From 2a8784e577fe5d6c8e542c7f30c68cc26a6a6c29 Mon Sep 17 00:00:00 2001
From: rhaggard <rhaggard@localhost>
Date: Fri, 01 Feb 2008 17:30:23 +0000
Subject: [PATCH] commiting configuration XML files after adding info from the old config guide to be incorporated in the new generated config reference
---
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml | 11
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml | 21
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml | 12
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml | 50 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml | 18
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml | 18
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml | 68 ++-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml | 23
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml | 28 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml | 14
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml | 14
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml | 21
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml | 9
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml | 9
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml | 30 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml | 48 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml | 8
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml | 22
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml | 29 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml | 50 +-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml | 10
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml | 26 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml | 43 +-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml | 13
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml | 10
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml | 18
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml | 3
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml | 72 ++-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml | 10
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml | 31 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml | 13
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml | 16
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml | 40 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml | 61 ++
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml | 19
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml | 23
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml | 33 -
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml | 50 +-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml | 20 +
44 files changed, 685 insertions(+), 351 deletions(-)
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
index 7132688..a2a85af 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,15 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL ANONYMOUS
- authentication.
+ The ANONYMOUS SASL mechanism provides the ability for clients to
+ perform an anonymous bind using a SASL mechanism. The only real
+ benefit that this provides over a normal anonymous bind (that is,
+ using simple authentication with no password) is that the ANONYMOUS
+ SASL mechanism also allows the client to include a trace string in
+ the request. This trace string can help identify the application that
+ performed the bind (although since there is no authentication,
+ there is no assurance that some other client did not spoof that
+ trace string).
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
index 7472881..5ab978a 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
@@ -33,8 +33,10 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
- on whether the given password value appears the user's entry.
+ attempts to determine whether a proposed password is acceptable
+ for use by determining whether that password is contained in any
+ attribute within the user's entry. It may be configured to look
+ in all attributes or in a specified subset of attributes.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -51,15 +53,13 @@
</adm:defined>
</adm:default-behavior>
</adm:property-override>
- <adm:property name="match-attribute" multi-valued="true">
+ <adm:property name="match-attribute" multi-valued="true" >
<adm:synopsis>
Specifies the name(s) of the attribute(s) whose values should be
checked to determine whether they match the provided password.
+ If no values are provided, then the server checks if the proposed
+ password matches the value of any attribute in the user's entry.
</adm:synopsis>
- <adm:description>
- If this is not provided, then all attributes in the user's entry
- will be checked.
- </adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
index b118864..37f4373 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
@@ -31,11 +31,11 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- provides a mechanism for blindly trusting any certificate presented
- to it without performing any kind of validation, including ignoring
- the validity dates included within the certificate.
+ The blind trust manager provider always trusts any certificate that
+ is presented to it, regardless of its issuer, subject, and validity
+ dates. Use the blind trust manager provider only for testing
+ purposes, because it allows clients to use forged certificates
+ and authenticate as virtually any user in the server.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
index 9be7e16..0d7e15f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
@@ -33,11 +33,12 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable by
- determining whether it contains a sufficient number of characters
- from one or more user-defined character sets (e.g., passwords must
+ determines whether a proposed password is acceptable by
+ checking whether it contains a sufficient number of characters
+ from one or more user-defined character sets. For example,
+ the validator can ensure that passwords must
have at least one lowercase letter, one uppercase letter, one digit,
- and one symbol).
+ and one symbol.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -64,11 +65,11 @@
<adm:description>
Each value must be an integer (indicating the minimum required
characters from the set) followed by a colon and the characters to
- include in that set (e.g., "3:abcdefghijklmnopqrstuvwxyz"
+ include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz"
indicates that a user password must contain at least three
characters from the set of lowercase ASCII letters). Multiple
- character sets may be defined in separate values, although no
- character may appear in more than one character set.
+ character sets can be defined in separate values, although no
+ character can appear in more than one character set.
</adm:description>
<adm:syntax>
<adm:string case-insensitive="false" />
@@ -87,7 +88,8 @@
</adm:synopsis>
<adm:description>
If this is "false", then only those characters in the user-defined
- character sets may be used in passwords.
+ character sets may be used in passwords. Any password containing a
+ character not included in any character set will be rejected.
</adm:description>
<adm:syntax>
<adm:boolean />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
index 9392b4f..f0ee0a6 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,22 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL CRAM-MD5
- authentication.
+ The CRAM-MD5 SASL mechanism provides the ability for clients to
+ perform password-based authentication in a manner that does not
+ expose their password in the clear. Rather than including the
+ password in the bind request, the CRAM-MD5 mechanism uses a
+ two-step process in which the client needs only to prove that it
+ knows the password. The server sends randomly-generated data to
+ the client that is to be used in the process, which makes it
+ resistant to replay attacks. The one-way message digest
+ algorithm ensures that the original clear-text password is not
+ exposed. Note that the algorithm used by the CRAM-MD5 mechanism
+ requires that both the client and the server have access to the
+ clear-text password (or potentially a value that is derived from
+ the clear-text password). In order to authenticate to the server
+ using CRAM-MD5, the password for a user's account must be encoded
+ using a reversible password storage scheme that allows the server
+ to have access to the clear-text value.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -53,8 +65,10 @@
</adm:property-override>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match the client authentication ID to a user entry.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
index af963fd..21fc958 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
@@ -33,9 +33,12 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
+ determines whether a proposed password is acceptable based
on whether the given password value appears in a provided dictionary
- file.
+ file. A large dictionary file is provided with the server, but the
+ administrator can supply an alternate dictionary. In this case,
+ then the dictionary must be a plain-text file with
+ one word per line.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -54,17 +57,34 @@
</adm:property-override>
<adm:property name="dictionary-file" mandatory="true">
<adm:synopsis>
- Specifies the path to the file containing a list of words that may
- not be used as passwords.
+ Specifies the path to the file containing a list of words that
+ cannot be used as passwords.
</adm:synopsis>
<adm:description>
- It should be formatted with one word per line. The value may be an
- absolute path, or a path that is relative to the
+ It should be formatted with one word per line. The value can be an
+ absolute path or a path that is relative to the
<adm:product-name />
instance root.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ For Unix and Linux systems: config/wordlist.txt.
+ For Windows systems: config\\wordlist.txt
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex/>
+ <adm:usage>REGEXP</adm:usage>
+ <adm:synopsis>
+ The path to any text file contained on the system that is
+ readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -74,16 +94,19 @@
</adm:property>
<adm:property name="case-sensitive-validation" mandatory="true">
<adm:synopsis>
- Indicates whether this password validator should treat password
+ Indicates whether this password validator is to treat password
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of false indicates that any differences in capitalization
- should be ignored when looking for consecutive characters in the
- password. A value of true indicates that a character should only
- be considered repeating if all consecutive occurrences use the
- same capitalization.
+ If it is set to true, then the validator rejects a password only
+ if it appears in the dictionary with exactly the
+ same capitalization as provided by the user.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
@@ -95,10 +118,18 @@
</adm:property>
<adm:property name="test-reversed-password" mandatory="true">
<adm:synopsis>
- Indicates whether this password validator should test the reversed
+ Indicates whether this password validator is to test the reversed
value of the provided password as well as the order in which it
- was given.
