name, '() throws ConfigException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-name, 'RelationDefinition()).getConfiguration();
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public boolean has',
+ $java-relation-name, '() {
',
+ ' return impl.hasChild(INSTANCE.get', $java-relation-name, 'RelationDefinition());
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'Cfg get',
+ $java-relation-name, '() throws ConfigException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-name, 'RelationDefinition()).getConfiguration();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void add', $java-relation-name, 'AddListener(
',
+ ' ConfigurationAddListener<', $java-class-name,'Cfg> listener) throws ConfigException {
',
+ ' impl.registerAddListener(INSTANCE.get', $java-relation-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, 'AddListener(
',
+ ' ConfigurationAddListener<', $java-class-name,'Cfg> listener) {
',
+ ' impl.deregisterAddListener(INSTANCE.get', $java-relation-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void add', $java-relation-name, 'DeleteListener(
',
+ ' ConfigurationDeleteListener<', $java-class-name,'Cfg> listener) throws ConfigException {
',
+ ' impl.registerDeleteListener(INSTANCE.get', $java-relation-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, 'DeleteListener(
',
+ ' ConfigurationDeleteListener<', $java-class-name,'Cfg> listener) {
',
+ ' impl.deregisterDeleteListener(INSTANCE.get', $java-relation-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-many">
+ <xsl:variable name="plural-name"
+ select="adm:one-to-many/@plural-name" />
+ <xsl:variable name="java-relation-plural-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public String[] list',
+ $java-relation-plural-name, '() {
',
+ ' return impl.listChildren(INSTANCE.get', $java-relation-plural-name,'RelationDefinition());
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ', $java-class-name, 'Cfg get',
+ $java-relation-name, '(String name) throws ConfigException {
',
+ ' return impl.getChild(INSTANCE.get', $java-relation-plural-name, 'RelationDefinition(), name).getConfiguration();
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void add', $java-relation-name, 'AddListener(
',
+ ' ConfigurationAddListener<', $java-class-name,'Cfg> listener) throws ConfigException {
',
+ ' impl.registerAddListener(INSTANCE.get', $java-relation-plural-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, 'AddListener(
',
+ ' ConfigurationAddListener<', $java-class-name,'Cfg> listener) {
',
+ ' impl.deregisterAddListener(INSTANCE.get', $java-relation-plural-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void add', $java-relation-name, 'DeleteListener(
',
+ ' ConfigurationDeleteListener<', $java-class-name,'Cfg> listener) throws ConfigException {
',
+ ' impl.registerDeleteListener(INSTANCE.get', $java-relation-plural-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void remove', $java-relation-name, 'DeleteListener(
',
+ ' ConfigurationDeleteListener<', $java-class-name,'Cfg> listener) {
',
+ ' impl.deregisterDeleteListener(INSTANCE.get', $java-relation-plural-name, 'RelationDefinition(), listener);
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', $name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Generate change listener registration methods.
+ -->
+ <xsl:template name="generate-change-listener">
+ <!--
+ Process this managed object.
+ -->
+ <xsl:variable name="top-name"
+ select="$this/adm:profile[@name='preprocessor']/admpp:parent-managed-object[last()]/@name" />
+ <xsl:call-template name="generate-change-listener-help">
+ <xsl:with-param name="top-name" select="$top-name" />
+ <xsl:with-param name="name" select="$this-name" />
+ </xsl:call-template>
+ <!--
+ Process parent hierarchy.
+ -->
+ <xsl:for-each
+ select="$this/adm:profile[@name='preprocessor']/admpp:parent-managed-object">
+ <xsl:call-template name="generate-change-listener-help">
+ <xsl:with-param name="top-name" select="$top-name" />
+ <xsl:with-param name="name" select="@name" />
+ </xsl:call-template>
+ </xsl:for-each>
+ </xsl:template>
+ <!--
+ Generate a single set of change listener registration methods.
+ -->
+ <xsl:template name="generate-change-listener-help">
+ <xsl:param name="top-name" select="/.." />
+ <xsl:param name="name" select="/.." />
+
+ <xsl:variable name="_top-length" select="string-length($top-name)" />
+ <xsl:variable name="_length" select="string-length($name)" />
+ <xsl:variable name="_diff" select="$_length - $_top-length" />
+ <xsl:variable name="_start" select="substring($name, 1, $_diff - 1)" />
+ <xsl:variable name="_middle" select="substring($name, $_diff, 1)" />
+ <xsl:variable name="_end"
+ select="substring($name, $_diff + 1, $_top-length)" />
+
+ <xsl:variable name="short-name">
+ <xsl:choose>
+ <xsl:when test="not($top-name) or $top-name = $name">
+ <xsl:value-of select="''" />
+ </xsl:when>
+ <xsl:when test="$_middle != '-' or $_end != $_top-name">
+ <xsl:value-of select="$name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$_start" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+
+ <xsl:variable name="java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="short-java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$short-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' public void add', $short-java-class, 'ChangeListener(
',
+ ' ConfigurationChangeListener<',$java-class,'Cfg> listener) {
',
+ ' impl.registerChangeListener(listener);
',
+ ' }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' public void remove', $short-java-class, 'ChangeListener(
',
+ ' ConfigurationChangeListener<',$java-class,'Cfg> listener) {
',
+ ' impl.deregisterChangeListener(listener);
',
+ ' }
')" />
+ </xsl:template>
+ <!--
+ Generate import statements for change-listener
+ -->
+ <xsl:template name="generate-change-listener-import-statements">
+ <!--
+ Process this managed object.
+ -->
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($this-package, '.server.', $this-java-class, 'Cfg')" />
+ </xsl:element>
+ <!--
+ Process parent hierarchy.
+ -->
+ <xsl:for-each
+ select="$this/adm:profile[@name='preprocessor']/admpp:parent-managed-object">
+ <xsl:variable name="java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@package, '.server.', $java-class, 'Cfg')" />
+ </xsl:element>
+ </xsl:for-each>
+ </xsl:template>
+ <!--
+ Generate an enumeration for a locally defined enumerated property.
+ -->
+ <xsl:template name="generate-enumeration">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Defines the set of permissable values for the "', @name, '" property.
')" />
+ <xsl:if test="adm:synopsis">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:synopsis" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:if test="adm:description">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:description" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:value-of
+ select="concat(' */
',
+ ' public static enum ')" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ <xsl:value-of select="' {
'" />
+ <xsl:text>
</xsl:text>
+ <xsl:for-each select="adm:syntax/adm:enumeration/adm:value">
+ <xsl:sort select="@name" />
+ <xsl:value-of select="' /**
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:synopsis" />
+ </xsl:call-template>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of select="' '" />
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ <xsl:value-of select="concat('("', @name, '")')" />
+ <xsl:choose>
+ <xsl:when test="position() != last()">
+ <xsl:value-of select="',
'" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="';
'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:for-each>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="' // String representation of the value.
'" />
+ <xsl:value-of select="' private final String name;
'" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' // Private constructor.
'" />
+ <xsl:value-of select="' private '" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat('(String name) { this.name = name; }
',
+ '
',
+ '
',
+ '
',
+ ' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public String toString() { return name; }
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="' }
'" />
+ </xsl:template>
+ <!--
+ Main document parsing template.
+ -->
+ <xsl:template match="/">
+ <!-- Perform some initial validation.
+ -->
+ <xsl:for-each select="$this-all-properties">
+ <!--
+ Check that all non-mandatory properties have a default behavior.
+ -->
+ <xsl:if
+ test="not(@mandatory='true') and not(adm:default-behavior)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No default behavior defined for non-mandatory property "', @name,
+ '".')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Check that all advanced properties conform to one of
+ the following rules:
+
+ * is mandatory and has a defined default value(s)
+ * is mandatory and is part of an advanced managed object
+ * is mandatory and is part of an abstract managed object
+ * is not mandatory
+ -->
+ <xsl:choose>
+ <xsl:when test="$this-is-advanced">
+ <!-- OK -->
+ </xsl:when>
+ <xsl:when test="$this-is-abstract">
+ <!-- OK -->
+ </xsl:when>
+ <xsl:when test="@advanced='true' and @mandatory='true'">
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior/adm:defined">
+ <!-- OK -->
+ </xsl:when>
+ <xsl:when test="adm:default-behavior/adm:inherited">
+ <!-- OK -->
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Advanced property "', @name,
+ '" must have defined or inherited default values.')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:when>
+ </xsl:choose>
+ </xsl:for-each>
+ <!--
+ Now generate the definition.
+ -->
+ <xsl:call-template name="copyright-notice" />
+ <xsl:value-of
+ select="concat('package ', $this-package, '.meta;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-import-statements">
+ <xsl:with-param name="imports">
+ <xsl:if test="not(boolean($this/@extends))">
+ <import>org.opends.server.admin.TopCfgDefn</import>
+ </xsl:if>
+ <xsl:if test="$this/adm:constraint">
+ <import>org.opends.server.admin.GenericConstraint</import>
+ <import>org.opends.server.admin.condition.Conditions</import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties[@multi-valued='true' or
+ @read-only='true' or
+ @monitoring='true' or
+ @hidden='true' or
+ @advanced='true' or
+ @mandatory='true']">
+ <import>org.opends.server.admin.PropertyOption</import>
+ </xsl:if>
+ <xsl:if test="$this-local-properties">
+ <import>org.opends.server.admin.AdministratorAction</import>
+ </xsl:if>
+ <xsl:if test="$this/adm:tag-definition or $this/adm:tag">
+ <import>org.opends.server.admin.Tag</import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties[adm:default-behavior/adm:undefined or not(adm:default-behavior)]">
+ <import>
+ org.opends.server.admin.UndefinedDefaultBehaviorProvider
+ </import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties/adm:default-behavior/adm:alias">
+ <import>
+ org.opends.server.admin.AliasDefaultBehaviorProvider
+ </import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties/adm:default-behavior/adm:inherited/adm:absolute">
+ <import>
+ org.opends.server.admin.AbsoluteInheritedDefaultBehaviorProvider
+ </import>
+ <import>
+ org.opends.server.admin.DefaultBehaviorProvider
+ </import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties/adm:default-behavior/adm:inherited/adm:relative">
+ <import>
+ org.opends.server.admin.RelativeInheritedDefaultBehaviorProvider
+ </import>
+ <import>
+ org.opends.server.admin.DefaultBehaviorProvider
+ </import>
+ <xsl:for-each
+ select="$this-local-properties/adm:default-behavior/adm:inherited/adm:relative">
+ <xsl:if test="@managed-object-package != $this-package">
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.meta.', $java-class-name, 'CfgDefn')" />
+ </xsl:element>
+ </xsl:if>
+ </xsl:for-each>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-properties/adm:default-behavior/adm:defined">
+ <import>
+ org.opends.server.admin.DefinedDefaultBehaviorProvider
+ </import>
+ <import>
+ org.opends.server.admin.DefaultBehaviorProvider
+ </import>
+ </xsl:if>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($this-package, '.client.', $this-java-class, 'CfgClient')" />
+ </xsl:element>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($this-package, '.server.', $this-java-class, 'Cfg')" />
+ </xsl:element>
+ <xsl:for-each select="$this-inherited-properties">
+ <xsl:call-template name="get-property-java-imports">
+ <xsl:with-param name="interface" select="'server'" />
+ </xsl:call-template>
+ </xsl:for-each>
+ <xsl:for-each select="$this-all-properties">
+ <xsl:call-template
+ name="get-property-definition-java-imports" />
+ </xsl:for-each>
+ <xsl:for-each select="$this-all-relations">
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.client.', $java-class-name, 'CfgClient')" />
+ </xsl:element>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.server.', $java-class-name, 'Cfg')" />
+ </xsl:element>
+ </xsl:for-each>
+ <xsl:if
+ test="$this-local-relations/*/adm:default-managed-object">
+ <import>org.opends.server.admin.DefaultManagedObject</import>
+ </xsl:if>
+ <xsl:for-each
+ select="$this-local-relations/*/adm:default-managed-object">
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.client.', $java-class-name, 'CfgClient')" />
+ </xsl:element>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.server.', $java-class-name, 'Cfg')" />
+ </xsl:element>
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat(@managed-object-package, '.meta.', $java-class-name, 'CfgDefn')" />
+ </xsl:element>
+ </xsl:for-each>
+ <xsl:if
+ test="$this-local-relations[@advanced='true' or @hidden='true']">
+ <import>org.opends.server.admin.RelationOption</import>
+ </xsl:if>
+ <xsl:if test="$this-is-hidden or $this-is-advanced">
+ <import>org.opends.server.admin.ManagedObjectOption</import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-many[not(@unique = 'true')]">
+ <import>
+ org.opends.server.admin.InstantiableRelationDefinition
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-many[@unique = 'true']">
+ <import>
+ org.opends.server.admin.SetRelationDefinition
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-zero-or-one">
+ <import>
+ org.opends.server.admin.OptionalRelationDefinition
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-one">
+ <import>
+ org.opends.server.admin.SingletonRelationDefinition
+ </import>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="$this-is-abstract">
+ <import>
+ org.opends.server.admin.AbstractManagedObjectDefinition
+ </import>
+ </xsl:when>
+ <xsl:otherwise>
+ <import>
+ org.opends.server.admin.ManagedObjectDefinition
+ </import>
+ <import>org.opends.server.admin.PropertyProvider</import>
+ <import>
+ org.opends.server.admin.client.MissingMandatoryPropertiesException
+ </import>
+ <import>
+ org.opends.server.admin.ManagedObjectAlreadyExistsException
+ </import>
+ <import>
+ org.opends.server.admin.client.AuthorizationException
+ </import>
+ <import>
+ org.opends.server.admin.client.CommunicationException
+ </import>
+ <import>
+ org.opends.server.admin.client.ConcurrentModificationException
+ </import>
+ <import>
+ org.opends.server.admin.client.OperationRejectedException
+ </import>
+ <import>
+ org.opends.server.admin.client.ManagedObject
+ </import>
+ <import>
+ org.opends.server.admin.server.ServerManagedObject
+ </import>
+ <xsl:if test="not($this-is-root)">
+ <import>
+ org.opends.server.admin.server.ConfigurationChangeListener
+ </import>
+ <xsl:call-template
+ name="generate-change-listener-import-statements" />
+ </xsl:if>
+ <import>org.forgerock.opendj.ldap.DN</import>
+ <xsl:if test="$this-all-relations">
+ <import>
+ org.opends.server.admin.DefinitionDecodingException
+ </import>
+ <import>
+ org.opends.server.admin.ManagedObjectNotFoundException
+ </import>
+ <import>
+ org.opends.server.admin.client.ManagedObjectDecodingException
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-many">
+ <import>java.util.Collection</import>
+ <xsl:if test="$this-all-relations/adm:one-to-many[not(@unique = 'true')]">
+ <import>
+ org.opends.server.admin.client.IllegalManagedObjectNameException
+ </import>
+ </xsl:if>
+ <import>
+ org.opends.server.admin.DefaultBehaviorException
+ </import>
+ <import>
+ org.opends.server.admin.server.ConfigurationAddListener
+ </import>
+ <import>
+ org.opends.server.admin.server.ConfigurationDeleteListener
+ </import>
+ <import>org.opends.server.config.ConfigException</import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-zero-or-one">
+ <import>java.util.Collection</import>
+ <import>
+ org.opends.server.admin.DefaultBehaviorException
+ </import>
+ <import>
+ org.opends.server.admin.server.ConfigurationAddListener
+ </import>
+ <import>
+ org.opends.server.admin.server.ConfigurationDeleteListener
+ </import>
+ <import>org.opends.server.config.ConfigException</import>
+ </xsl:if>
+ <xsl:if test="$this-all-relations/adm:one-to-one">
+ <import>org.opends.server.config.ConfigException</import>
+ </xsl:if>
+ <xsl:if test="$this-all-properties[@multi-valued='true']">
+ <import>java.util.SortedSet</import>
+ <import>java.util.Collection</import>
+ </xsl:if>
+ <xsl:if test="$this-all-properties[@read-only='true']">
+ <import>
+ org.opends.server.admin.PropertyIsReadOnlyException
+ </import>
+ </xsl:if>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:if test="$this/@extends">
+ <xsl:if test="$parent-package != $this-package">
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($parent-package, '.meta.', $parent-java-class, 'CfgDefn')" />
+ </xsl:element>
+ </xsl:if>
+ </xsl:if>
+ </xsl:with-param>
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-meta-class-declaration" />
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-meta-class-body" />
+ <xsl:text>}
</xsl:text>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/package-info.xsl b/opendj-admin/src/main/resources/stylesheets/package-info.xsl
new file mode 100644
index 0000000..e38498e
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/package-info.xsl
@@ -0,0 +1,94 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Global parameter: the sub-package name. Either 'meta', 'client', or 'server'.
