From 37737e52ffa8025dc5206dfeb6e6ba46e75f25fe Mon Sep 17 00:00:00 2001
From: rhaggard <rhaggard@localhost>
Date: Wed, 06 Feb 2008 18:09:50 +0000
Subject: [PATCH] Commiting configuration XML files after adding info from the old config guide to be incorporated in the new generated config reference
---
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml | 8
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml | 14
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowConfiguration.xml | 9
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml | 29 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml | 14
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml | 56 ++
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml | 22
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TrustManagerProviderConfiguration.xml | 2
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml | 12
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml | 79 +++-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml | 23
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml | 32 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml | 18
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml | 19
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml | 4
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml | 22
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml | 11
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml | 11
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml | 32 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml | 49 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml | 10
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml | 27
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml | 31 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml | 51 +-
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml | 10
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml | 29 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml | 17
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml | 18
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml | 15
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml | 25
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml | 4
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml | 5
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml | 74 ++
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml | 8
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml | 12
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml | 36 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ExternalSASLMechanismHandlerConfiguration.xml | 6
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml | 14
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml | 4
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml | 45 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml | 69 ++
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml | 24
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml | 39 +
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml | 31
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml | 22
opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml | 24 +
47 files changed, 750 insertions(+), 372 deletions(-)
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
index 7132688..165704a 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AnonymousSASLMechanismHandlerConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="anonymous-sasl-mechanism-handler"
plural-name="anonymous-sasl-mechanism-handlers"
@@ -31,11 +31,19 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL ANONYMOUS
- authentication.
+ The ANONYMOUS SASL mechanism provides the ability for clients to
+ perform an anonymous bind using a SASL mechanism.
</adm:synopsis>
+ <adm:description>
+ The only real
+ benefit that this provides over a normal anonymous bind (that is,
+ using simple authentication with no password) is that the ANONYMOUS
+ SASL mechanism also allows the client to include a trace string in
+ the request. This trace string can help identify the application that
+ performed the bind (although since there is no authentication,
+ there is no assurance that some other client did not spoof that
+ trace string).
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-anonymous-sasl-mechanism-handler</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
index 7472881..a347fe9 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="attribute-value-password-validator"
plural-name="attribute-value-password-validators"
@@ -33,9 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
- on whether the given password value appears the user's entry.
+ attempts to determine whether a proposed password is acceptable
+ for use by determining whether that password is contained in any
+ attribute within the user's entry.
</adm:synopsis>
+ <adm:description>
+ It can be configured to look
+ in all attributes or in a specified subset of attributes.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-attribute-value-password-validator</ldap:name>
@@ -51,15 +56,13 @@
</adm:defined>
</adm:default-behavior>
</adm:property-override>
- <adm:property name="match-attribute" multi-valued="true">
+ <adm:property name="match-attribute" multi-valued="true" >
<adm:synopsis>
Specifies the name(s) of the attribute(s) whose values should be
checked to determine whether they match the provided password.
+ If no values are provided, then the server checks if the proposed
+ password matches the value of any attribute in the user's entry.
</adm:synopsis>
- <adm:description>
- If this is not provided, then all attributes in the user's entry
- will be checked.
- </adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
index b118864..2ef9575 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/BlindTrustManagerProviderConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="blind-trust-manager-provider"
plural-name="blind-trust-manager-providers"
@@ -31,12 +31,15 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- provides a mechanism for blindly trusting any certificate presented
- to it without performing any kind of validation, including ignoring
- the validity dates included within the certificate.
+ The blind trust manager provider always trusts any certificate that
+ is presented to it, regardless of its issuer, subject, and validity
+ dates.
</adm:synopsis>
+ <adm:description>
+ Use the blind trust manager provider only for testing
+ purposes, because it allows clients to use forged certificates
+ and authenticate as virtually any user in the server.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-blind-trust-manager-provider</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
index 9be7e16..de5d8ca 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="character-set-password-validator"
plural-name="character-set-password-validators"
@@ -33,12 +33,16 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable by
- determining whether it contains a sufficient number of characters
- from one or more user-defined character sets (e.g., passwords must
- have at least one lowercase letter, one uppercase letter, one digit,
- and one symbol).