+ was given. For example, if the user provides a new password of
+ "password" and this configuration attribute is set to true, then
+ the value "drowssap" is also tested against attribute values
+ in the user's entry.
</adm:synopsis>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
index 538b10b..c31ccc9 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,18 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
+ The DIGEST-MD5 SASL mechanism
is used to perform all processing related to SASL DIGEST-MD5
- authentication.
+ authentication. The DIGEST-MD5 SASL mechanism is very similar
+ to the CRAM-MD5 mechanism in that it allows for password-based
+ authentication without exposing the password in the clear
+ (although it does require that both the client and the server
+ have access to the clear-text password). Like the CRAM-MD5
+ mechanism, it uses data that is randomly generated by the server
+ to make it resistant to replay attacks, but it also includes
+ randomly-generated data from the client, which makes it also
+ resistant to problems resulting from weak server-side random
+ number generation.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -53,34 +61,45 @@
</adm:property-override>
<adm:property name="realm">
<adm:synopsis>
- Specifies the realm that should be used by the server for
+ Specifies the realm that is to be used by the server for
DIGEST-MD5 authentication.
</adm:synopsis>
<adm:description>
- If this is not provided, then the server will default to using a
+ If this value is not provided, then the server defaults to use a
set of realm names that correspond to the defined suffixes.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will default to a set of realm names that
+ The server defaults to a set of realm names that
correspond to the defined suffixes.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any realm string. As needed, it be a DN or matched
+ to a realm already in use for another service.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-realm</ldap:name>
</ldap:attribute>
</adm:profile>
- </adm:property>
- <adm:property name="identity-mapper" mandatory="true">
+ </adm:property> <adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match client authentication and authorization IDs to user entries.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication
+ or authorization
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
@@ -109,23 +128,36 @@
<adm:property name="server-fqdn">
<adm:synopsis>
Specifies the DNS-resolvable fully-qualified domain name for the
- system.
+ server that is used when validating the digest-uri parameter during
+ the authentication process. If this configuration attribute is
+ present, then the server expects that clients use a digest-uri equal
+ to "ldap/" followed by the value of this attribute. For example, if
+ the attribute has a value of "directory.example.com", then the
+ server expects clients to use a digest-uri of
+ "ldap/directory.example.com". If no value is provided, then the
+ server does not attempt to validate the digest-uri provided by the
+ client and accepts any value.
</adm:synopsis>
- <adm:description>
- This is the value expected to be present in the host field of the
- digest-uri-value element.
- </adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to dynamically determine the
- fully-qualified domain name.
+ The server attempts to determine the
+ fully-qualified domain name dynamically.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The fully-qualified address that is expected for clients to use
+ when connecting to the server and authenticating via DIGEST-MD5.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-server-fqdn</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
index 6987cf5..622005d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
@@ -33,11 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate the entryDN operational attribute, which
- contains a normalized form of the entry's DN.
+ generates the entryDN operational attribute in directory entries,
+ which contains a normalized form of the entry's DN.
+ This attribute is defined in the draft-zeilenga-ldap-entrydn
+ Internet Draft and contains the DN of the entry in which it is
+ contained.
</adm:synopsis>
<adm:description>
- This provides the ability to use search filters containing the
+ This component provides the ability to use search filters containing the
entry's DN.
</adm:description>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
index 90493b7..ffc871d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
@@ -32,8 +32,26 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to generate values for the entryUUID operational attribute
+ generates values for the entryUUID operational attribute
whenever an entry is added via protocol or imported from LDIF.
+ The entryUUID plug-in ensures that all entries
+ added to the server, whether through an LDAP add operation or via
+ an LDIF import, are assigned an entryUUID operational attribute if
+ they do not already have one. The entryUUID attribute contains a
+ universally unique identifier that can be used to identify an entry
+ in a manner that does not change (even in the event of a modify DN
+ operation). This plug-in generates a random UUID for entries created
+ by an add operation, but the UUID is constructed from the DN of the
+ entry during an LDIF import (which means that the same LDIF file
+ can be imported on different systems but still get the same value
+ for the entryUUID attribute). This behavior is based on the
+ specification contained in RFC 4530. The implementation for the
+ entry UUID plug-in is contained in the
+ org.opends.server.plugins.EntryUUIDPlugin class. It must be
+ configured with the preOperationAdd and ldifImport plug-in types,
+ but it does not have any other custom configuration. This
+ plug-in must be enabled in any directory that is intended to be used
+ in a synchronization environment.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
index b41184c..5950ee0 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
@@ -33,14 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to ensure that all entries contained in private backends
- will have values for the entryUUID operational attribute.
+ ensures that all entries contained in private backends
+ have values for the entryUUID operational attribute.
</adm:synopsis>
<adm:description>
- The entryUUID values will be generated based on a normalized
- representation of the entry's DN, which should not cause a
- consistency problem because we do not allow modify DN operations to
- be performed in private backends.
+ The entryUUID values are generated based on a normalized
+ representation of the entry's DN, which does not cause a
+ consistency problem because OpenDS does not allow modify DN
+ operations to be performed in private backends.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
index 0775180..b2df8bf 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
@@ -31,14 +31,12 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- provider accesses key information in a file on the local filesystem.
+ The file-based trust manager provider determines whether to trust a
+ presented certificate based on whether that certificate exists in a
+ server trust store file. The trust store file can be in either JKS
+ (the default Java key store format) or PKCS#12 (a standard
+ certificate format) form.
</adm:synopsis>
- <adm:description>
- Multiple file formats may be supported, depending on the providers
- supported by the underlying Java runtime.
- </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-file-based-trust-manager-provider</ldap:name>
@@ -58,16 +56,24 @@
<adm:TODO>Should use a file-based property definition?</adm:TODO>
<adm:synopsis>
Specifies the path to the file containing the trust information.
- It may be an absolute path, or a path that is relative to the
+ It can be an absolute path or a path that is relative to the
<adm:product-name />
instance root.
</adm:synopsis>
<adm:description>
- Changes to this configuration attribute will take effect the next
+ Changes to this configuration attribute take effect the next
time that the trust manager is accessed.
</adm:description>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex />
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ An absolute path or a path that is relative to the OpenDS Directory Server instance root.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -84,17 +90,25 @@
Specifies the format for the data in the trust store file.
</adm:synopsis>
<adm:description>
- Valid values should always include 'JKS' and 'PKCS12', but
- different implementations may allow other values as well. If no
- value is provided, then the JVM-default value will be used.
- Changes to this configuration attribute will take effect the next
- time that the trust manager is accessed.
+ Valid values always include 'JKS' and 'PKCS12', but different
+ implementations can allow other values as well. If no value is
+ provided, then the JVM default value is used. Changes to this
+ configuration attribute take effect the next time that the
+ trust manager is accessed.
</adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
- <adm:syntax>
- <adm:string />
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex />
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
index 54119ed..d8304e8 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
@@ -31,10 +31,14 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL GSSAPI
+ The GSSAPI SASL mechanism
+ performs all processing related to SASL GSSAPI
authentication using Kerberos V5.