+ -->
+ <xsl:param name="type" select="'.'" />
+ <!--
+ Main document parsing template.
+ -->
+ <xsl:template match="/">
+ <xsl:call-template name="copyright-notice" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="'/**
'" />
+ <xsl:choose>
+ <xsl:when test="$type='meta'">
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('Provides introspection interfaces for the ',
+ normalize-space(adm:package/adm:synopsis),
+ ' This package provides access to meta-',
+ 'information about the managed objects, their ',
+ 'properties, their relationships with other ',
+ 'managed objects, and their inheritance model.')" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:when test="$type='client'">
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('Provides client-side interfaces for querying ',
+ 'and managing the ',
+ normalize-space(adm:package/adm:synopsis),
+ ' Applications can use the interfaces defined ',
+ 'within this package to retrieve, list, create, ',
+ 'and remove managed objects, as well as query ',
+ 'and update their properties.')" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:when test="$type='server'">
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('Provides server-side interfaces for accessing ',
+ 'the ', normalize-space(adm:package/adm:synopsis),
+ ' Components within the server can use the ',
+ 'interfaces defined within this package to query ',
+ 'the properties of the managed objects and ',
+ 'register to be notified when managed objects are ',
+ 'added, removed, or modified.')" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Invalid package-info sub-package name: ', $type)" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of
+ select="concat('package ', adm:package/@name, '.', $type, ';
')" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/preprocessor.xsl b/opendj-admin/src/main/resources/stylesheets/preprocessor.xsl
new file mode 100644
index 0000000..f74c0cf
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/preprocessor.xsl
@@ -0,0 +1,1258 @@
+<!-- CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008-2010 Sun Microsystems, Inc.
+ ! Portions copyright 2011 ForgeRock AS.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:admpp="http://www.opends.org/admin-preprocessor"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:exsl="http://exslt.org/common"
+ xmlns:file="xalan://java.io.File">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:output method="xml" indent="yes" />
+ <!--
+ Global parameter: the absolute path of the base directory where
+ XML managed object definitions can be found.
+ -->
+ <xsl:param name="base-dir" select="'src/main/java'" />
+ <!--
+ Get an absolute URI from a package, object name, and suffix.
+ -->
+ <xsl:template name="get-uri">
+ <xsl:param name="package" select="/.." />
+ <xsl:param name="name" select="/.." />
+ <xsl:param name="suffix" select="'.xml'" />
+ <!--
+ Convert the package name to a relative path.
+ -->
+ <xsl:variable name="rpath" select="translate($package, '.', '/')" />
+ <!--
+ Convert the managed object name to a file name.
+ -->
+ <xsl:variable name="java-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <!--
+ Get the absolute path.
+ -->
+ <xsl:variable name="base-file" select="file:new($base-dir)" />
+ <xsl:variable name="base-dir-uri" select="file:toURI($base-file)" />
+ <xsl:value-of
+ select="concat($base-dir-uri, '/', $rpath, '/', $java-name, $suffix)" />
+ </xsl:template>
+ <!--
+ Get the URI of the named package definition.
+ -->
+ <xsl:template name="get-package-uri">
+ <xsl:param name="package" select="/.." />
+ <xsl:call-template name="get-uri">
+ <xsl:with-param name="package" select="$package" />
+ <xsl:with-param name="name" select="'package'" />
+ </xsl:call-template>
+ </xsl:template>
+ <!--
+ Get the URI of the named managed object definition.
+ -->
+ <xsl:template name="get-managed-object-uri">
+ <xsl:param name="package" select="/.." />
+ <xsl:param name="name" select="/.." />
+ <xsl:call-template name="get-uri">
+ <xsl:with-param name="package" select="$package" />
+ <xsl:with-param name="name"
+ select="concat($name, '-configuration')" />
+ </xsl:call-template>
+ </xsl:template>
+ <!--
+ Pre-process the current managed object element.
+ -->
+ <xsl:template name="pre-process-managed-object">
+ <xsl:if test="not(adm:root-managed-object | adm:managed-object)">
+ <xsl:message terminate="yes">
+ <xsl:value-of select="'No managed object definition found.'" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:apply-templates
+ select="adm:root-managed-object | adm:managed-object"
+ mode="pre-process" />
+ </xsl:template>
+ <!--
+ Pre-process a managed object definition: pull in the managed object's
+ inherited property definitions and relations.
+ -->
+ <xsl:template match="adm:managed-object" mode="pre-process">
+ <xsl:if test="not(@name)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="'Managed object definition does not specify managed object name.'" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="not(@package)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="'Managed object definition does not specify managed object package.'" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:variable name="parent-name" select="@extends" />
+ <xsl:variable name="parent-package">
+ <!--
+ The parent package defaults to this managed object's package.
+ -->
+ <xsl:choose>
+ <xsl:when test="@parent-package">
+ <xsl:value-of select="@parent-package" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@package" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <!--
+ Get this managed object's hierarchy if there is one.
+ -->
+ <xsl:variable name="_hierarchy">
+ <xsl:if test="$parent-name">
+ <xsl:variable name="uri">
+ <xsl:call-template name="get-managed-object-uri">
+ <xsl:with-param name="package" select="$parent-package" />
+ <xsl:with-param name="name" select="$parent-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:if test="not(document($uri)/adm:managed-object)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No managed object definition found in ', $uri, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if
+ test="not(document($uri)/adm:managed-object[@name=$parent-name and @package=$parent-package])">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Managed object definition found in ', $uri, ' but it did not define a managed object ', $parent-name, ' in package ', $parent-package, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:apply-templates select="document($uri)/adm:managed-object"
+ mode="pre-process" />
+ </xsl:if>
+ </xsl:variable>
+ <xsl:variable name="hierarchy" select="exsl:node-set($_hierarchy)" />
+ <!--
+ Now pre-process this managed object.
+ -->
+ <xsl:copy>
+ <!--
+ Shallow copy this element and its attributes.
+ -->
+ <xsl:copy-of select="@*" />
+ <!--
+ Pre-process this managed object's elements.
+ -->
+ <xsl:apply-templates
+ select="adm:TODO|adm:synopsis|adm:description"
+ mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Copy all inherited tags plus locally defined tags.
+ -->
+ <xsl:copy-of select="$hierarchy/adm:managed-object/adm:tag" />
+ <xsl:apply-templates select="adm:tag" mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Copy constraint elements.
+ -->
+ <xsl:apply-templates select="adm:constraint" mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Copy profile elements.
+ -->
+ <xsl:apply-templates select="adm:profile" mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Add a pre-processor element defining this managed object's uppermost
+ definition.
+ -->
+ <xsl:if test="$parent-name">
+ <xsl:element name="adm:profile">
+ <xsl:attribute name="name">
+ <xsl:value-of select="'preprocessor'" />
+ </xsl:attribute>
+ <xsl:element name="admpp:parent-managed-object">
+ <xsl:attribute name="name">
+ <xsl:value-of select="$parent-name" />
+ </xsl:attribute>
+ <xsl:attribute name="package">
+ <xsl:value-of select="$parent-package" />
+ </xsl:attribute>
+ </xsl:element>
+ <xsl:copy-of
+ select="$hierarchy/adm:managed-object/adm:profile[@name='preprocessor']/admpp:parent-managed-object" />
+ </xsl:element>
+ </xsl:if>
+ <!--
+ Copy all inherited relations.
+ -->
+ <xsl:copy-of select="$hierarchy/adm:managed-object/adm:relation" />
+ <!--
+ Copy all local relations.
+ -->
+ <xsl:apply-templates select="adm:relation" mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Copy all inherited properties.
+ -->
+ <xsl:variable name="property-overrides"
+ select="adm:property-override" />
+ <xsl:copy-of
+ select="$hierarchy/adm:managed-object/adm:property[not(@name=$property-overrides/@name)]" />
+ <!--
+ Copy all local properties.
+ -->
+ <xsl:apply-templates
+ select="adm:property|adm:property-reference|adm:property-override"
+ mode="pre-process">
+ <xsl:with-param name="moname" select="@name" />
+ <xsl:with-param name="mopackage" select="@package" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Pre-process a managed object definition: pull in the managed object's
+ inherited property definitions and relations.
+ -->
+ <xsl:template match="adm:root-managed-object" mode="pre-process">
+ <!--
+ Now pre-process this root managed object.
+ By definition it has no hierarchy.
+ -->
+ <xsl:copy>
+ <!--
+ Shallow copy this element and its attributes.
+ -->
+ <xsl:copy-of select="@*" />
+ <!--
+ Pre-process this managed object's elements.
+ -->
+ <xsl:apply-templates mode="pre-process">
+ <xsl:with-param name="moname" select="'root'" />
+ <xsl:with-param name="mopackage"
+ select="'org.forgerock.opendj.admin'" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Pre-process a tag and validate it and by adding a "preprocessor"
+ profile which contains information about where the tag was defined.
+ -->
+ <xsl:template match="adm:tag" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" />
+ <!--
+ Make sure that this tag is not duplicated.
+ -->
+ <xsl:variable name="name" select="@name" />
+ <xsl:if test="../adm:tag[@name=$name][2]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Tag ', @name, ' is already defined in this managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Make sure that this tag does not override an existing tag.
+ -->
+ <xsl:if test="$hierarchy/adm:managed-object/adm:tag[@name=$name]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Tag ', @name, ' is already defined in a parent managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Get the referenced package.
+ -->
+ <xsl:variable name="uri">
+ <xsl:call-template name="get-managed-object-uri">
+ <xsl:with-param name="package"
+ select="'org.forgerock.opendj.admin'" />
+ <xsl:with-param name="name" select="'root'" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:if test="not(document($uri)/adm:root-managed-object)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Root managed object definition not found in ', $uri, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if
+ test="not(document($uri)/adm:root-managed-object/adm:tag-definition[@name=$name])">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Tag "', $name,
+ '" not defined in root managed object definition.')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Copy the tag.
+ -->
+ <xsl:element name="adm:tag">
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="pre-process">
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ </xsl:apply-templates>
+ </xsl:element>
+ </xsl:template>
+ <!--
+ Pre-process a property definition by adding a "preprocessor" profile
+ which contains information about where the property was defined.