+ The GSSAPI SASL mechanism provides the ability for clients
+ to authenticate themselves to the server using existing
+ authentication in a Kerberos environment. This mechanism
+ provides the ability to achieve single sign-on for
+ Kerberos-based clients.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -74,11 +78,13 @@
</adm:property>
<adm:property name="kdc-address">
<adm:synopsis>
- Specifies the address of the KDC that should be used for Kerberos
+ Specifies the address of the KDC that is to be used for Kerberos
processing.
</adm:synopsis>
<adm:description>
- If provided, this should be a fully-qualified DNS-resolvable name.
+ If provided, this must a fully-qualified DNS-resolvable name.
+ If this is not provided, then the server attempts to determine it
+ from the system-wide Kerberos configuration.
</adm:description>
<adm:default-behavior>
<adm:alias>
@@ -146,8 +152,11 @@
</adm:property>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match the Kerberos principal to a user entry.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler
+ to match the Kerberos principal
+ included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
index 2bcb841..4d47fb1 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that indicates whether
+ generates a virtual attribute that indicates whether
the entry has any subordinate entries.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
index 0310481..f81cab8 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
@@ -33,7 +33,8 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that contains the DNs of
+ generates the isMemberOf operational attribute,
+ which contains the DNs of
the groups in which the user is a member.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
index 76e591e..035b766 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
@@ -31,15 +31,22 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to provide the ability to request that search result entries
- include all attributes that are included by a specified object
- class.
+ The LDAP Attribute Description List plug-in
+ provides the ability for clients to include an attribute list in
+ a search request that names object classes instead of (or in
+ addition to) attributes.
</adm:synopsis>
<adm:description>
- For example, including a requested attribute of "@person" has the
- effect of requesting all attributes in the person object class.
+ For example, if a client wishes to
+ retrieve all of the attributes in the inetOrgPerson object class,
+ then that client can include "@inetOrgPerson" in the attribute
+ list rather than naming all of those attributes individually.
+ This behavior is based on the specification contained in RFC 4529.
+ The implementation for the LDAP attribute description list plugin
+ is contained in the
+ org.opends.server.plugins.LDAPADListPlugin class. It must be
+ configured with the preParseSearch plugin type, but does not have
+ any other custom configuration.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
index 2a3afe0..1c50298 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
@@ -30,12 +30,17 @@
extends="plugin" xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
+ The Last Mod plug-in
is used to ensure that the creatorsName and createTimestamp
attributes are included in an entry whenever it is added to the
- server, and to ensure that the modifiersName and modifyTimestamp
+ server and also to ensure that the modifiersName and modifyTimestamp
attributes are updated whenever an entry is modified or renamed.
+ This behavior is described in RFC 4512. The implementation for
+ the LastMod plugin is contained in the
+ org.opends.server.plugins.LastModPlugin class. It must be
+ configured with the preOperationAdd, preOperationModify, and
+ preOperationModifyDN plugin types, but it does not have any
+ other custom configuration.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
index f91306b..b09c8ab 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
@@ -39,7 +39,8 @@
<adm:user-friendly-name />
is used to determine whether a proposed password is acceptable based
on whether the number of characters it contains falls within an
- acceptable range of values.
+ acceptable range of values. Both upper and lower bounds may be
+ defined.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -58,8 +59,10 @@
</adm:property-override>
<adm:property name="max-password-length">
<adm:synopsis>
- Specifies the maximum number of characters that may be included in
- a proposed password.
+ Specifies the maximum number of characters that can be included in
+ a proposed password. If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no upper bound
@@ -71,7 +74,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -82,19 +85,21 @@
<adm:property name="min-password-length">
<adm:synopsis>
Specifies the minimum number of characters that must be included
- in a proposed password.
+ in a proposed password. If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no lower bound
- enforced.
+ enforced.
</adm:description>
<adm:default-behavior>
<adm:defined>
- <adm:value>1</adm:value>
+ <adm:value>6</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
index 501313e..899decd 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
@@ -33,14 +33,23 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to generate a member or uniqueMember attribute whose values
- are the DNs of the members of a specified group.
+ generates a member or uniqueMember attribute whose values are
+ the DNs of the members of a specified virtual static group.
</adm:synopsis>
<adm:description>
- This is used to implement virtual static group functionality, in
- which it is possible to create an entry which looks like a static
- group but obtains all of its membership from a dynamic group (or
- some other type of group, including another static group).
+ This component is used to implement virtual static group
+ functionality, in which it is possible to create an entry
+ that looks like a static group but obtains all of its
+ membership from a dynamic group (or some other type of
+ group, including another static group).
+ This implementation is most efficient when attempting to
+ determine whether a given user is a member of a group
+ (for example, with a filter like
+ "(uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)")
+ when the search does not actually return the membership
+ attribute. Although it works to generate the entire set of
+ values for the member or uniqueMember attribute, this can be
+ an expensive operation for a large group.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -70,10 +79,15 @@
the virtual attribute.
</adm:synopsis>
<adm:description>
- This can be a very expensive operation in some cases, and is not
- in-line with the primary function of virtual static groups, which
+ This operation can be very expensive in some cases and is not
+ consistent with the primary function of virtual static groups, which
is to make it possible to use static group idioms to determine
whether a given user is a member.
+ If this attribute is set to false, attempts to retrieve the entire
+ set of values receive an empty set, and only attempts to determine
+ whether the attribute has a specific value or set of values
+ (which is the primary anticipated use for virtual static groups)
+ are handled properly.
</adm:description>
<adm:default-behavior>
<adm:defined>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
index d92e37f..d26a05d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that specifies the
+ generates a virtual attribute that specifies the
number of immediate child entries that exist below the entry.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
index 30a9461..6e7c235 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
@@ -31,9 +31,8 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to ensure that clear-text passwords contained in LDIF
+ The Password Policy Import plug-in
+ ensures that clear-text passwords contained in LDIF
entries are properly encoded before they are stored in the
appropriate Directory Server backend.
</adm:synopsis>
@@ -69,19 +68,19 @@
<adm:property name="default-user-password-storage-scheme"
multi-valued="true">
<adm:synopsis>
- Specifies the names of the password storage schemes that will be
+ Specifies the names of the password storage schemes to be
used for encoding passwords contained in attributes with the user
password syntax for entries that do not include the
- ds-pwp-password-policy-dn attribute to specify which password
- policy should be used to govern them.
+ ds-pwp-password-policy-dn attribute specifying which password
+ policy is to be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If the default password policy uses the attribute with the
- user password syntax, then the server will use the default
+ user password syntax, then the server uses the default
password storage schemes for that password policy. Otherwise,
- it will encode user password values using the "SSHA" scheme.
+ it encodes user password values using the "SSHA" scheme.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -91,9 +90,7 @@
<adm:constraint>
<adm:synopsis>
The referenced password storage schemes must be enabled when
- the
- <adm:user-friendly-name />
- is enabled.
+ the Password Policy Import plug-in is enabled.
</adm:synopsis>
<adm:target-needs-enabling-condition>
<adm:contains property="enabled" value="true" />
@@ -115,19 +112,19 @@
<adm:property name="default-auth-password-storage-scheme"
multi-valued="true">
<adm:synopsis>
- Specifies the names of password storage schemes that will be used
+ Specifies the names of password storage schemes that to be used
for encoding passwords contained in attributes with the auth
password syntax for entries that do not include the
- ds-pwp-password-policy-dn attribute to specify which password
+ ds-pwp-password-policy-dn attribute specifying which password
policy should be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If the default password policy uses an attribute with the auth
- password syntax, then the server will use the default password
- storage schemes for that password policy. Otherwise, it will
- encode auth password values using the "SHA1" scheme.
+ password syntax, then the server uses the default password
+ storage schemes for that password policy. Otherwise, it
+ encodes auth password values using the "SHA1" scheme.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -137,9 +134,7 @@
<adm:constraint>
<adm:synopsis>
The referenced password storage schemes must be enabled when
- the
- <adm:user-friendly-name />
- is enabled.
+ the Password Policy Import plug-in is enabled.
</adm:synopsis>
<adm:target-needs-enabling-condition>
<adm:contains property="enabled" value="true" />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
index 0c0c672..b5bdb93 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
@@ -32,9 +32,19 @@
xmlns:ldap="http://www.opends.org/admin-ldap"
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
- <adm:user-friendly-plural-name />
- are responsible for determining whether proposed passwords are
- acceptable for use.
+ Password validators
+ are responsible for determining whether a proposed password is
+ acceptable for use and could include checks like ensuring it
+ meets minimum length requirements, that it has an appropriate
+ range of characters, or that it is not in the history. The
+ password policy for a user specifies the set of password
+ validators that should be used whenever that user provides a
+ new password. In order to activate a password validator, the
+ corresponding configuration entry must be enabled, and the DN
+ of that entry should be included in the password-validator
+ attribute of the password policy in which you want that
+ validator active. All password validator configuration entries
+ must contain the password-validator structural objectclass.
</adm:synopsis>
<adm:tag name="user-management" />
<adm:profile name="ldap">
@@ -48,9 +58,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ password validator is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -63,10 +72,12 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ password validator implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
index e250c57..2a86739 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
@@ -35,6 +35,14 @@
<adm:user-friendly-name />
is used to perform all processing related to SASL PLAIN
authentication.
+ The PLAIN SASL mechanism provides the ability for clients to
+ authenticate using a username and password. This authentication
+ is very similar to standard LDAP simple authentication, with the
+ exception that it can authenticate based on an authentication ID
+ (for example, a username) rather than requiring a full DN, and
+ it can also include an authorization ID in addition to the
+ authentication ID. Note that the SASL PLAIN mechanism does not
+ make any attempt to protect the password.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -53,8 +61,10 @@
</adm:property-override>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match client authentication and authorization IDs to user entries.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication or
+ authorization ID included in the SASL bind request to the
+ corresponding user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
index c70c2d5..af01c9c 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
@@ -31,7 +31,7 @@
xmlns:ldap="http://www.opends.org/admin-ldap"
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
- <adm:user-friendly-plural-name />
+ Plug-ins
provide a mechanism for executing custom code at specified points in
operation processing and in the course of other events like
connection establishment and termination, server startup and
@@ -49,9 +49,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ plug-in is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -64,9 +63,8 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ plug-in implementation.
</adm:synopsis>
<adm:syntax>
<adm:java-class>
@@ -84,8 +82,7 @@
<adm:property name="plugin-type" mandatory="true"
multi-valued="true">
<adm:synopsis>
- The plugin types, which define the conditions under which this
- plugin should be invoked.
+ Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked.
</adm:synopsis>
<adm:requires-admin-action>
<adm:component-restart />
@@ -371,13 +368,13 @@
</adm:property>
<adm:property name="invoke-for-internal-operations" advanced="true">
<adm:synopsis>
- Indicates whether the plugin should be invoked for internal
+ Indicates whether the plug-in should be invoked for internal
operations.
</adm:synopsis>
<adm:description>
- Note that any plugin which may be invoked for internal operations
- should be careful to ensure that they do not create any new
- internal operatons that can cause the same plugin to be
+ Any plug-in that can be invoked for internal operations
+ must ensure that it does not create any new
+ internal operatons that can cause the same plug-in to be
re-invoked.
</adm:description>
<adm:default-behavior>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
index 57d88cf..41f7759 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
@@ -30,9 +30,8 @@
extends="plugin" xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to capture profiling information about operations performed
+ The Profiler plug-in
+ captures profiling information about operations performed
inside the JVM while the Directory Server is running.
</adm:synopsis>
<adm:profile name="ldap">
@@ -66,19 +65,22 @@
</adm:property-override>
<adm:property name="profile-sample-interval" mandatory="true">
<adm:synopsis>
- Specifies the sample interval that should be used when capturing
- profiling information in the server.
+ Specifies the sample interval in milliseconds to be used when
+ capturing profiling information in the server. When capturing
+ data, the profiler thread sleeps for this length of time
+ between calls to obtain traces for all threads running in the
+ JVM.
</adm:synopsis>
<adm:requires-admin-action>
<adm:none>
<adm:synopsis>
- Changes to this configuration attribute will take effect the
+ Changes to this configuration attribute take effect the
next time the profiler is started.
</adm:synopsis>
</adm:none>
</adm:requires-admin-action>
<adm:syntax>
- <adm:duration lower-limit="1" base-unit="ms" />
+ <adm:duration lower-limit="1" upper-limit="2147483647" base-unit="ms" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -88,15 +90,25 @@
</adm:property>
<adm:property name="profile-directory" mandatory="true">
<adm:synopsis>
- Specifies the path to the directory into which profile information
- will be written.
+ Specifies the path to the directory where profile information
+ is to be written. This path may be either an absolute path or a path
+ that is relative to the root of the OpenDS Directory Server
+ instance.
</adm:synopsis>
<adm:description>
The directory must exist and the Directory Server must have
permission to create new files in it.
</adm:description>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>DIRECTORY</adm:usage>
+ <adm:synopsis>
+ The path to any directory that exists on the filesystem and that can be read and written by the server user.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -106,12 +118,16 @@
</adm:property>
<adm:property name="enable-profiling-on-startup" mandatory="true">
<adm:synopsis>
- Indicates whether the profiler plugin should start collecting data
+ Indicates whether the profiler plugin is to start collecting data
automatically when the Directory Server is started.
</adm:synopsis>
<adm:description>
- This will only be read when the server is started, and any changes
- will take effect on the next restart.
+ This property is read only when the server is
+ started, and any changes take effect on the next restart.
+ This property is typically set to "false" unless startup
+ profiling is required, because otherwise the volume of data that
+ can be collected can cause the server to run out of memory if it
+ is not turned off in a timely manner.
</adm:description>
<adm:syntax>
<adm:boolean />
@@ -127,12 +143,12 @@
Specifies the action that should be taken by the profiler.
</adm:synopsis>
<adm:description>
- A value of "start" will cause the profiler thread to start
+ A value of "start" causes the profiler thread to start
collecting data if it is not already active. A value of "stop"
- will cause the profiler thread to stop collecting data and write
- it do disk, and a value of "cancel" will cause the profiler thread
+ causes the profiler thread to stop collecting data and write
+ it to disk, and a value of "cancel" causes the profiler thread
to stop collecting data and discard anything that has been
- captured. These operations will occur immediately.