+ -->
+ <xsl:template match="adm:property" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" select="/.." />
+ <!--
+ Make sure that this property does not have the same name as another
+ property or reference in this managed object.
+ -->
+ <xsl:variable name="name" select="@name" />
+ <xsl:if
+ test="../adm:property[@name=$name][2] |
+ ../adm:property-reference[@name=$name]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Property definition ', @name, ' is already defined in this managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Make sure that this property does not override an existing property.
+ -->
+ <xsl:if
+ test="$hierarchy/adm:managed-object/adm:property[@name=$name]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Property definition ', @name, ' is already defined in a parent managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:copy>
+ <!--
+ Shallow copy this element and its attributes.
+ -->
+ <xsl:copy-of select="@*" />
+ <!--
+ Apply templates to subordinate elements (e.g. descriptions).
+ -->
+ <xsl:apply-templates mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Now append the preprocessor profile.
+ -->
+ <xsl:element name="adm:profile">
+ <xsl:attribute name="name">
+ <xsl:value-of select="'preprocessor'" />
+ </xsl:attribute>
+ <xsl:element name="admpp:last-defined-in">
+ <xsl:attribute name="name">
+ <xsl:value-of select="$moname" />
+ </xsl:attribute>
+ <xsl:attribute name="package">
+ <xsl:value-of select="$mopackage" />
+ </xsl:attribute>
+ </xsl:element>
+ </xsl:element>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Pre-process a property reference pulling in the referenced property
+ definition and by adding a "preprocessor" profile which contains
+ information about where the property was defined.
+ -->
+ <xsl:template match="adm:property-reference" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" />
+ <!--
+ Make sure that this property reference does not have the same name as another
+ property or reference in this managed object.
+ -->
+ <xsl:variable name="name" select="@name" />
+ <xsl:if
+ test="../adm:property[@name=$name] |
+ ../adm:property-reference[@name=$name][2]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Property definition ', @name, ' is already defined in this managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Make sure that this property does not override an existing property.
+ -->
+ <xsl:if
+ test="$hierarchy/adm:managed-object/adm:property[@name=$name]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Property reference ', @name, ' is already defined in a parent managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Determine the package containing the reference property definition.
+ -->
+ <xsl:variable name="package">
+ <xsl:choose>
+ <xsl:when test="@package">
+ <xsl:value-of select="@package" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$mopackage" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <!--
+ Get the referenced package.
+ -->
+ <xsl:variable name="uri">
+ <xsl:call-template name="get-package-uri">
+ <xsl:with-param name="package" select="$package" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:if test="not(document($uri)/adm:package)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No package definition found in ', $uri, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="not(document($uri)/adm:package[@name=$package])">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Package definition found in ', $uri, ' but it did not define package ', $package, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if
+ test="not(document($uri)/adm:package[@name=$package]/adm:property[@name=$name])">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Referenced property definition "', $name,
+ '" not found in package definition "', $package,
+ '".')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Copy the referenced property definition taking care to override
+ the default behavior and admin action if required.
+ -->
+ <xsl:variable name="property"
+ select="document($uri)/adm:package[@name=$package]/adm:property[@name=$name]" />
+ <xsl:element name="adm:property">
+ <xsl:copy-of select="$property/@*" />
+ <xsl:apply-templates
+ select="$property/adm:TODO | $property/adm:synopsis | $property/adm:description"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <xsl:choose>
+ <xsl:when test="adm:requires-admin-action">
+ <xsl:apply-templates select="adm:requires-admin-action"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates
+ select="$property/adm:requires-admin-action"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior">
+ <xsl:apply-templates select="adm:default-behavior"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$property/adm:default-behavior"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:apply-templates
+ select="$property/adm:syntax | $property/adm:profile"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Now append the preprocessor profile.
+ -->
+ <xsl:element name="adm:profile">
+ <xsl:attribute name="name">
+ <xsl:value-of select="'preprocessor'" />
+ </xsl:attribute>
+ <xsl:element name="admpp:last-defined-in">
+ <xsl:attribute name="name">
+ <xsl:value-of select="$moname" />
+ </xsl:attribute>
+ <xsl:attribute name="package">
+ <xsl:value-of select="$mopackage" />
+ </xsl:attribute>
+ </xsl:element>
+ <xsl:element name="admpp:first-defined-in">
+ <xsl:attribute name="package">
+ <xsl:value-of select="$package" />
+ </xsl:attribute>
+ </xsl:element>
+ </xsl:element>
+ </xsl:element>
+ </xsl:template>
+ <!--
+ Pre-process a property override pulling in the inherited property
+ definition and by adding a "preprocessor" profile which contains
+ information about where the property was redefined.
+ -->
+ <xsl:template match="adm:property-override" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" />
+ <!--
+ Make sure that this property override does not have the same name as another
+ property override in this managed object.
+ -->
+ <xsl:variable name="name" select="@name" />
+ <xsl:if test="../adm:property-override[@name=$name][2]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Property override ', @name, ' is already overridden in this managed object')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Make sure that this property overrides an existing property.
+ -->
+ <xsl:if
+ test="not($hierarchy/adm:managed-object/adm:property[@name=$name])">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Cannot find inherited property ', @name, ' for property override')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Copy the inherited property definition taking care to override
+ the default behavior and admin action if required.
+ -->
+ <xsl:variable name="property"
+ select="$hierarchy/adm:managed-object/adm:property[@name=$name]" />
+ <xsl:element name="adm:property">
+ <xsl:copy-of select="$property/@*[local-name() != 'advanced']" />
+ <xsl:choose>
+ <xsl:when test="@advanced">
+ <xsl:copy-of select="@advanced" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:copy-of select="$property/@advanced" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:apply-templates
+ select="$property/adm:TODO | $property/adm:synopsis | $property/adm:description"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <xsl:choose>
+ <xsl:when test="adm:requires-admin-action">
+ <xsl:apply-templates select="adm:requires-admin-action"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates
+ select="$property/adm:requires-admin-action"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior">
+ <xsl:apply-templates select="adm:default-behavior"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$property/adm:default-behavior"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:apply-templates
+ select="$property/adm:syntax | $property/adm:profile[@name!='preprocessor']"
+ mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ <!--
+ Now append the preprocessor profile.
+ -->
+ <xsl:element name="adm:profile">
+ <xsl:attribute name="name">
+ <xsl:value-of select="'preprocessor'" />
+ </xsl:attribute>
+ <xsl:element name="admpp:last-defined-in">
+ <xsl:attribute name="name">
+ <xsl:value-of select="$moname" />
+ </xsl:attribute>
+ <xsl:attribute name="package">
+ <xsl:value-of select="$mopackage" />
+ </xsl:attribute>
+ </xsl:element>
+ <xsl:choose>
+ <xsl:when
+ test="$property/adm:profile[@name='preprocessor']/admpp:first-defined-in">
+ <xsl:copy-of
+ select="$property/adm:profile[@name='preprocessor']/admpp:first-defined-in" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:element name="admpp:first-defined-in">
+ <xsl:copy-of
+ select="$property/adm:profile[@name='preprocessor']/admpp:last-defined-in/@*" />
+ </xsl:element>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:element>
+ </xsl:element>
+ </xsl:template>
+ <!--
+ Pre-process a relation, merging information from the referenced
+ managed object where required, and by adding a "preprocessor" profile
+ which contains information about where the relation was defined.
+ -->
+ <xsl:template match="adm:relation" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" select="/.." />
+ <!--
+ Determine the name of the relation.
+ -->
+ <xsl:variable name="name" select="@name" />
+ <!--
+ Make sure that this relation does not override an existing relation.
+ -->
+ <xsl:if
+ test="$hierarchy/adm:managed-object/adm:relation[@name=$name]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', $name, ' is already defined in a parent managed object.')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Make sure that this relation is not already defined in this managed object.
+ -->
+ <xsl:if test="../adm:relation[@name=$name][2]">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', $name, ' is already defined in this managed object.')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Now get the referenced managed object.
+ -->
+ <xsl:variable name="mname">
+ <xsl:choose>
+ <xsl:when test="not(@managed-object-name)">
+ <xsl:value-of select="$name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@managed-object-name" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="mpackage">
+ <xsl:choose>
+ <xsl:when test="not(@managed-object-package)">
+ <xsl:value-of select="$mopackage" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="@managed-object-package" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="uri">
+ <xsl:call-template name="get-managed-object-uri">
+ <xsl:with-param name="name" select="$mname" />
+ <xsl:with-param name="package" select="$mpackage" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="managed-object"
+ select="document($uri)/adm:managed-object[@name=$mname]" />
+ <xsl:if test="not($managed-object)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Managed object definition "', $mname, '" not found in ', $uri, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <!--
+ Now merge the relation.
+ -->
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <!--
+ Add missing attribute managed-object-name if it is not provided.
+ -->
+ <xsl:if test="not(@managed-object-name)">
+ <xsl:attribute name="managed-object-name">
+ <xsl:value-of select="$mname" />
+ </xsl:attribute>
+ </xsl:if>
+ <!--
+ Add missing attribute managed-object-package if it is not provided.
+ -->
+ <xsl:if test="not(@managed-object-package)">
+ <xsl:attribute name="managed-object-package">
+ <xsl:value-of select="$mpackage" />
+ </xsl:attribute>
+ </xsl:if>
+ <!--
+ Copy TODO element.
+ -->
+ <xsl:copy-of select="adm:TODO" />
+ <!--
+ Copy synopsis element from referenced managed object if it is undefined.
+ -->
+ <xsl:choose>
+ <xsl:when test="adm:synopsis">
+ <xsl:apply-templates select="adm:synopsis"
+ mode="merge-relation">
+ <xsl:with-param name="managed-object"
+ select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$managed-object/adm:synopsis"
+ mode="merge-relation">
+ <xsl:with-param name="managed-object"
+ select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <!--
+ Copy description element from referenced managed object if it is undefined.
+ -->
+ <xsl:choose>
+ <xsl:when test="adm:description">
+ <xsl:apply-templates select="adm:description"
+ mode="merge-relation">
+ <xsl:with-param name="managed-object"
+ select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:apply-templates select="$managed-object/adm:description"
+ mode="merge-relation">
+ <xsl:with-param name="managed-object"
+ select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:otherwise>
+ </xsl:choose>
+ <!--
+ Merge remaining elements.
+ -->
+ <xsl:apply-templates
+ select="*[not(self::adm:TODO|self::adm:synopsis|self::adm:description)]"
+ mode="merge-relation">
+ <xsl:with-param name="managed-object" select="$managed-object" />
+ </xsl:apply-templates>
+ <!--
+ Now append the preprocessor profile.
+ -->
+ <xsl:element name="adm:profile">
+ <xsl:attribute name="name">
+ <xsl:value-of select="'preprocessor'" />
+ </xsl:attribute>
+ <xsl:element name="admpp:last-defined-in">
+ <xsl:attribute name="name">
+ <xsl:value-of select="$moname" />
+ </xsl:attribute>
+ <xsl:attribute name="package">
+ <xsl:value-of select="$mopackage" />
+ </xsl:attribute>
+ </xsl:element>
+ </xsl:element>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Default template for merging relations.
+ -->
+ <xsl:template match="*|comment()" mode="merge-relation">
+ <xsl:param name="managed-object" select="/.." />
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="merge-relation">
+ <xsl:with-param name="managed-object" select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Merge a default managed object.
+ -->
+ <xsl:template match="adm:default-managed-object" mode="merge-relation">
+ <xsl:param name="managed-object" select="/.." />
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <!--
+ Add missing attribute managed-object-name if it is not provided.
+ -->
+ <xsl:if test="not(@managed-object-name)">
+ <xsl:attribute name="managed-object-name">
+ <xsl:value-of select="$managed-object/@name" />
+ </xsl:attribute>
+ </xsl:if>
+ <!--
+ Add missing attribute managed-object-package if it is not provided.
+ -->
+ <xsl:if test="not(@managed-object-package)">
+ <xsl:attribute name="managed-object-package">
+ <xsl:value-of select="$managed-object/@package" />
+ </xsl:attribute>
+ </xsl:if>
+ <xsl:apply-templates mode="merge-relation">
+ <xsl:with-param name="managed-object" select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Merge a one-to-many relation.
+ -->
+ <xsl:template match="adm:one-to-many" mode="merge-relation">
+ <xsl:param name="managed-object" select="/.." />
+ <!--
+ Make sure that if this relation uses a naming property that the
+ naming property exists, is single-valued, mandatory, and read-only.
+ -->
+ <xsl:if test="@naming-property">
+ <xsl:variable name="naming-property-name"
+ select="@naming-property" />
+ <!--
+ FIXME: this does not cope with the situation where the property
+ is inherited, referenced, or overridden.
+ -->
+ <xsl:variable name="naming-property"
+ select="$managed-object/adm:property[@name=$naming-property-name]" />
+ <xsl:if test="not($naming-property)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', ../@name,
+ ' references an unknown naming property ',
+ $naming-property-name, ' in ',
+ $managed-object/@name, '.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="not($naming-property/@read-only='true')">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', ../@name,
+ ' references the naming property ',
+ $naming-property-name, ' in ',
+ $managed-object/@name, ' which is not read-only. ',
+ 'Naming properties must be read-only.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="not($naming-property/@mandatory='true')">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', ../@name,
+ ' references the naming property ',
+ $naming-property-name, ' in ',
+ $managed-object/@name, ' which is not mandatory. ',
+ 'Naming properties must be mandatory.')" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="$naming-property/@multi-valued='true'">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Relation ', ../@name,
+ ' references the naming property ',
+ $naming-property-name, ' in ',
+ $managed-object/@name, ' which is multi-valued. ',
+ 'Naming properties must be single-valued.')" />
+ </xsl:message>
+ </xsl:if>
+ </xsl:if>
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <!--
+ Add missing plural name attribute if not present.
+ -->
+ <xsl:if test="not(@plural-name)">
+ <xsl:attribute name="plural-name">
+ <xsl:value-of select="$managed-object/@plural-name" />
+ </xsl:attribute>
+ </xsl:if>
+ <xsl:apply-templates mode="merge-relation">
+ <xsl:with-param name="managed-object" select="$managed-object" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Process a rich-description element in a relation.
+ -->
+ <xsl:template match="adm:synopsis|adm:description"
+ mode="merge-relation">
+ <xsl:param name="managed-object" select="/.." />
+ <xsl:copy>
+ <!--
+ Shallow copy.
+ -->
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="rich-description">
+ <xsl:with-param name="ufn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$managed-object/@name" />
+ </xsl:call-template>
+ </xsl:with-param>
+ <xsl:with-param name="ufpn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value"
+ select="$managed-object/@plural-name" />
+ </xsl:call-template>
+ </xsl:with-param>
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Process a rich-description element.
+ -->
+ <xsl:template
+ match="adm:synopsis|adm:description|adm:unit-description"
+ mode="pre-process">
+ <xsl:copy>
+ <!--
+ Shallow copy.
+ -->
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="rich-description">
+ <xsl:with-param name="ufn" select="$this-ufn" />
+ <xsl:with-param name="ufpn" select="$this-ufpn" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Process a relative inherited default behavior
+ -->
+ <xsl:template match="adm:relative" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" select="/.." />
+ <xsl:copy>
+ <!--
+ Shallow copy.
+ -->
+ <xsl:copy-of select="@*" />
+ <!--
+ Add missing attribute managed-object-package if it is not provided.
+ -->
+ <xsl:if test="not(@managed-object-package)">
+ <xsl:attribute name="managed-object-package">
+ <xsl:value-of select="$mopackage" />
+ </xsl:attribute>
+ </xsl:if>
+ <!--
+ Apply templates to subordinate elements.
+ -->
+ <xsl:apply-templates mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Process a user-friendly-name element.
+ -->
+ <xsl:template match="adm:user-friendly-name"
+ mode="rich-description">
+ <xsl:param name="ufn" select="/.." />
+ <xsl:value-of select="$ufn" />
+ </xsl:template>
+ <!--
+ Process a user-friendly-plural-name element.
+ -->
+ <xsl:template match="adm:user-friendly-plural-name"
+ mode="rich-description">
+ <xsl:param name="ufpn" select="/.." />
+ <xsl:value-of select="$ufpn" />
+ </xsl:template>
+ <!--
+ Process a product-name element.
+ -->
+ <xsl:template match="adm:product-name" mode="rich-description">
+ <xsl:value-of select="$product-name" />
+ </xsl:template>
+ <!--
+ Default template for rich descriptions.
+ -->
+ <xsl:template match="*|comment()" mode="rich-description">
+ <xsl:param name="ufn" select="/.." />
+ <xsl:param name="ufpn" select="/.." />
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="rich-description">
+ <xsl:with-param name="ufn" select="$ufn" />
+ <xsl:with-param name="ufpn" select="$ufpn" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Default template for pre-processing.
+ -->
+ <xsl:template match="*|comment()" mode="pre-process">
+ <xsl:param name="mopackage" select="/.." />
+ <xsl:param name="moname" select="/.." />
+ <xsl:param name="hierarchy" />
+ <xsl:copy>
+ <xsl:copy-of select="@*" />
+ <xsl:apply-templates mode="pre-process">
+ <xsl:with-param name="mopackage" select="$mopackage" />
+ <xsl:with-param name="moname" select="$moname" />
+ <xsl:with-param name="hierarchy" select="$hierarchy" />
+ </xsl:apply-templates>
+ </xsl:copy>
+ </xsl:template>
+ <!--
+ Useful variables relating to the current managed object.
+ -->
+ <!--
+ Product name.
+
+ FIXME: should get this from the root configuration but for some
+ reason we get a circular dependency error when constructing
+ the URI in JDK1.6.
+ -->
+ <xsl:variable name="product-name" select="'OpenDJ'" />
+ <xsl:variable name="this-name">
+ <xsl:choose>
+ <xsl:when test="/adm:managed-object">
+ <xsl:value-of select="/adm:managed-object/@name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <!--
+ Must be the root configuration.
+ -->
+ <xsl:value-of select="'root'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="this-plural-name">
+ <xsl:choose>
+ <xsl:when test="/adm:managed-object">
+ <xsl:value-of select="/adm:managed-object/@plural-name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <!--
+ Must be the root configuration - the plural form should never
+ be required as this is a singleton. We'll define it for
+ consistency.
+ -->
+ <xsl:value-of select="'roots'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="this-ufn">
+ <xsl:choose>
+ <xsl:when test="/adm:managed-object/adm:user-friendly-name">
+ <xsl:value-of
+ select="normalize-space(/adm:managed-object/adm:user-friendly-name)" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$this-name" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="this-ufpn">
+ <xsl:choose>
+ <xsl:when
+ test="/adm:managed-object/adm:user-friendly-plural-name">
+ <xsl:value-of
+ select="normalize-space(/adm:managed-object/adm:user-friendly-plural-name)" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$this-plural-name" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="_this">
+ <xsl:call-template name="pre-process-managed-object" />
+ </xsl:variable>
+ <xsl:variable name="_this_tmp" select="exsl:node-set($_this)" />
+ <xsl:variable name="this"
+ select="$_this_tmp/adm:managed-object | $_this_tmp/adm:root-managed-object" />
+ <xsl:variable name="this-is-abstract"
+ select="boolean(string($this/@abstract) = 'true')" />
+ <xsl:variable name="this-is-advanced"
+ select="boolean(string($this/@advanced) = 'true')" />
+ <xsl:variable name="this-is-hidden"
+ select="boolean(string($this/@hidden) = 'true')" />
+ <xsl:variable name="this-is-root"
+ select="not(local-name($this) = 'managed-object')" />
+ <xsl:variable name="this-package">
+ <xsl:choose>
+ <xsl:when test="not($this-is-root)">
+ <xsl:value-of select="$this/@package" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'org.forgerock.opendj.admin'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="this-java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$this-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="_top-name"
+ select="$this/adm:profile[@name='preprocessor']/admpp:parent-managed-object[last()]/@name" />
+ <xsl:variable name="_top-length" select="string-length($_top-name)" />
+ <xsl:variable name="_this-length" select="string-length($this-name)" />
+ <xsl:variable name="_diff" select="$_this-length - $_top-length" />
+ <xsl:variable name="_start"
+ select="substring($this-name, 1, $_diff - 1)" />
+ <xsl:variable name="_middle"
+ select="substring($this-name, $_diff, 1)" />
+ <xsl:variable name="_end"
+ select="substring($this-name, $_diff + 1, $_top-length)" />
+ <xsl:variable name="this-short-name">
+ <xsl:choose>
+ <xsl:when test="$this-is-root">
+ <xsl:value-of select="''" />
+ </xsl:when>
+ <xsl:when test="not($_top-name)">
+ <xsl:value-of select="''" />
+ </xsl:when>
+ <xsl:when test="$_middle != '-' or $_end != $_top-name">
+ <!--
+ <xsl:message terminate="no">
+ <xsl:value-of
+ select="concat('The managed object ', $this-name, ' should end with ', $_top-name)" />
+ </xsl:message>
+ -->
+ <xsl:value-of select="$this-name" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$_start" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="this-short-java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$this-short-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <!--
+ Useful variables relating to the parent managed object.
+ -->
+ <xsl:variable name="parent-name" select="$this/@extends" />
+ <xsl:variable name="parent-package">
+ <xsl:choose>
+ <xsl:when test="$this/@parent-package">
+ <xsl:value-of select="$this/@parent-package" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$this-package" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:variable>
+ <xsl:variable name="parent-java-class">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$parent-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <!--
+ Useful variables relating to managed object's relations.
+ -->
+ <xsl:variable name="this-local-relations"
+ select="$this/adm:relation[adm:profile[@name='preprocessor']/admpp:last-defined-in[@name=$this-name and @package=$this-package]]" />
+ <xsl:variable name="this-inherited-relations"
+ select="$this/adm:relation[adm:profile[@name='preprocessor']/admpp:last-defined-in[not(@name=$this-name and @package=$this-package)]]" />
+ <xsl:variable name="this-all-relations" select="$this/adm:relation" />
+ <!--
+ Useful variables relating to managed object's properties.
+ -->
+ <xsl:variable name="this-local-properties"
+ select="$this/adm:property[adm:profile[@name='preprocessor']/admpp:last-defined-in[@name=$this-name and @package=$this-package]]" />
+ <xsl:variable name="this-inherited-properties"
+ select="$this/adm:property[adm:profile[@name='preprocessor']/admpp:last-defined-in[not(@name=$this-name and @package=$this-package)]]" />
+ <xsl:variable name="this-all-properties" select="$this/adm:property" />
+ <!--
+ Default rule for testing.
+ -->
+ <xsl:template match="/">
+ <xsl:copy-of select="$this" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types.xsl b/opendj-admin/src/main/resources/stylesheets/property-types.xsl
new file mode 100644
index 0000000..c0f4d8d
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types.xsl
@@ -0,0 +1,637 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008-2010 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="java-utilities.xsl" />
+ <!--
+
+
+
+ WARNING: when new property types are defined, they must be
+ included here.
+
+ These stylesheets are included and NOT imported so that they
+ have the same import precedence as the default rules.
+
+
+
+ -->
+ <xsl:include href="property-types/aggregation.xsl" />
+ <xsl:include href="property-types/attribute-type.xsl" />
+ <xsl:include href="property-types/boolean.xsl" />
+ <xsl:include href="property-types/dn.xsl" />
+ <xsl:include href="property-types/duration.xsl" />
+ <xsl:include href="property-types/enumeration.xsl" />
+ <xsl:include href="property-types/integer.xsl" />
+ <xsl:include href="property-types/ip-address-mask.xsl" />
+ <xsl:include href="property-types/ip-address.xsl" />
+ <xsl:include href="property-types/java-class.xsl" />
+ <xsl:include href="property-types/aci.xsl" />
+ <xsl:include href="property-types/oid.xsl" />
+ <xsl:include href="property-types/password.xsl" />
+ <xsl:include href="property-types/size.xsl" />
+ <xsl:include href="property-types/string.xsl" />
+ <xsl:include href="property-types/extensible-matching-rule-type.xsl" />
+ <!--
+
+
+
+ Default rules applicable to each property type.
+
+ Property type stylesheets should override these where necessary.
+
+
+
+ -->
+ <!--
+ Get the Java object-based type associated with a property syntax.
+
+ By default property values are represented using strings.
+ -->
+ <xsl:template match="*" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <!--
+ Get the Java primitive type, if applicable, associated with a
+ property syntax.
+
+ By default property values are represented using the type defined by
+ java-value-type.
+ -->
+ <xsl:template match="*" mode="java-value-primitive-type">
+ <xsl:apply-templates select="." mode="java-value-type" />
+ </xsl:template>
+ <!--
+ Generate import elements represesenting the import statements
+ required by values of the property.
+
+ By default property values are represented using strings which
+ don't require an import statement - so do nothing.
+ -->
+ <xsl:template match="*" mode="java-value-imports">
+ <xsl:param name="interface" select="/.." />
+ </xsl:template>
+ <!--
+ Generate the Java definition type used to define the property.
+
+ By default properties are defined using string property
+ definitions.
+ -->
+ <xsl:template match="*" mode="java-definition-type">
+ <xsl:value-of select="'StringPropertyDefinition'" />
+ </xsl:template>
+ <!--
+ Generate import elements represesenting the import statements
+ required by the property's definition and its values.
+
+ By default assume that the definition type is in
+ org.opends.server.admin and is derived directly from the
+ java-definition-type (might not be the case for parameterized
+ types. In addition pull in the value imports.
+ -->
+ <xsl:template match="*" mode="java-definition-imports">
+ <xsl:element name="import">
+ <xsl:value-of select="'org.opends.server.admin.'" />
+ <xsl:apply-templates select="." mode="java-definition-type" />
+ </xsl:element>
+ <xsl:apply-templates select="." mode="java-value-imports">
+ <xsl:with-param name="interface" select="'server'" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <!--
+ If the property definition is generic, get the generic type. Otherwise,
+ do nothing.
+
+ Default: do nothing.
+ -->
+ <xsl:template match="*" mode="java-definition-generic-type" />
+ <!--
+ Generate property definition specific constructor setters.
+
+ By default, do nothing.
+ -->
+ <xsl:template match="*" mode="java-definition-ctor" />
+ <!--
+ Generate property definition specific post-construction code.
+
+ By default, do nothing.
+ -->
+ <xsl:template match="*" mode="java-definition-post-ctor" />
+ <!--
+ Generate property getter declaration(s).
+
+ By default, generate a single getter with minimal documentation.
+ -->
+ <xsl:template match="*" mode="java-property-getter-declaration">
+ <xsl:param name="interface" select="/.." />
+ <xsl:call-template
+ name="generate-default-property-getter-declaration">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:call-template>
+ </xsl:template>
+ <!--
+ Generate property getter implementation(s).
+
+ By default, generate a single getter.