+ captured. These operations occur immediately.
</adm:description>
<adm:default-behavior>
<adm:defined>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
index 81e466c..8a60a8c 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
@@ -31,17 +31,17 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to maintain referential integrity for DN valued attributes.
+ The Referential Integrity plug-in
+ maintains referential integrity for DN valued attributes.
</adm:synopsis>
<adm:description>
- The values of these attributes may reference entries that have been
+ The values of these attributes can reference entries that have been
deleted by a delete operation or renamed by a modify DN operation.
- The referential integrity plugin will remove stale references to
- deleted entries or update references to renamed entries. The
- referential integrity plugin allows the scope of this referential
- check to be limited to a set of base DNs if desired. It also can be
+ The referential integrity plug-in either removes stale references to
+ deleted entries or updates references to renamed entries. The
+ plug-in allows the scope of this referential
+ check to be limited to a set of base DNs if desired. The plug-in
+ also can be
configured to perform the referential checking in the background
mode specified intervals.
</adm:description>
@@ -73,12 +73,12 @@
multi-valued="true">
<adm:synopsis>
Specifies the attribute types for which referential integrity
- should be maintained.
+ is to be maintained.
</adm:synopsis>
<adm:description>
- There must be at least one attribute type specified and the syntax
- of them must either be distinguished name
- (1.3.6.1.4.1.1466.115.121.1.12) or name and optional uid
+ At least one attribute type must be specified, and the syntax
+ of any attributes must be either a distinguished name
+ (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID
(1.3.6.1.4.1.1466.115.121.1.34).
</adm:description>
<adm:syntax>
@@ -92,13 +92,13 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the scope within which referential integrity will be
- maintained.
+ Specifies the base DN that limits the scope within which
+ referential integrity is maintained.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- Referential integrity will be maintained in all public naming
+ Referential integrity is maintained in all public naming
contexts.
</adm:synopsis>
</adm:alias>
@@ -114,11 +114,11 @@
</adm:property>
<adm:property name="log-file">
<adm:synopsis>
- Specifies the log file location where the update records will be
- written when the plugin is in background mode processing.
+ Specifies the log file location where the update records are
+ written when the plug-in is in background-mode processing.
</adm:synopsis>
<adm:description>
- The default location is in the logs directory of the server
+ The default location is the logs directory of the server
instance, using the file name "referint".
</adm:description>
<adm:default-behavior>
@@ -127,7 +127,15 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -137,8 +145,8 @@
</adm:property>
<adm:property name="update-interval">
<adm:synopsis>
- Specifies the interval, in seconds, when referential integrity
- updates will be made.
+ Specifies the interval in seconds when referential integrity
+ updates are made.
</adm:synopsis>
<adm:description>
If this value is 0, then the updates are made synchronously in the
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
index 5bdaaa5..a3475bd 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
@@ -35,7 +35,9 @@
<adm:user-friendly-name />
is used to determine whether a proposed password is acceptable based
on the number of times any character may appear consecutively in a
- password value.
+ password value. It ensures that user passwords do not contain strings
+ of the same character repeated several times, like "aaaaaa" or
+ "aaabbb".
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -56,15 +58,20 @@
</adm:property-override>
<adm:property name="max-consecutive-length" mandatory="true">
<adm:synopsis>
- Specifies the maximum number of times that any character may
+ Specifies the maximum number of times that any character can
appear consecutively in a password value.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no maximum limit
- enforced.
+ enforced.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -78,12 +85,18 @@
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of false indicates that any differences in capitalization
- should be ignored when looking for consecutive characters in the
- password. A value of true indicates that a character should only
- be considered repeating if all consecutive occurrences use the
- same capitalization.
+ If the value of this property is false, the validator ignores
+ any differences in capitalization
+ when looking for consecutive characters in the
+ password. If the value is true, the validator considers a
+ character to be repeating only if all consecutive occurrences
+ use the same capitalization.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
index 0199388..4856f3e 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
A
<adm:user-friendly-name />
- comprises of several Directory Servers sharing the same synchronized
+ comprises of several directory servers sharing the same synchronized
set of data.
</adm:synopsis>
<adm:tag name="replication" />
@@ -48,7 +48,7 @@
<adm:synopsis>
Specifies the addresses of the Replication Servers within the
<adm:user-friendly-name />
- to which the Directory Server should try to connect at startup
+ to which the directory server should try to connect at startup
time.
</adm:synopsis>
<adm:description>
@@ -73,19 +73,19 @@
</adm:property>
<adm:property name="server-id" mandatory="true" read-only="true">
<adm:synopsis>
- Specifies a unique identifier for the Directory Server within the
+ Specifies a unique identifier for the directory server within the
<adm:user-friendly-name />
.
</adm:synopsis>
<adm:description>
- Each Directory Server within the same
+ Each directory server within the same
<adm:user-friendly-name />
- must have a different server ID. A Directory Server which is a
+ must have a unique server ID. A directory server which is a
member of multiple
<adm:user-friendly-plural-name />
may use the same server ID for each of its
<adm:user-friendly-name />
- configurations.
+ configurations.
</adm:description>
<adm:syntax>
<adm:integer lower-limit="1" upper-limit="65535"></adm:integer>
@@ -98,7 +98,8 @@
</adm:property>
<adm:property name="base-dn" mandatory="true" read-only="true">
<adm:synopsis>
- Specifies the base DN of the replicated data.
+ Specifies the base DN for which to replicate changes. In most cases, it should be set to the user
+ data suffix for the directory server.
</adm:synopsis>
<adm:syntax>
<adm:dn />
@@ -111,7 +112,7 @@
</adm:property>
<adm:property name="window-size" advanced="true">
<adm:synopsis>
- Specifies the window size that the Directory Server will use when
+ Specifies the window size that the directory server uses when
communicating with Replication Servers.
</adm:synopsis>
<adm:default-behavior>
@@ -130,15 +131,15 @@
</adm:property>
<adm:property name="heartbeat-interval" advanced="true">
<adm:synopsis>
- Specifies the heart-beat interval that the Directory Server will
- use when communicating with Replication Servers.
+ Specifies the heart-beat interval that the directory server
+ uses when communicating with replication servers.
</adm:synopsis>
<adm:description>
- The Directory Server will expect a regular heart-beat coming from
- the Replication Server within the specified interval. If a
+ The directory server expects a regular heart-beat coming from
+ the replication server within the specified interval. If a
heartbeat is not received within the interval, the Directory
- Server will close its connection and connect to another
- Replication Server.
+ Server closes its connection and connects to another
+ replication server.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -156,10 +157,10 @@
</adm:property>
<adm:property name="isolation-policy">
<adm:synopsis>
- Specifies the behavior of the Directory Server if a write
+ Specifies the behavior of the directory server if a write
operation is attempted on the data within the
<adm:user-friendly-name />
- when none of the configured Replication Servers are available.
+ when none of the configured replication servers are available.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -171,10 +172,10 @@
<adm:value name="accept-all-updates">
<adm:synopsis>
Indicates that updates should be accepted even though it is
- not possible to send them to any Replication Server. Best
- effort will be made to re-send those updates to a
- Replication Servers when one of them is available, however
- those changes will be at risk because they will only be
+ not possible to send them to any replication server. Best
+ effort is be made to re-send those updates to a
+ replication server when one of them is available; however,
+ those changes are at risk because they are only
available from the historical information. This mode may
also introduce high replication latency.
</adm:synopsis>
@@ -183,7 +184,7 @@
<adm:synopsis>
Indicates that all updates attempted on this
<adm:user-friendly-name />
- will be rejected when no Replication Server is available.
+ are rejected when no replication server is available.
</adm:synopsis>
</adm:value>
</adm:enumeration>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
index ff45ade..0fb67fe 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
@@ -32,8 +32,8 @@
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are used to publish updates to Directory Servers within a
- Replication Domain.
+ are used to publish updates to the directory servers within a
+ replication domain.
</adm:synopsis>
<adm:tag name="replication" />
<adm:profile name="ldap">
@@ -44,14 +44,15 @@
</adm:profile>
<adm:property name="replication-server" multi-valued="true">
<adm:synopsis>
- Specifies the addresses of other
- <adm:user-friendly-plural-name />
- to which this
- <adm:user-friendly-name />
- should try to connect at startup time.
+ specifies the address and port of every replication server in the environment. Each
+ value for this attribute should consist of the address of a replication server followed
+ by a colon and the port number on which it is listening.
</adm:synopsis>
<adm:description>
- Addresses must be specified using the syntax: hostname:port
+ Addresses must be specified using the syntax: hostname:port. This attribute is multi-valued because
+ it provides a list of all the replication servers that have been configured in the environment. Each
+ replication server remains permanently connected to all other servers specified by ds-cfg-replication-server
+ in order to broadcast changes.
</adm:description>
<adm:default-behavior>
<adm:undefined />
@@ -83,7 +84,7 @@
<adm:description>
Each
<adm:user-friendly-name />
- must have a different server ID.
+ must have a unique server ID.
</adm:description>
<adm:syntax>
<adm:integer lower-limit="1" upper-limit="65535"></adm:integer>
@@ -98,7 +99,7 @@
<adm:synopsis>
Specifies the window size that the
<adm:user-friendly-name />
- will use when communicating with other
+ uses when communicating with other
<adm:user-friendly-plural-name />
.
</adm:synopsis>
@@ -118,14 +119,22 @@
</adm:property>
<adm:property name="queue-size" advanced="true">
<adm:synopsis>
- Specifies the number of changes that will be kept in memory for
- each Directory Server in the Replication Domain.
+ Specifies the number of changes that are kept in memory for
+ each directory server in the replication domain.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:none>
+ <adm:synopsis>
+ Adjust the window size to improve replication if necessary.
+ </adm:synopsis>
+ </adm:none>
+ </adm:requires-admin-action>
<adm:default-behavior>
<adm:defined>
<adm:value>10000</adm:value>
</adm:defined>
</adm:default-behavior>
+
<adm:syntax>
<adm:integer />
</adm:syntax>
@@ -138,9 +147,9 @@
<adm:property name="replication-db-directory" mandatory="true"
read-only="true">
<adm:synopsis>
- The path where the
+ Specifies the path where the
<adm:user-friendly-name />
- will store all persistent information.
+ stores all persistent information.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -158,9 +167,9 @@
</adm:property>
<adm:property name="replication-purge-delay" advanced="true">
<adm:synopsis>
- The time (in seconds) after which the
+ Specifies the time (in seconds) after which the
<adm:user-friendly-name />
- will erase all persistent information.
+ erases all persistent information.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -178,12 +187,15 @@
</adm:property>
<adm:property name="replication-port" mandatory="true">
<adm:synopsis>
- The port on which this
+ Specifies the port on which this
<adm:user-friendly-name />
- will wait for connections from other
+ waits for connections from other
<adm:user-friendly-plural-name />
- or Directory Servers.
+ or directory servers.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:integer lower-limit="1" upper-limit="65535" />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
index 9065bbf..8d2c46b 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
@@ -35,7 +35,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to provide multi-master replication of data across multiple
+ provides multi-master replication of data across multiple
Directory Server instances.
</adm:synopsis>
<adm:profile name="ldap">
@@ -81,10 +81,10 @@
</adm:property-override>
<adm:property name="num-update-replay-threads" mandatory="false" read-only="false" advanced="true">
<adm:synopsis>
- Specifies the number of update replay threads
+ Specifies the number of update replay threads.
</adm:synopsis>
<adm:description>
- This is the number of threads created for replaying every updates
+ This value is the number of threads created for replaying every updates
received for all the replication domains.
</adm:description>
<adm:default-behavior>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
index b89d4cf..adc3f31 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
@@ -32,10 +32,22 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- configuration contains all the Root DN Users defined in the
- Directory Server. In addition, it also defines the default set of
+ configuration is the parent of all the Root DN Users defined in the
+ directory server. In addition, it also defines the default set of
privileges that Root DN Users will automatically inherit.
</adm:synopsis>
+ <adm:description>
+ Because the ds-cfg-root-dn-user objectclass is an auxiliary class, each
+ root DN entry must have its own structural class (for example, inetOrgPerson) that
+ allows the additional attributes to include in that entry. Because root users in the
+ OpenDS Directory Server have actual entries, it is possible to provide other attributes
+ that might be necessary to allow for stronger authentication mechanisms
+ (for example, a certificate for use with SASL EXTERNAL, or information used for identity
+ mapping). It is also possible to have multiple root DNs in the OpenDS Directory
+ Server, which means that each of them can have their own password
+ (and associated password policy) and other settings on an individual basis rather
+ than requiring all administrators to share a single root DN and password.
+ </adm:description>
<adm:tag name="core" />
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
index 487022d..d17a070 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
@@ -32,12 +32,12 @@
<adm:synopsis>
A
<adm:user-friendly-name />
- are administrative users who may be granted special privileges which
- are not available to non-root users (e.g., the ability to bind to
+ is an administrative user who is granted special privileges which
+ are not available to non-root users (for example, the ability to bind to
the server in lockdown mode).
</adm:synopsis>
<adm:description>
- By default a
+ By default, a
<adm:user-friendly-name />
inherits the default set of privileges defined in the Root DN
configuration.
@@ -57,7 +57,7 @@
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- This root user will only be allowed to bind using the DN of
+ This root user is only allowed to bind using the DN of
the associated configuration entry.
</adm:synopsis>
</adm:alias>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
index e6e9804..a0766e6 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
@@ -32,12 +32,18 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- contains the Directory Server root DSE.
+ contains the directory server root DSE. The root DSE is the entry with the null DN (that is, a DN of "", containing
+ zero RDN components) and exists to provide useful information about
+ the capabilities of the server, including about the SASL mechanisms,
+ controls, extended operations, and other types of features that the server
+ supports.
</adm:synopsis>
<adm:description>
- This is a special meta-backend that will dynamically generate the
- root DSE entry for base-level searches, and will simply redirect to
- other backends for operations in other scopes.
+ The OpenDS Directory Server root DSE entry contains operational
+ attributes and are not be returned to the client unless they are
+ explicitly requested. OpenDS also treats the root DSE as a parent to
+ all other suffixes and has searches below the root DSE performed in
+ all user backends (or using a configurable set of base DNs).