+ -->
+ <xsl:template match="*" mode="java-property-getter-implementation">
+ <xsl:param name="interface" select="/.." />
+ <xsl:call-template
+ name="generate-default-property-getter-implementation">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:call-template>
+ </xsl:template>
+ <!--
+ Generate property setter declaration(s).
+
+ By default, generate a single setter with minimal documentation.
+ -->
+ <xsl:template match="*" mode="java-property-setter-declaration">
+ <xsl:call-template
+ name="generate-default-property-setter-declaration" />
+ </xsl:template>
+ <!--
+ Generate property setter implementation(s).
+
+ By default, generate a single setter.
+ -->
+ <xsl:template match="*" mode="java-property-setter-implementation">
+ <xsl:call-template
+ name="generate-default-property-setter-implementation" />
+ </xsl:template>
+ <!--
+
+
+ Wrapper templates which can be called directly instead of
+ requiring the more indirect and less readable apply-templates
+ mechanism.
+
+
+ -->
+ <!--
+ Get the Java imports required for a property's values.
+ -->
+ <xsl:template name="get-property-java-imports">
+ <xsl:param name="interface" select="/.." />
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-value-imports">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <!--
+ Get the Java imports required for a property's definition.
+ -->
+ <xsl:template name="get-property-definition-java-imports">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-definition-imports" />
+ </xsl:template>
+ <!--
+ Get the Java object-based type associated with a property syntax.
+ -->
+ <xsl:template name="get-property-java-type">
+ <xsl:apply-templates select="adm:syntax/*" mode="java-value-type" />
+ </xsl:template>
+ <!--
+ Get the Java primitive type, if applicable, associated with a
+ property syntax.
+ -->
+ <xsl:template name="get-property-java-primitive-type">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-value-primitive-type" />
+ </xsl:template>
+ <!--
+ Get the property definition type associated with a
+ property syntax.
+ -->
+ <xsl:template name="get-property-definition-type">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-definition-type" />
+ </xsl:template>
+ <!--
+ If the property definition is generic, get the generic type. Otherwise,
+ do nothing.
+ -->
+ <xsl:template name="get-property-definition-generic-type">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-definition-generic-type" />
+ </xsl:template>
+ <!--
+ Generate property definition specific constructor setters.
+ -->
+ <xsl:template name="get-property-definition-ctor">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-definition-ctor" />
+ </xsl:template>
+ <!--
+ Generate property definition specific post-construction code.
+ -->
+ <xsl:template name="get-property-definition-post-ctor">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-definition-post-ctor" />
+ </xsl:template>
+ <!--
+ Generate the property getter declarations.
+ -->
+ <xsl:template name="generate-property-getter-declaration">
+ <xsl:param name="interface" select="/.." />
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-property-getter-declaration">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <!--
+ Generate the property getter implementations.
+ -->
+ <xsl:template name="generate-property-getter-implementation">
+ <xsl:param name="interface" select="/.." />
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-property-getter-implementation">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <!--
+ Generate the property setter declarations.
+ -->
+ <xsl:template name="generate-property-setter-declaration">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-property-setter-declaration" />
+ </xsl:template>
+ <!--
+ Generate the property setter implementations.
+ -->
+ <xsl:template name="generate-property-setter-implementation">
+ <xsl:apply-templates select="adm:syntax/*"
+ mode="java-property-setter-implementation" />
+ </xsl:template>
+ <!--
+ Generate the default property getter declarations.
+ -->
+ <xsl:template name="generate-default-property-getter-declaration">
+ <xsl:param name="interface" select="/.." />
+ <xsl:apply-templates select="../.."
+ mode="generate-default-property-getter-declaration-aux">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <xsl:template match="adm:property"
+ mode="generate-default-property-getter-declaration-aux">
+ <xsl:param name="interface" select="/.." />
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="java-property-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Gets the "', $name,'" property.
')" />
+ <xsl:if test="adm:synopsis">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:synopsis" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:if test="adm:description">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:description" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="string(@multi-valued) != 'true'">
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @return Returns the value of the "', $name,'" property.
',
+ ' */
')" />
+ <xsl:value-of select="' '" />
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior/adm:defined">
+ <!--
+ The method is guaranteed to return a value since there is a
+ well-defined default value.
+ -->
+ <xsl:call-template name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:when
+ test="$interface = 'server' and @mandatory = 'true'">
+ <!--
+ The method is guaranteed to return a value in the server interface, but
+ not necessarily in the client, since the mandatory property might not
+ have been created yet.
+ -->
+ <xsl:call-template name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:choose>
+ <xsl:when test="$interface='server'">
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @return Returns an unmodifiable set containing the values of the "', $name,'" property.
',
+ ' */
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @return Returns the values of the "', $name,'" property.
',
+ ' */
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' SortedSet<'" />
+ <xsl:call-template name="get-property-java-type" />
+ <xsl:value-of select="'>'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="adm:syntax/adm:boolean">
+ <xsl:value-of select="' is'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="' get'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of
+ select="concat($java-property-name,
+ '();
')" />
+ </xsl:template>
+ <!--
+ Generate the default property getter implementation.
+ -->
+ <xsl:template
+ name="generate-default-property-getter-implementation">
+ <xsl:param name="interface" select="/.." />
+ <xsl:apply-templates select="../.."
+ mode="generate-default-property-getter-implementation-aux">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:apply-templates>
+ </xsl:template>
+ <xsl:template match="adm:property"
+ mode="generate-default-property-getter-implementation-aux">
+ <xsl:param name="interface" select="/.." />
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public ')" />
+ <xsl:choose>
+ <xsl:when test="string(@multi-valued) != 'true'">
+ <xsl:choose>
+ <xsl:when test="adm:default-behavior/adm:defined">
+ <!--
+ The method is guaranteed to return a value since there is a
+ well-defined default value.
+ -->
+ <xsl:call-template name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:when
+ test="$interface = 'server' and @mandatory = 'true'">
+ <!--
+ The method is guaranteed to return a value in the server interface, but
+ not necessarily in the client, since the mandatory property might not
+ have been created yet.
+ -->
+ <xsl:call-template name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'SortedSet<'" />
+ <xsl:call-template name="get-property-java-type" />
+ <xsl:value-of select="'>'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="adm:syntax/adm:boolean">
+ <xsl:value-of select="' is'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="' get'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:choose>
+ <xsl:when test="$interface='server'">
+ <xsl:value-of
+ select="concat($java-prop-name, '() {
',
+ ' return p', $java-prop-name , ';
' ,
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:choose>
+ <xsl:when test="string(@multi-valued) != 'true'">
+ <xsl:value-of
+ select="concat($java-prop-name, '() {
',
+ ' return impl.getPropertyValue',
+ '(INSTANCE.get', $java-prop-name ,
+ 'PropertyDefinition());
' ,
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat($java-prop-name, '() {
',
+ ' return impl.getPropertyValues',
+ '(INSTANCE.get', $java-prop-name ,
+ 'PropertyDefinition());
' ,
+ ' }
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Generate the default property setter declarations.
+ -->
+ <xsl:template name="generate-default-property-setter-declaration">
+ <xsl:apply-templates select="../.."
+ mode="generate-default-property-setter-declaration-aux" />
+ </xsl:template>
+ <xsl:template match="adm:property"
+ mode="generate-default-property-setter-declaration-aux">
+ <xsl:if test="not(@monitoring='true')">
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="java-property-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Sets the "', $name, '" property.
')" />
+ <xsl:if test="adm:synopsis">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:synopsis" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:if test="adm:description">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="adm:description" />
+ </xsl:call-template>
+ </xsl:if>
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:value-of
+ select="concat(
+ ' * This property is read-only and can only be modified during
',
+ ' * creation of a ', $this-ufn, '.
')" />
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="not(@multi-valued='true')">
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @param value The value of the "', $name, '" property.
',
+ ' * @throws IllegalPropertyValueException
',
+ ' * If the new value is invalid.
')" />
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of
+ select="concat(
+ ' * @throws PropertyIsReadOnlyException
',
+ ' * If this ', $this-ufn, ' is not being initialized.
')" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat(
+ ' */
',
+ ' void set', $java-property-name, '(')" />
+ <xsl:choose>
+ <xsl:when test="@mandatory = 'true'">
+ <xsl:call-template
+ name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' value'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' *
',
+ ' * @param values The values of the "', $name, '" property.
',
+ ' * @throws IllegalPropertyValueException
',
+ ' * If one or more of the new values are invalid.
')" />
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of
+ select="concat(
+ ' * @throws PropertyIsReadOnlyException
',
+ ' * If this ', $this-ufn, ' is not being initialized.
')" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat(
+ ' */
',
+ ' void set', $java-property-name, '(Collection<')" />
+ <xsl:call-template name="get-property-java-type" />
+ <xsl:value-of select="'> values'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="') throws IllegalPropertyValueException'" />
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of select="', PropertyIsReadOnlyException'" />
+ </xsl:if>
+ <xsl:value-of select="';
'" />
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Generate the default property setter implementation.
+ -->
+ <xsl:template
+ name="generate-default-property-setter-implementation">
+ <xsl:apply-templates select="../.."
+ mode="generate-default-property-setter-implementation-aux" />
+ </xsl:template>
+ <xsl:template match="adm:property"
+ mode="generate-default-property-setter-implementation-aux">
+ <xsl:if test="not(@monitoring='true')">
+ <xsl:variable name="java-prop-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * {@inheritDoc}
',
+ ' */
',
+ ' public void set',
+ $java-prop-name ,
+ '(')" />
+ <xsl:choose>
+ <xsl:when test="not(@multi-valued='true')">
+ <xsl:choose>
+ <xsl:when test="@mandatory='true'">
+ <xsl:call-template
+ name="get-property-java-primitive-type" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="get-property-java-type" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:value-of select="' value)'" />
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of
+ select="' throws PropertyIsReadOnlyException'" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat(' {
' ,
+ ' impl.setPropertyValue(INSTANCE.get',
+ $java-prop-name ,
+ 'PropertyDefinition(), value);
',
+ ' }
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'Collection<'" />
+ <xsl:call-template name="get-property-java-type" />
+ <xsl:value-of select="'> values)'" />
+ <xsl:if test="@read-only='true'">
+ <xsl:value-of
+ select="' throws PropertyIsReadOnlyException'" />
+ </xsl:if>
+ <xsl:value-of
+ select="concat(' {
' ,
+ ' impl.setPropertyValues(INSTANCE.get',
+ $java-prop-name ,
+ 'PropertyDefinition(), values);
',
+ ' }
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/aci.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/aci.xsl
new file mode 100644
index 0000000..46aa234
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/aci.xsl
@@ -0,0 +1,41 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing dseecompat ACI.
+ -->
+ <xsl:template match="adm:aci" mode="java-value-imports">
+ <import>org.opends.server.authorization.dseecompat.Aci</import>
+ </xsl:template>
+ <xsl:template match="adm:aci" mode="java-value-type">
+ <xsl:value-of select="'Aci'" />
+ </xsl:template>
+ <xsl:template match="adm:aci" mode="java-definition-type">
+ <xsl:value-of select="'ACIPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/aggregation.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/aggregation.xsl
new file mode 100644
index 0000000..c931b76
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/aggregation.xsl
@@ -0,0 +1,288 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008-2010 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="../java-utilities.xsl" />
+ <xsl:include href="../conditions.xsl" />
+ <!--
+ Templates for processing aggregation properties.
+ -->
+ <xsl:template match="adm:aggregation"
+ mode="java-definition-imports">
+ <xsl:element name="import">
+ <xsl:call-template name="get-definition-package" />
+ <xsl:value-of select="'.client.'" />
+ <xsl:call-template name="get-client-type" />
+ </xsl:element>
+ <xsl:element name="import">
+ <xsl:call-template name="get-definition-package" />
+ <xsl:value-of select="'.server.'" />
+ <xsl:call-template name="get-server-type" />
+ </xsl:element>
+ <xsl:if test="../../@multi-valued = 'true'">
+ <import>java.util.TreeSet</import>
+ </xsl:if>
+ <xsl:if test="adm:constraint/adm:target-needs-enabling-condition">
+ <import>org.opends.server.admin.condition.Conditions</import>
+ </xsl:if>
+ <xsl:if test="adm:constraint/adm:target-is-enabled-condition">
+ <import>org.opends.server.admin.condition.Conditions</import>
+ </xsl:if>
+ <import>
+ org.opends.server.admin.AggregationPropertyDefinition
+ </import>
+ </xsl:template>
+ <xsl:template match="adm:aggregation" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <xsl:template match="adm:aggregation" mode="java-value-imports">
+ <xsl:param name="interface" select="/.." />
+ <xsl:if test="$interface = 'server'">
+ <import>org.forgerock.opendj.ldap.DN</import>
+ </xsl:if>
+ </xsl:template>
+ <xsl:template match="adm:aggregation" mode="java-definition-type">
+ <xsl:value-of select="'AggregationPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:aggregation"
+ mode="java-definition-generic-type">
+ <xsl:call-template name="get-client-type" />
+ <xsl:value-of select="', '" />
+ <xsl:call-template name="get-server-type" />
+ </xsl:template>
+ <xsl:template match="adm:aggregation" mode="java-definition-ctor">
+ <xsl:if test="not(@parent-path)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No parent-path defined for aggregation property ', ../../@name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:if test="not(@relation-name)">
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('No relation-name defined for aggregation property ', ../../@name)" />
+ </xsl:message>
+ </xsl:if>
+ <xsl:value-of
+ select="concat(' builder.setParentPath("',
+ normalize-space(@parent-path), '");
')" />
+ <xsl:value-of
+ select="concat(' builder.setRelationDefinition("',
+ normalize-space(@relation-name), '");
')" />
+ <xsl:if test="adm:constraint/adm:target-needs-enabling-condition">
+ <xsl:value-of
+ select="' builder.setTargetNeedsEnablingCondition('" />
+ <xsl:apply-templates
+ select="adm:constraint/adm:target-needs-enabling-condition/*"
+ mode="compile-condition" />
+ <xsl:value-of select="');
'" />
+ </xsl:if>
+ <xsl:if test="adm:constraint/adm:target-is-enabled-condition">
+ <xsl:value-of
+ select="' builder.setTargetIsEnabledCondition('" />
+ <xsl:apply-templates select="adm:constraint/adm:target-is-enabled-condition/*"
+ mode="compile-condition" />
+ <xsl:value-of select="');
'" />
+ </xsl:if>
+ </xsl:template>
+ <xsl:template match="adm:aggregation"
+ mode="java-definition-post-ctor">
+ <xsl:value-of select="' INSTANCE.registerConstraint(PD_'" />
+ <xsl:call-template name="name-to-java-constant">
+ <xsl:with-param name="value" select="../../@name" />
+ </xsl:call-template>
+ <xsl:value-of select="'.getSourceConstraint());
'" />
+ </xsl:template>
+ <!--
+ Generate property getter declaration(s).