</adm:description>
<adm:tag name="core" />
<adm:tag name="database" />
@@ -49,7 +55,7 @@
</adm:profile>
<adm:property name="subordinate-base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the set of base DNs that will be used for singleLevel,
+ Specifies the set of base DNs that is used for singleLevel,
wholeSubtree, and subordinateSubtree searches based at the root
DSE.
</adm:synopsis>
@@ -73,7 +79,7 @@
<adm:synopsis>
Indicates whether all attributes in the root DSE should be treated
like user attributes (and therefore returned to clients by
- default) regardless of the Directory Server schema configuration.
+ default) regardless of the directory server schema configuration.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
index 005f133..afc101e 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
@@ -32,9 +32,12 @@
xmlns:ldap="http://www.opends.org/admin-ldap"
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
- <adm:user-friendly-plural-name />
- are responsible for the processing associated with SASL bind
- operations.
+ The SASL mechanism handler configuration entry is the parent
+ for all SASL mechanism handlers defined in the OpenDS
+ Directory Server. SASL mechanism handlers are responsible for
+ authenticating users during the course of processing a SASL
+ (Simple Authentication and Security Layer, as defined in
+ RFC 4422) bind.
</adm:synopsis>
<adm:tag name="security" />
<adm:profile name="ldap">
@@ -48,9 +51,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ SASL mechanism handler is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -63,10 +65,12 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ SASL mechanism handler implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
index 262d12b..b7f3d29 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
@@ -31,18 +31,17 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- may be used to ensure that values for a specified set of attributes
+ The Seven Bit Clean plug-in
+ ensures that values for a specified set of attributes
are 7-bit clean.
</adm:synopsis>
<adm:description>
That is, for those attributes, the values are not allowed to contain
any bytes having the high-order bit set, which is used to indicate
- the presence of non-ASCII characters. Some applications may not
+ the presence of non-ASCII characters. Some applications do not
properly handle attribute values that contain non-ASCII characters,
- and this plugin may help ensure that attributes used by those
- applications do not contain characters which may cause problems in
+ and this plug-in can help ensure that attributes used by those
+ applications do not contain characters that can cause problems in
those applications.
</adm:description>
<adm:profile name="ldap">
@@ -94,7 +93,7 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the base DN below which the checking will be performed.
+ Specifies the base DN below which the checking is performed.
</adm:synopsis>
<adm:description>
Any attempt to update a value for one of the configured attributes
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
index 75ce735..b7e23d6 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
@@ -33,9 +33,18 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
- on whether the number of characters it contains falls within an
- acceptable range of values.
+ determines whether a proposed password is acceptable by measuring
+ how similar it is to the user's current password. In particular,
+ it uses the Levenshtein Distance algorithm to determine the
+ minimum number of changes (where a change may be inserting,
+ deleting, or replacing a character) to transform one string into
+ the other. It can be used to prevent users from making only minor
+ changes to their current password when setting a new password.
+ Note that for this password validator to be effective, it is
+ necessary to have access to the user's current password.
+ Therefore, if this password validator is to be enabled, the
+ password-change-requires-current-password attribute in the
+ password policy configuration must also be set to true.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -57,11 +66,11 @@
Specifies the minimum difference of new and old password.
</adm:synopsis>
<adm:description>
- A value of zero indicates that there will be no difference is
+ A value of zero indicates that no difference between passwords is
acceptable.
</adm:description>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
index f3c4723..0360b9f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
@@ -33,9 +33,9 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that specifies the
- location of the subschemaSubentry with the schema definitions in
- effect for the entry.
+ generates a virtual attribute that specifies the location of the
+ subschemaSubentry with the schema definitions in effect for the
+ entry. This attribute is defined in RFC 4512.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
index c04b8a0..de02bbd 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
@@ -33,8 +33,20 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for handling Synchronization of the Directory Server
+ are responsible for handling synchronization of the Directory Server
data with other OpenDS instances or other data repositories.
+ The OpenDS Directory Server takes a centralized approach to
+ replication, rather than the point-to-point approach taken by Sun
+ Java System Directory Server. In OpenDS, one or more replication
+ servers are created in the environment. The replication servers
+ typically do not store user data but keep a log of all changes made
+ within the topology. Each Directory Server instance in the topology
+ is pointed at the replication servers. This plan simplifies the
+ deployment and management of the environment. Although you can run
+ the replication server on the same system (or even in the same
+ instance) as the Directory Server, the two servers can be separated
+ onto different systems. This approach can provide better performance
+ or functionality in large environments.
</adm:synopsis>
<adm:tag name="replication" />
<adm:profile name="ldap">
@@ -48,7 +60,7 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -63,7 +75,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
index 2676413..d6ea5ad 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
@@ -37,6 +37,24 @@
watch a queue and pick up an operation to process whenever one
becomes available.
</adm:synopsis>
+ <adm:description>
+ The traditional work queue is named that because its implementation
+ is similar to that used by the Sun Java System Directory Server.
+ The traditional work queue is a FIFO queue serviced by a fixed
+ number of worker threads. However, there are a couple of notable
+ differences in its design: 1) The number of worker threads is fixed,
+ but it can be changed on the fly and those changes take effect
+ immediately. In the Sun Java System Directory Server, changes to the
+ number of worker threads require a server restart to take effect.
+ 2) The work queue in the Sun Java System Directory Server is
+ unbounded. If all threads are busy processing existing operations
+ and new requests arrive, they continue to accumulate in the work
+ queue and the server appears to be frozen. In the OpenDS Directory
+ Server, it is possible to place a size limit on the work queue.
+ When this number of operations are in the queue, waiting to be
+ picked up by threads, any new requests received are rejected with
+ an error message.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-traditional-work-queue</ldap:name>
@@ -45,11 +63,14 @@
</adm:profile>
<adm:property name="num-worker-threads" mandatory="true">
<adm:synopsis>
- The number of worker threads that should be used to process
- operations placed into the queue.
+ Specifies the number of worker threads to be used for processing
+ operations placed in the queue. If the value is increased,
+ the additional worker threads are created immediately. If the
+ value is reduced, the appropriate number of threads are destroyed
+ as operations complete processing.
</adm:synopsis>
<adm:syntax>
- <adm:integer lower-limit="1" />
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -59,23 +80,28 @@
</adm:property>
<adm:property name="max-work-queue-capacity">
<adm:synopsis>
- The maximum number of queued operations that can be in the work
+ Specifies the maximum number of queued operations that can be in the work
queue at any given time.
</adm:synopsis>
<adm:description>
If the work queue is already full and additional requests are
- received by the server, they will be rejected.
+ received by the server, the requests are rejected.
+ A value of zero indicates that there is no limit to the size
+ of the queue.
</adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The work queue will not impose any limit on the number of
+ The work queue does not impose any limit on the number of
operations that can be enqueued at any one time.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
index 70d8395..34d1a9a 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used enforce constraints on the value of an attribute within a
+ enforces constraints on the value of an attribute within a
portion of the directory.
</adm:synopsis>
<adm:description>
@@ -83,12 +83,12 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies a base DN that the attribute must be unique within.
+ Specifies a base DN within which the attribute must be unique.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The plugin will use the server's public naming contexts in the
+ The plug-in uses the server's public naming contexts in the
searches.