+ -->
+ <xsl:template match="adm:aggregation"
+ mode="java-property-getter-declaration">
+ <xsl:param name="interface" select="/.." />
+ <xsl:call-template
+ name="generate-default-property-getter-declaration">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:call-template>
+ <xsl:if test="$interface='server'">
+ <xsl:variable name="name" select="../../@name" />
+ <xsl:variable name="java-property-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="comment">
+ <xsl:if test="../../adm:synopsis">
+ <xsl:value-of select="'<p>
'" />
+ <xsl:value-of select="normalize-space(../../adm:synopsis)" />
+ <xsl:value-of select="'
'" />
+ </xsl:if>
+ <xsl:if test="../../adm:description">
+ <xsl:value-of select="'<p>
'" />
+ <xsl:value-of select="normalize-space(../../adm:description)" />
+ <xsl:value-of select="'
'" />
+ </xsl:if>
+ </xsl:variable>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:choose>
+ <xsl:when test="string(../../@multi-valued) != 'true'">
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Gets the "', $name,'" property as a DN.
',
+ $comment,
+ '
',
+ '@return Returns the DN value of the "', $name, '" property.
')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' DN get', $java-property-name, 'DN();
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="2" />
+ <xsl:with-param name="content"
+ select="concat(
+ 'Gets the "', $name,'" property as a set of DNs.
',
+ $comment,
+ '
',
+ '@return Returns the DN values of the "', $name, '" property.
')" />
+ </xsl:call-template>
+ <xsl:value-of
+ select="concat(' SortedSet<DN> get', $java-property-name, 'DNs();
')" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Generate property getter implementation(s).
+ -->
+ <xsl:template match="adm:aggregation"
+ mode="java-property-getter-implementation">
+ <xsl:param name="interface" select="/.." />
+ <xsl:call-template
+ name="generate-default-property-getter-implementation">
+ <xsl:with-param name="interface" select="$interface" />
+ </xsl:call-template>
+ <xsl:if test="$interface='server'">
+ <xsl:variable name="name" select="../../@name" />
+ <xsl:variable name="java-property-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="add-java-comment2">
+ <xsl:with-param name="indent" select="4" />
+ <xsl:with-param name="content" select="'{@inheritDoc}
'" />
+ </xsl:call-template>
+ <xsl:choose>
+ <xsl:when test="string(../../@multi-valued) != 'true'">
+ <xsl:value-of
+ select="concat(' public DN get', $java-property-name, 'DN() {
')" />
+ <xsl:value-of
+ select="concat(' String value = get', $java-property-name, '();
')" />
+ <xsl:value-of
+ select="' if (value == null) return null;
'" />
+ <xsl:value-of
+ select="concat(' return INSTANCE.get', $java-property-name, 'PropertyDefinition().getChildDN(value);
')" />
+ <xsl:value-of select="' }
'" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat(' public SortedSet<DN> get', $java-property-name, 'DNs() {
')" />
+ <xsl:value-of
+ select="concat(' SortedSet<String> values = get', $java-property-name, '();
')" />
+ <xsl:value-of
+ select="' SortedSet<DN> dnValues = new TreeSet<DN>();
'" />
+ <xsl:value-of
+ select="' for (String value : values) {
'" />
+ <xsl:value-of
+ select="concat(' DN dn = INSTANCE.get', $java-property-name, 'PropertyDefinition().getChildDN(value);
')" />
+ <xsl:value-of select="' dnValues.add(dn);
'" />
+ <xsl:value-of select="' }
'" />
+ <xsl:value-of select="' return dnValues;
'" />
+ <xsl:value-of select="' }
'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Gets the Java client configuration interface for the referenced type.
+ -->
+ <xsl:template name="get-client-type">
+ <xsl:call-template name="get-reference-type" />
+ <xsl:value-of select="'CfgClient'" />
+ </xsl:template>
+ <!--
+ Gets the Java server configuration interface for the referenced type.
+ -->
+ <xsl:template name="get-server-type">
+ <xsl:call-template name="get-reference-type" />
+ <xsl:value-of select="'Cfg'" />
+ </xsl:template>
+ <!--
+ Gets the Java definition configuration interface for the referenced type.
+ -->
+ <xsl:template name="get-definition-type">
+ <xsl:call-template name="get-reference-type" />
+ <xsl:value-of select="'CfgDefn'" />
+ </xsl:template>
+ <!--
+ Gets the Java definition configuration package.
+ -->
+ <xsl:template name="get-definition-package">
+ <xsl:choose>
+ <xsl:when test="@managed-object-package">
+ <xsl:value-of select="@managed-object-package" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="$this-package" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Gets the Java name for the referenced type.
+ -->
+ <xsl:template name="get-reference-type">
+ <xsl:choose>
+ <xsl:when test="@managed-object-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@relation-name" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/attribute-type.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/attribute-type.xsl
new file mode 100644
index 0000000..3b9f446
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/attribute-type.xsl
@@ -0,0 +1,42 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing attribute type properties.
+ -->
+ <xsl:template match="adm:attribute-type" mode="java-value-imports">
+ <import>org.forgerock.opendj.ldap.schema.AttributeType</import>
+ </xsl:template>
+ <xsl:template match="adm:attribute-type" mode="java-value-type">
+ <xsl:value-of select="'AttributeType'" />
+ </xsl:template>
+ <xsl:template match="adm:attribute-type"
+ mode="java-definition-type">
+ <xsl:value-of select="'AttributeTypePropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/boolean.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/boolean.xsl
new file mode 100644
index 0000000..e7310d1
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/boolean.xsl
@@ -0,0 +1,41 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing boolean properties.
+ -->
+ <xsl:template match="adm:boolean" mode="java-value-type">
+ <xsl:value-of select="'Boolean'" />
+ </xsl:template>
+ <xsl:template match="adm:boolean" mode="java-value-primitive-type">
+ <xsl:value-of select="'boolean'" />
+ </xsl:template>
+ <xsl:template match="adm:boolean" mode="java-definition-type">
+ <xsl:value-of select="'BooleanPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/dn.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/dn.xsl
new file mode 100644
index 0000000..5514e2f
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/dn.xsl
@@ -0,0 +1,48 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing DN properties.
+ -->
+ <xsl:template match="adm:dn" mode="java-value-imports">
+ <import>org.forgerock.opendj.ldap.DN</import>
+ </xsl:template>
+ <xsl:template match="adm:dn" mode="java-value-type">
+ <xsl:value-of select="'DN'" />
+ </xsl:template>
+ <xsl:template match="adm:dn" mode="java-definition-type">
+ <xsl:value-of select="'DNPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:dn" mode="java-definition-ctor">
+ <xsl:if test="adm:base">
+ <xsl:value-of
+ select="concat(' builder.setBaseDN("',
+ normalize-space(adm:base), '");
')" />
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/duration.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/duration.xsl
new file mode 100644
index 0000000..b5529ab
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/duration.xsl
@@ -0,0 +1,68 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing duration properties.
+ -->
+ <xsl:template match="adm:duration" mode="java-value-type">
+ <xsl:value-of select="'Long'" />
+ </xsl:template>
+ <xsl:template match="adm:duration" mode="java-value-primitive-type">
+ <xsl:value-of select="'long'" />
+ </xsl:template>
+ <xsl:template match="adm:duration" mode="java-definition-type">
+ <xsl:value-of select="'DurationPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:duration" mode="java-definition-ctor">
+ <xsl:if test="boolean(@allow-unlimited)">
+ <xsl:value-of
+ select="concat(' builder.setAllowUnlimited(',
+ @allow-unlimited, ');
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@base-unit)">
+ <xsl:value-of
+ select="concat(' builder.setBaseUnit("',
+ @base-unit, '");
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@maximum-unit)">
+ <xsl:value-of
+ select="concat(' builder.setMaximumUnit("',
+ @maximum-unit, '");
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@upper-limit)">
+ <xsl:value-of
+ select="concat(' builder.setUpperLimit("',
+ @upper-limit, '");
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@lower-limit)">
+ <xsl:value-of
+ select="concat(' builder.setLowerLimit("',
+ @lower-limit, '");
')" />
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/enumeration.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/enumeration.xsl
new file mode 100644
index 0000000..694ed08
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/enumeration.xsl
@@ -0,0 +1,105 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:admpp="http://www.opends.org/admin-preprocessor"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing enumeration properties.
+ -->
+ <xsl:template match="adm:enumeration" mode="java-value-imports">
+ <xsl:variable name="pp"
+ select="../../adm:profile[@name='preprocessor']" />
+ <xsl:element name="import">
+ <xsl:choose>
+ <xsl:when test="$pp/admpp:first-defined-in">
+ <xsl:value-of
+ select="concat($pp/admpp:first-defined-in/@package, '.')" />
+ <xsl:if test="$pp/admpp:first-defined-in/@name">
+ <xsl:value-of select="'meta.'" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="$pp/admpp:first-defined-in/@name" />
+ </xsl:call-template>
+ <xsl:value-of select="'CfgDefn.'" />
+ </xsl:if>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of
+ select="concat($pp/admpp:last-defined-in/@package, '.')" />
+ <xsl:value-of select="'meta.'" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="$pp/admpp:last-defined-in/@name" />
+ </xsl:call-template>
+ <xsl:value-of select="'CfgDefn.'" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:apply-templates select="." mode="java-value-type" />
+ </xsl:element>
+ </xsl:template>
+ <xsl:template match="adm:enumeration"
+ mode="java-definition-imports">
+ <xsl:element name="import">
+ <xsl:value-of
+ select="'org.opends.server.admin.EnumPropertyDefinition'" />
+ </xsl:element>
+ <xsl:variable name="pp"
+ select="../../adm:profile[@name='preprocessor']" />
+ <xsl:if test="$pp/admpp:first-defined-in">
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($pp/admpp:first-defined-in/@package, '.')" />
+ <xsl:if test="$pp/admpp:first-defined-in/@name">
+ <xsl:value-of select="'meta.'" />
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value"
+ select="$pp/admpp:first-defined-in/@name" />
+ </xsl:call-template>
+ <xsl:value-of select="'CfgDefn.'" />
+ </xsl:if>
+ <xsl:apply-templates select="." mode="java-value-type" />
+ </xsl:element>
+ </xsl:if>
+ </xsl:template>
+ <xsl:template match="adm:enumeration" mode="java-value-type">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="../../@name" />
+ </xsl:call-template>
+ </xsl:template>
+ <xsl:template match="adm:enumeration" mode="java-definition-type">
+ <xsl:value-of select="'EnumPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:enumeration"
+ mode="java-definition-generic-type">
+ <xsl:apply-templates select="." mode="java-value-type" />
+ </xsl:template>
+ <xsl:template match="adm:enumeration" mode="java-definition-ctor">
+ <xsl:value-of select="' builder.setEnumClass('" />
+ <xsl:apply-templates select="." mode="java-value-type" />
+ <xsl:value-of select="'.class);
'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/extensible-matching-rule-type.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/extensible-matching-rule-type.xsl
new file mode 100644
index 0000000..60cf61c
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/extensible-matching-rule-type.xsl
@@ -0,0 +1,42 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2009 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing extensible matching rule type properties.
+ -->
+ <xsl:template match="adm:extensible-matching-rule-type" mode="java-value-imports">
+ <import>org.opends.server.api.ExtensibleMatchingRule</import>
+ </xsl:template>
+ <xsl:template match="adm:extensible-matching-rule-type" mode="java-value-type">
+ <xsl:value-of select="'ExtensibleMatchingRule'" />
+ </xsl:template>
+ <xsl:template match="adm:extensible-matching-rule-type"
+ mode="java-definition-type">
+ <xsl:value-of select="'ExtensibleMatchingRuleTypePropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/integer.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/integer.xsl
new file mode 100644
index 0000000..cf148c8
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/integer.xsl
@@ -0,0 +1,58 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing integer properties.
+ -->
+ <xsl:template match="adm:integer" mode="java-value-type">
+ <xsl:value-of select="'Integer'" />
+ </xsl:template>
+ <xsl:template match="adm:integer" mode="java-value-primitive-type">
+ <xsl:value-of select="'int'" />
+ </xsl:template>
+ <xsl:template match="adm:integer" mode="java-definition-type">
+ <xsl:value-of select="'IntegerPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:integer" mode="java-definition-ctor">
+ <xsl:if test="boolean(@allow-unlimited)">
+ <xsl:value-of
+ select="concat(' builder.setAllowUnlimited(',
+ @allow-unlimited, ');
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@upper-limit)">
+ <xsl:value-of
+ select="concat(' builder.setUpperLimit(',
+ @upper-limit, ');
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@lower-limit)">
+ <xsl:value-of
+ select="concat(' builder.setLowerLimit(',
+ @lower-limit, ');
')" />
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/ip-address-mask.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/ip-address-mask.xsl
new file mode 100644
index 0000000..46661f0
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/ip-address-mask.xsl
@@ -0,0 +1,41 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing IP address mask properties.
+ -->
+ <xsl:template match="adm:ip-address-mask" mode="java-value-imports">
+ <import>org.opends.server.types.AddressMask</import>
+ </xsl:template>
+ <xsl:template match="adm:ip-address-mask" mode="java-value-type">
+ <xsl:value-of select="'AddressMask'" />
+ </xsl:template>
+ <xsl:template match="adm:ip-address-mask" mode="java-definition-type">
+ <xsl:value-of select="'IPAddressMaskPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/ip-address.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/ip-address.xsl
new file mode 100644
index 0000000..4087016
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/ip-address.xsl
@@ -0,0 +1,41 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing IP address properties.
+ -->
+ <xsl:template match="adm:ip-address" mode="java-value-imports">
+ <import>java.net.InetAddress</import>
+ </xsl:template>
+ <xsl:template match="adm:ip-address" mode="java-value-type">
+ <xsl:value-of select="'InetAddress'" />
+ </xsl:template>
+ <xsl:template match="adm:ip-address" mode="java-definition-type">
+ <xsl:value-of select="'IPAddressPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/java-class.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/java-class.xsl
new file mode 100644
index 0000000..73183af
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/java-class.xsl
@@ -0,0 +1,52 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing java class properties.
+ -->
+ <xsl:template match="adm:java-class" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <xsl:template match="adm:java-class" mode="java-definition-type">
+ <xsl:value-of select="'ClassPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:java-class" mode="java-definition-ctor">
+ <xsl:for-each select="adm:instance-of">
+ <!--
+ The first instance of element added to the definition
+ will become the primary type for the class. This first
+ element is guaranteed to be the first instance-of field
+ appearing in the property's definition heirarchy working
+ up from the bottom.
+ -->
+ <xsl:value-of
+ select="concat(' builder.addInstanceOf("',
+ normalize-space(), '");
')" />
+ </xsl:for-each>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/oid.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/oid.xsl
new file mode 100644
index 0000000..95e27ba
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/oid.xsl
@@ -0,0 +1,38 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing OID properties.
+ -->
+ <xsl:template match="adm:oid" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <xsl:template match="adm:oid" mode="java-definition-type">
+ <xsl:value-of select="'StringPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/password.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/password.xsl
new file mode 100644
index 0000000..8a87bee
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/password.xsl
@@ -0,0 +1,38 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing password properties.
+ -->
+ <xsl:template match="adm:password" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <xsl:template match="adm:password" mode="java-definition-type">
+ <xsl:value-of select="'StringPropertyDefinition'" />
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/size.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/size.xsl
new file mode 100644
index 0000000..bb67a98
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/size.xsl
@@ -0,0 +1,58 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing size properties.
+ -->
+ <xsl:template match="adm:size" mode="java-value-type">
+ <xsl:value-of select="'Long'" />
+ </xsl:template>
+ <xsl:template match="adm:size" mode="java-value-primitive-type">
+ <xsl:value-of select="'long'" />
+ </xsl:template>
+ <xsl:template match="adm:size" mode="java-definition-type">
+ <xsl:value-of select="'SizePropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:size" mode="java-definition-ctor">
+ <xsl:if test="boolean(@allow-unlimited)">
+ <xsl:value-of
+ select="concat(' builder.setAllowUnlimited(',
+ @allow-unlimited, ');
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@upper-limit)">
+ <xsl:value-of
+ select="concat(' builder.setUpperLimit("',
+ @upper-limit, '");
')" />
+ </xsl:if>
+ <xsl:if test="boolean(@lower-limit)">
+ <xsl:value-of
+ select="concat(' builder.setLowerLimit("',
+ @lower-limit, '");
')" />
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/property-types/string.xsl b/opendj-admin/src/main/resources/stylesheets/property-types/string.xsl
new file mode 100644
index 0000000..d46206d
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/property-types/string.xsl
@@ -0,0 +1,51 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ Templates for processing string properties.
+ -->
+ <xsl:template match="adm:string" mode="java-value-type">
+ <xsl:value-of select="'String'" />
+ </xsl:template>
+ <xsl:template match="adm:string" mode="java-definition-type">
+ <xsl:value-of select="'StringPropertyDefinition'" />
+ </xsl:template>
+ <xsl:template match="adm:string" mode="java-definition-ctor">
+ <xsl:if test="boolean(@case-insensitive)">
+ <xsl:value-of
+ select="concat(' builder.setCaseInsensitive(',
+ @case-insensitive, ');
')" />
+ </xsl:if>
+ <xsl:if test="adm:pattern/adm:regex">
+ <xsl:value-of
+ select="concat(' builder.setPattern("',
+ normalize-space(adm:pattern/adm:regex), '", "',
+ normalize-space(adm:pattern/adm:usage), '");
')" />
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/serverMO.xsl b/opendj-admin/src/main/resources/stylesheets/serverMO.xsl
new file mode 100644
index 0000000..a9aaf18
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/serverMO.xsl
@@ -0,0 +1,420 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2007-2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0" xmlns:adm="http://www.opends.org/admin"
+ xmlns:admpp="http://www.opends.org/admin-preprocessor"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <xsl:import href="java-utilities.xsl" />
+ <xsl:import href="preprocessor.xsl" />
+ <xsl:import href="property-types.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Template for generating the interface declaration.
+ -->
+ <xsl:template name="generate-interface-declaration">
+ <xsl:value-of select="'/**
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content"
+ select="concat('A server-side interface for querying ', $this-ufn,
+ ' settings.')" />
+ </xsl:call-template>
+ <xsl:value-of select="' * <p>
'" />
+ <xsl:call-template name="add-java-comment">
+ <xsl:with-param name="indent-text" select="' *'" />
+ <xsl:with-param name="content" select="$this/adm:synopsis" />
+ </xsl:call-template>
+ <xsl:value-of select="' */
'" />
+ <xsl:value-of
+ select="concat('public interface ',
+ $this-java-class ,
+ 'Cfg extends ')" />
+ <xsl:choose>
+ <xsl:when test="boolean($this/@extends)">
+ <xsl:value-of select="concat($parent-java-class,'Cfg ')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="'Configuration '" />
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:text>{
</xsl:text>
+ </xsl:template>
+ <!--
+ Template for generating the configuration class getter.
+ -->
+ <xsl:template name="generate-configuration-definition-getter">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Gets the configuration class associated with this ', $this-ufn, '.
',
+ ' *
',
+ ' * @return Returns the configuration class associated with this ', $this-ufn, '.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' Class<? extends ', $this-java-class,'Cfg> configurationClass();
')" />
+ </xsl:template>
+ <!--
+ Template for generating the change listener declaration.
+ -->
+ <xsl:template name="generate-change-listener-declaration">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Register to be notified when this ', $this-ufn,' is changed.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $this-ufn,' configuration change listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void add', $this-short-java-class,
+ 'ChangeListener(ConfigurationChangeListener<',
+ $this-java-class,'Cfg> listener);
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Deregister an existing ', $this-ufn,' configuration change listener.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $this-ufn,' configuration change listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void remove', $this-short-java-class,
+ 'ChangeListener(ConfigurationChangeListener<',
+ $this-java-class,'Cfg> listener);
')" />
+ </xsl:template>
+ <!--
+ Template for generating the relation getter declarations.
+ -->
+ <xsl:template name="generate-relation-declarations">
+ <xsl:variable name="name" select="@name" />
+ <xsl:variable name="ufn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-class-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="@managed-object-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <xsl:when test="adm:one-to-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Gets the ', $ufn,'.
',
+ ' *
',
+ ' * @return Returns the ', $ufn,'.
',
+ ' * @throws ConfigException
',
+ ' * If the ', $ufn,' could not be found or it could not
',
+ ' * be successfully decoded.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'Cfg get',
+ $java-relation-name, '() throws ConfigException;
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-zero-or-one">
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Determines whether or not the ', $ufn,' exists.
',
+ ' *
',
+ ' * @return Returns <true> if the ', $ufn,' exists.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' boolean has',
+ $java-relation-name, '();
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Gets the ', $ufn,' if it is present.
',
+ ' *
',
+ ' * @return Returns the ', $ufn,' if it is present.
',
+ ' * @throws ConfigException
',
+ ' * If the ', $ufn,' does not exist or it could not
',
+ ' * be successfully decoded.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'Cfg get',
+ $java-relation-name, '() throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Registers to be notified when the ', $ufn,' is added.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration add listener.
',
+ ' * @throws ConfigException
',
+ ' * If the add listener could not be registered.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void add', $java-relation-name,
+ 'AddListener(ConfigurationAddListener<',
+ $java-class-name,'Cfg> listener) throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Deregisters an existing ', $ufn,' configuration add listener.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration add listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name,
+ 'AddListener(ConfigurationAddListener<',
+ $java-class-name,'Cfg> listener);
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Registers to be notified the ', $ufn,' is deleted.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration delete listener.
',
+ ' * @throws ConfigException
',
+ ' * If the delete listener could not be registered.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void add', $java-relation-name,
+ 'DeleteListener(ConfigurationDeleteListener<',
+ $java-class-name,'Cfg> listener) throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Deregisters an existing ', $ufn,' configuration delete listener.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration delete listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name,
+ 'DeleteListener(ConfigurationDeleteListener<',
+ $java-class-name,'Cfg> listener);
')" />
+ </xsl:when>
+ <xsl:when test="adm:one-to-many">
+ <xsl:variable name="plural-name"
+ select="adm:one-to-many/@plural-name" />
+ <xsl:variable name="ufpn">
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:variable name="java-relation-plural-name">
+ <xsl:call-template name="name-to-java">
+ <xsl:with-param name="value" select="$plural-name" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Lists the ', $ufpn, '.
',
+ ' *
',
+ ' * @return Returns an array containing the names of the
',
+ ' * ', $ufpn,'.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' String[] list', $java-relation-plural-name, '();
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Gets the named ', $ufn,'.
',
+ ' *
',
+ ' * @param name
',
+ ' * The name of the ',$ufn,' to retrieve.
',
+ ' * @return Returns the named ', $ufn,'.
',
+ ' * @throws ConfigException
',
+ ' * If the ', $ufn,' could not be found or it
',
+ ' * could not be successfully decoded.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' ', $java-class-name, 'Cfg get',
+ $java-relation-name, '(String name) throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Registers to be notified when new ', $ufpn,' are added.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration add listener.
',
+ ' * @throws ConfigException
',
+ ' * If the add listener could not be registered.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void add', $java-relation-name,
+ 'AddListener(ConfigurationAddListener<',
+ $java-class-name,'Cfg> listener) throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Deregisters an existing ', $ufn,' configuration add listener.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration add listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name,
+ 'AddListener(ConfigurationAddListener<',
+ $java-class-name,'Cfg> listener);
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Registers to be notified when existing ', $ufpn,' are deleted.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration delete listener.
',
+ ' * @throws ConfigException
',
+ ' * If the delete listener could not be registered.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void add', $java-relation-name,
+ 'DeleteListener(ConfigurationDeleteListener<',
+ $java-class-name,'Cfg> listener) throws ConfigException;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:value-of
+ select="concat(' /**
',
+ ' * Deregisters an existing ', $ufn,' configuration delete listener.
',
+ ' *
',
+ ' * @param listener
',
+ ' * The ', $ufn,' configuration delete listener.
',
+ ' */
')" />
+ <xsl:value-of
+ select="concat(' void remove', $java-relation-name,
+ 'DeleteListener(ConfigurationDeleteListener<',
+ $java-class-name,'Cfg> listener);
')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:message terminate="yes">
+ <xsl:value-of
+ select="concat('Unknown relation type "', local-name(*), '" in relation "', $name, '".')" />
+ </xsl:message>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Main document parsing template.