</adm:synopsis>
</adm:alias>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
index 4c954a4..c895943 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
@@ -33,8 +33,10 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
+ determines whether a proposed password is acceptable based
on the number of unique characters that it contains.
+ This can be used to prevent simple passwords that contain only
+ a few characters like "aabbcc" or "abcabc".
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
@@ -57,11 +59,16 @@
will be allowed to contain.
</adm:synopsis>
<adm:description>
- A value of zero indicates that there will be no minimum value
+ A value of zero indicates that no minimum value is
enforced.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -75,12 +82,17 @@
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of true indicates that a capital letter should not be
- considered the same as its lower-case counterpart. A value of
- false indicates that differences in capitalization should be
- ignored when looking at the number of unique characters in the
- password.
+ If the value of this property is true, then the validator does
+ not consider a capital letter to be the same as its lower-case
+ counterpart. If the value is false, the validator ignores
+ differences in capitalization when counting the number of
+ unique characters in the password.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
index 9908ace..eb80369 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
@@ -33,13 +33,13 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to create virtual attributes with user-defined values in
- entries that match the criteria defined in the plugin's
+ creates virtual attributes with user-defined values in
+ entries that match the criteria defined in the plug-in's
configuration.
</adm:synopsis>
<adm:description>
- This provides functionality that is similar to Class of Service
- (CoS) in the Sun Java System Directory Server.
+ The functionality of these attributes is similar to Class
+ of Service (CoS) in the Sun Java System Directory Server.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -58,7 +58,7 @@
</adm:property-override>
<adm:property name="value" mandatory="true" multi-valued="true">
<adm:synopsis>
- Specifies the value(s) which should be included in virtual
+ Specifies the values to be included in the virtual
attribute.
</adm:synopsis>
<adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
index dfa217e..bc19f89 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
@@ -32,8 +32,10 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for dynamically generating attribute values which
+ are responsible for dynamically generating attribute values that
appear in entries but are not persistently stored in the backend.
+ Virtual attributes are associated with a virtual attribute
+ provider, which contains the logic for generating the value.
</adm:synopsis>
<adm:tag name="core" />
<adm:profile name="ldap">
@@ -47,10 +49,12 @@
</adm:profile>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the virtual attribute
+ provider class that generates the attribute values.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
@@ -66,7 +70,7 @@
</adm:property>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -81,7 +85,7 @@
</adm:property>
<adm:property name="attribute-type" mandatory="true">
<adm:synopsis>
- Specifies the attribute type for the attribute whose values should
+ Specifies the attribute type for the attribute whose values are to
be dynamically assigned by the virtual attribute.
</adm:synopsis>
<adm:syntax>
@@ -96,12 +100,14 @@
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
Specifies the base DNs for the branches containing entries that
- may be eligible to use this virtual attribute.
+ are eligible to use this virtual attribute.
+ If no values are given, then the server generates virtual attributes
+ anywhere in the server.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The location of the entry in the server will not be taken into
+ The location of the entry in the server is not taken into
account when determining whether an entry is eligible to use
this virtual attribute.
</adm:synopsis>
@@ -118,13 +124,17 @@
</adm:property>
<adm:property name="group-dn" multi-valued="true">
<adm:synopsis>
- Specifies the DNs of the groups whose members may be eligible to
+ Specifies the DNs of the groups whose members can be eligible to
use this virtual attribute.
+ If no values are given, then group
+ membership is not taken into account when generating the virtual
+ attribute. If one or more group DNs are specified, then only
+ members of those groups are allowed to have the virtual attribute.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- Group membership will not be taken into account when
+ Group membership is not taken into account when
determining whether an entry is eligible to use this virtual
attribute.
</adm:synopsis>
@@ -141,8 +151,12 @@
</adm:property>
<adm:property name="filter" multi-valued="true">
<adm:synopsis>
- Specifies the search filters for entries that may be eligible to
- use this virtual attribute.
+ Specifies the search filters to be applied against entries to
+ determine if the virtual attribute is to be generated for those
+ entries. If no values are given, then any entry is eligible to
+ have the value generated. If one or more filters are specified,
+ then only entries that match at least one of those filters are
+ allowed to have the virtual attribute.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -150,7 +164,15 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex />
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid search filter string.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -160,8 +182,9 @@
</adm:property>
<adm:property name="conflict-behavior">
<adm:synopsis>
- Specifies the behavior that the server should exhibit for entries
- that contain one or more real values for the associated attribute.
+ Specifies the behavior that the server is to exhibit for entries
+ that already contain one or more real values for the associated
+ attribute.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -172,20 +195,23 @@
<adm:enumeration>
<adm:value name="real-overrides-virtual">
<adm:synopsis>
- Any real values contained in the entry should be preserved
- and virtual values should not be generated.
+ Indicates that any real values contained in the entry are
+ preserved and used, and virtual values are not generated.
</adm:synopsis>
</adm:value>
<adm:value name="virtual-overrides-real">
<adm:synopsis>
- Any real values contained in the entry should be suppressed
- and virtual values should be generated.
+ Indicates that the virtual attribute provider suppresses
+ any real values contained in the entry
+ and generates virtual values and uses them.
</adm:synopsis>
</adm:value>
<adm:value name="merge-real-and-virtual">
<adm:synopsis>
- Any real values contained in the entry should be preserved
- and merged with the set of generated virtual values.
+ Indicates that the virtual attribute provider
+ is to preserve any real values contained in the entry
+ and merge them with the set of generated virtual values
+ so that both the real and virtual values are used.
</adm:synopsis>
</adm:value>
</adm:enumeration>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
index 450e37c..731383c 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
@@ -33,12 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
+ provides the configuration for the server work queue and
is responsible for ensuring that requests received from clients are
processed in a timely manner.
+ Only a single work queue can be defined in the server.
</adm:synopsis>
<adm:description>
Whenever a connection handler receives a client request, it should
- be placed in the work queue so that it may be processed
+ place the request in the work queue to be processed
appropriately.
</adm:description>
<adm:tag name="core" />
@@ -53,10 +55,13 @@
</adm:profile>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
index b966845..f2c0177 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
@@ -37,11 +37,11 @@
<adm:description>
A
<adm:user-friendly-name />
- may perform a task such as mapping DNs, renaming attributes,
+ can perform a task such as mapping DNs, renaming attributes,
filtering attributes, joining data sources, proxying, or
load-balancing. The simplest
<adm:user-friendly-name />
- is the Local Backend Work Flow Element which is used to route data
+ is the Local Backend Work Flow Element, which routes data
to a Backend.
</adm:description>
<adm:tag name="core" />
@@ -63,7 +63,7 @@
<adm:description>
If a
<adm:user-friendly-name />
- is not enabled, then its contents will not be accessible when
+ is not enabled, then its contents are not accessible when
processing operations.
</adm:description>
<adm:syntax>
@@ -78,7 +78,7 @@
<adm:property name="workflow-element-id" mandatory="true"
read-only="true">
<adm:synopsis>
- Provides a name that will be used to identify the associated
+ Provides a name that identifies the associated
<adm:user-friendly-name />
.
</adm:synopsis>
@@ -98,7 +98,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
--
Gitblit v1.10.0