+ -->
+ <xsl:template match="/">
+ <xsl:call-template name="copyright-notice" />
+ <xsl:value-of
+ select="concat('package ', $this-package, '.server;
')" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-import-statements">
+ <xsl:with-param name="imports">
+ <xsl:for-each select="$this-local-properties">
+ <xsl:call-template name="get-property-java-imports" >
+ <xsl:with-param name="interface" select="'server'" />
+ </xsl:call-template>
+ </xsl:for-each>
+ <xsl:if test="$this-local-properties[@multi-valued='true']">
+ <import>java.util.SortedSet</import>
+ </xsl:if>
+ <xsl:choose>
+ <xsl:when test="$this/@extends">
+ <xsl:if test="$parent-package != $this-package">
+ <xsl:element name="import">
+ <xsl:value-of
+ select="concat($parent-package, '.server.', $parent-java-class, 'Cfg')" />
+ </xsl:element>
+ </xsl:if>
+ </xsl:when>
+ <xsl:otherwise>
+ <import>org.opends.server.admin.Configuration</import>
+ </xsl:otherwise>
+ </xsl:choose>
+ <xsl:if test="not($this-is-root)">
+ <import>
+ org.opends.server.admin.server.ConfigurationChangeListener
+ </import>
+ </xsl:if>
+ <xsl:if test="$this-local-relations">
+ <import>org.opends.server.types.ConfigException</import>
+ </xsl:if>
+ <xsl:if
+ test="$this-local-relations/adm:one-to-zero-or-one|$this-local-relations/adm:one-to-many">
+ <import>
+ org.opends.server.admin.server.ConfigurationAddListener
+ </import>
+ <import>
+ org.opends.server.admin.server.ConfigurationDeleteListener
+ </import>
+ </xsl:if>
+ </xsl:with-param>
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-interface-declaration" />
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-configuration-definition-getter" />
+ <xsl:if test="not($this-is-root)">
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-change-listener-declaration" />
+ </xsl:if>
+ <xsl:for-each select="$this-local-properties">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-property-getter-declaration">
+ <xsl:with-param name="interface" select="'server'" />
+ </xsl:call-template>
+ </xsl:for-each>
+ <xsl:for-each select="$this-local-relations">
+ <xsl:sort select="@name" />
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:text>
</xsl:text>
+ <xsl:call-template name="generate-relation-declarations" />
+ </xsl:for-each>
+ <xsl:text>
</xsl:text>
+ <xsl:text>}
</xsl:text>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/text-utilities.xsl b/opendj-admin/src/main/resources/stylesheets/text-utilities.xsl
new file mode 100644
index 0000000..eaefa99
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/text-utilities.xsl
@@ -0,0 +1,187 @@
+<!--
+ ! CDDL HEADER START
+ !
+ ! The contents of this file are subject to the terms of the
+ ! Common Development and Distribution License, Version 1.0 only
+ ! (the "License"). You may not use this file except in compliance
+ ! with the License.
+ !
+ ! You can obtain a copy of the license at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
+ ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
+ ! See the License for the specific language governing permissions
+ ! and limitations under the License.
+ !
+ ! When distributing Covered Code, include this CDDL HEADER in each
+ ! file and include the License file at
+ ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
+ ! add the following below this CDDL HEADER, with the fields enclosed
+ ! by brackets "[]" replaced with your own identifying information:
+ ! Portions Copyright [yyyy] [name of copyright owner]
+ !
+ ! CDDL HEADER END
+ !
+ !
+ ! Copyright 2008 Sun Microsystems, Inc.
+ ! -->
+<xsl:stylesheet version="1.0"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+ <!--
+ This XSLT file contains generic templates which can be used for any
+ application.
+ -->
+ <xsl:import href="abbreviations.xsl" />
+ <xsl:output method="text" encoding="us-ascii" />
+ <!--
+ Format a block of text. This template handles two levels of
+ indentation: the indentation string for the first line, and a
+ second indentation string used for subsequent lines. The template
+ will output the content wrapping at the nearest word boundary to
+ the specified column.
+
+ @param indent-text
+ The indentation text used for the first line.
+
+ @param indent-text2
+ The indentation text used for all lines except
+ the first - defaults to the value of indent-text.
+
+ @param content
+ The text to be formatted.
+
+ @param wrap-column
+ The text column before which text should be word
+ wrapped.
+ -->
+ <xsl:template name="format-text">
+ <xsl:param name="indent-text" />
+ <xsl:param name="indent-text2" select="$indent-text" />
+ <xsl:param name="wrap-column" />
+ <xsl:param name="content" />
+ <xsl:value-of select="$indent-text" />
+ <xsl:call-template name="format-text-help">
+ <xsl:with-param name="indent-text" select="$indent-text2" />
+ <xsl:with-param name="wrap-column" select="$wrap-column" />
+ <xsl:with-param name="content" select="normalize-space($content)" />
+ <xsl:with-param name="column"
+ select="string-length($indent-text) + 1" />
+ </xsl:call-template>
+ <xsl:text>
</xsl:text>
+ </xsl:template>
+ <!--
+ PRIVATE implementation template for format-text.
+ -->
+ <xsl:template name="format-text-help">
+ <xsl:param name="indent-text" />
+ <xsl:param name="wrap-column" />
+ <xsl:param name="content" />
+ <xsl:param name="column" />
+ <xsl:variable name="head" select="substring-before($content, ' ')" />
+ <xsl:variable name="tail" select="substring-after($content, ' ')" />
+ <xsl:if test="string-length($content)">
+ <xsl:choose>
+ <xsl:when test="string-length($head) = 0">
+ <xsl:if
+ test="(string-length($content) + $column) > $wrap-column">
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="$indent-text" />
+ </xsl:if>
+ <xsl:value-of select="' '" />
+ <xsl:value-of select="$content" />
+ </xsl:when>
+ <xsl:when
+ test="(string-length($head) + $column) > $wrap-column">
+ <xsl:text>
</xsl:text>
+ <xsl:value-of select="$indent-text" />
+ <xsl:value-of select="' '" />
+ <xsl:value-of select="$head" />
+ <xsl:call-template name="format-text-help">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="wrap-column" select="$wrap-column" />
+ <xsl:with-param name="content" select="$tail" />
+ <xsl:with-param name="column"
+ select="string-length($indent-text) + string-length($head) + 1" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:value-of select="concat(' ', $head)" />
+ <xsl:call-template name="format-text-help">
+ <xsl:with-param name="indent-text" select="$indent-text" />
+ <xsl:with-param name="wrap-column" select="$wrap-column" />
+ <xsl:with-param name="content" select="$tail" />
+ <xsl:with-param name="column"
+ select="$column + string-length($head) + 1" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+ <!--
+ Convert a string to title-case or, if the string is a known
+ abbreviation, convert it to upper-case. For example, the string
+ "hello" will be converted to the string "Hello", but the string
+ "ldap" will be converted to "LDAP".
+
+ @param value
+ The string to be converted to title-case.
+ -->
+ <xsl:template name="to-title-case">
+ <xsl:param name="value" />
+ <xsl:variable name="is-abbreviation">
+ <xsl:call-template name="is-abbreviation">
+ <xsl:with-param name="value" select="$value" />
+ </xsl:call-template>
+ </xsl:variable>
+ <xsl:choose>
+ <!-- Convert common abbreviations to uppercase -->
+ <xsl:when test="$is-abbreviation = 'true'">
+ <xsl:value-of
+ select="translate($value,
+ 'abcdefghijklmnopqrstuvwxyz',
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ')" />
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:variable name="first" select="substring($value, 1, 1)" />
+ <xsl:variable name="remainder" select="substring($value, 2)" />
+ <xsl:variable name="first-upper"
+ select="translate($first,
+ 'abcdefghijklmnopqrstuvwxyz',
+ 'ABCDEFGHIJKLMNOPQRSTUVWXYZ')" />
+ <xsl:value-of select="concat($first-upper, $remainder)" />
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:template>
+ <!--
+ Convert an entity or property ID to a user friendly mixed-cased
+ name. For example, the string "my-string-value" will be converted to
+ the string "My String Value".
+
+ @param value
+ The ID string to be converted to a Java name.
+ -->
+ <xsl:template name="name-to-ufn">
+ <xsl:param name="value" select="/.." />
+ <xsl:if test="string-length($value)">
+ <xsl:choose>
+ <xsl:when test="contains($value, '-')">
+ <xsl:variable name="head"
+ select="substring-before($value, '-')" />
+ <xsl:variable name="tail"
+ select="substring-after($value, '-')" />
+ <xsl:call-template name="to-title-case">
+ <xsl:with-param name="value" select="$head" />
+ </xsl:call-template>
+ <xsl:value-of select="' '" />
+ <xsl:call-template name="name-to-ufn">
+ <xsl:with-param name="value" select="$tail" />
+ </xsl:call-template>
+ </xsl:when>
+ <xsl:otherwise>
+ <xsl:call-template name="to-title-case">
+ <xsl:with-param name="value" select="$value" />
+ </xsl:call-template>
+ </xsl:otherwise>
+ </xsl:choose>
+ </xsl:if>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/opendj-admin/src/main/resources/stylesheets/xml.xsd b/opendj-admin/src/main/resources/stylesheets/xml.xsd
new file mode 100644
index 0000000..bb367cc
--- /dev/null
+++ b/opendj-admin/src/main/resources/stylesheets/xml.xsd
@@ -0,0 +1,146 @@
+<?xml version="1.0"?>
+<xs:schema targetNamespace="http://www.w3.org/XML/1998/namespace" xmlns:xs="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+
+ <xs:annotation>
+ <xs:documentation>
+ See http://www.w3.org/XML/1998/namespace.html and
+ http://www.w3.org/TR/REC-xml for information about this namespace.
+
+ This schema document describes the XML namespace, in a form
+ suitable for import by other schema documents.
+
+ Note that local names in this namespace are intended to be defined
+ only by the World Wide Web Consortium or its subgroups. The
+ following names are currently defined in this namespace and should
+ not be used with conflicting semantics by any Working Group,
+ specification, or document instance:
+
+ base (as an attribute name): denotes an attribute whose value
+ provides a URI to be used as the base for interpreting any
+ relative URIs in the scope of the element on which it
+ appears; its value is inherited. This name is reserved
+ by virtue of its definition in the XML Base specification.
+
+ id (as an attribute name): denotes an attribute whose value
+ should be interpreted as if declared to be of type ID.
+ The xml:id specification is not yet a W3C Recommendation,
+ but this attribute is included here to facilitate experimentation
+ with the mechanisms it proposes. Note that it is _not_ included
+ in the specialAttrs attribute group.
+
+ lang (as an attribute name): denotes an attribute whose value
+ is a language code for the natural language of the content of
+ any element; its value is inherited. This name is reserved
+ by virtue of its definition in the XML specification.
+
+ space (as an attribute name): denotes an attribute whose
+ value is a keyword indicating what whitespace processing
+ discipline is intended for the content of the element; its
+ value is inherited. This name is reserved by virtue of its
+ definition in the XML specification.
+
+ Father (in any context at all): denotes Jon Bosak, the chair of
+ the original XML Working Group. This name is reserved by
+ the following decision of the W3C XML Plenary and
+ XML Coordination groups:
+
+ In appreciation for his vision, leadership and dedication
+ the W3C XML Plenary on this 10th day of February, 2000
+ reserves for Jon Bosak in perpetuity the XML name
+ xml:Father
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>This schema defines attributes and an attribute group
+ suitable for use by
+ schemas wishing to allow xml:base, xml:lang, xml:space or xml:id
+ attributes on elements they define.
+
+ To enable this, such a schema must import this schema
+ for the XML namespace, e.g. as follows:
+ <schema . . .>
+ . . .
+ <import namespace="http://www.w3.org/XML/1998/namespace"
+ schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+
+ Subsequently, qualified reference to any of the attributes
+ or the group defined below will have the desired effect, e.g.
+
+ <type . . .>
+ . . .
+ <attributeGroup ref="xml:specialAttrs"/>
+
+ will define a type which will schema-validate an instance
+ element with any of those attributes</xs:documentation>
+ </xs:annotation>
+
+ <xs:annotation>
+ <xs:documentation>In keeping with the XML Schema WG's standard versioning
+ policy, this schema document will persist at
+ http://www.w3.org/2005/08/xml.xsd.
+ At the date of issue it can also be found at
+ http://www.w3.org/2001/xml.xsd.
+ The schema document at that URI may however change in the future,
+ in order to remain compatible with the latest version of XML Schema
+ itself, or with the XML namespace itself. In other words, if the XML
+ Schema or XML namespaces change, the version of this document at
+ http://www.w3.org/2001/xml.xsd will change
+ accordingly; the version at
+ http://www.w3.org/2005/08/xml.xsd will not change.
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:attribute name="lang">
+ <xs:annotation>
+ <xs:documentation>Attempting to install the relevant ISO 2- and 3-letter
+ codes as the enumerated possible values is probably never
+ going to be a realistic possibility. See
+ RFC 3066 at http://www.ietf.org/rfc/rfc3066.txt and the IANA registry
+ at http://www.iana.org/assignments/lang-tag-apps.htm for
+ further information.
+
+ The union allows for the 'un-declaration' of xml:lang with
+ the empty string.</xs:documentation>
+ </xs:annotation>
+ <xs:simpleType>
+ <xs:union memberTypes="xs:language">
+ <xs:simpleType>
+ <xs:restriction base="xs:string">
+ <xs:enumeration value=""/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:union>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="space">
+ <xs:simpleType>
+ <xs:restriction base="xs:NCName">
+ <xs:enumeration value="default"/>
+ <xs:enumeration value="preserve"/>
+ </xs:restriction>
+ </xs:simpleType>
+ </xs:attribute>
+
+ <xs:attribute name="base" type="xs:anyURI">
+ <xs:annotation>
+ <xs:documentation>See http://www.w3.org/TR/xmlbase/ for
+ information about this attribute.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attribute name="id" type="xs:ID">
+ <xs:annotation>
+ <xs:documentation>See http://www.w3.org/TR/xml-id/ for
+ information about this attribute.</xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
+
+ <xs:attributeGroup name="specialAttrs">
+ <xs:attribute ref="xml:base"/>
+ <xs:attribute ref="xml:lang"/>
+ <xs:attribute ref="xml:space"/>
+ </xs:attributeGroup>
+
+</xs:schema>
\ No newline at end of file
--
Gitblit v1.10.0