+ determines whether a proposed password is acceptable by
+ checking whether it contains a sufficient number of characters
+ from one or more user-defined character sets.
</adm:synopsis>
+ <adm:description>
+ For example,
+ the validator can ensure that passwords must
+ have at least one lowercase letter, one uppercase letter, one digit,
+ and one symbol.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-character-set-password-validator</ldap:name>
@@ -64,11 +68,11 @@
<adm:description>
Each value must be an integer (indicating the minimum required
characters from the set) followed by a colon and the characters to
- include in that set (e.g., "3:abcdefghijklmnopqrstuvwxyz"
+ include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz"
indicates that a user password must contain at least three
characters from the set of lowercase ASCII letters). Multiple
- character sets may be defined in separate values, although no
- character may appear in more than one character set.
+ character sets can be defined in separate values, although no
+ character can appear in more than one character set.
</adm:description>
<adm:syntax>
<adm:string case-insensitive="false" />
@@ -87,7 +91,8 @@
</adm:synopsis>
<adm:description>
If this is "false", then only those characters in the user-defined
- character sets may be used in passwords.
+ character sets may be used in passwords. Any password containing a
+ character not included in any character set will be rejected.
</adm:description>
<adm:syntax>
<adm:boolean />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
index 9392b4f..278cb5f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/CramMD5SASLMechanismHandlerConfiguration.xml
@@ -31,11 +31,26 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL CRAM-MD5
- authentication.
+ The CRAM-MD5 SASL mechanism provides the ability for clients to
+ perform password-based authentication in a manner that does not
+ expose their password in the clear.
</adm:synopsis>
+ <adm:description>
+ Rather than including the
+ password in the bind request, the CRAM-MD5 mechanism uses a
+ two-step process in which the client needs only to prove that it
+ knows the password. The server sends randomly-generated data to
+ the client that is to be used in the process, which makes it
+ resistant to replay attacks. The one-way message digest
+ algorithm ensures that the original clear-text password is not
+ exposed. Note that the algorithm used by the CRAM-MD5 mechanism
+ requires that both the client and the server have access to the
+ clear-text password (or potentially a value that is derived from
+ the clear-text password). In order to authenticate to the server
+ using CRAM-MD5, the password for a user's account must be encoded
+ using a reversible password storage scheme that allows the server
+ to have access to the clear-text value.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-cram-md5-sasl-mechanism-handler</ldap:name>
@@ -53,8 +68,10 @@
</adm:property-override>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match the client authentication ID to a user entry.
+ Specifies the name of the identity mapper used
+ with this SASL mechanism handler to match the authentication
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
index af963fd..6ab07b2 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DictionaryPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="dictionary-password-validator"
plural-name="dictionary-password-validators"
@@ -33,10 +33,16 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
+ determines whether a proposed password is acceptable based
on whether the given password value appears in a provided dictionary
- file.
+ file.
</adm:synopsis>
+ <adm:description>
+ A large dictionary file is provided with the server, but the
+ administrator can supply an alternate dictionary. In this case,
+ then the dictionary must be a plain-text file with
+ one word per line.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-dictionary-password-validator</ldap:name>
@@ -54,17 +60,34 @@
</adm:property-override>
<adm:property name="dictionary-file" mandatory="true">
<adm:synopsis>
- Specifies the path to the file containing a list of words that may
- not be used as passwords.
+ Specifies the path to the file containing a list of words that
+ cannot be used as passwords.
</adm:synopsis>
<adm:description>
- It should be formatted with one word per line. The value may be an
- absolute path, or a path that is relative to the
+ It should be formatted with one word per line. The value can be an
+ absolute path or a path that is relative to the
<adm:product-name />
instance root.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>
+ For Unix and Linux systems: config/wordlist.txt.
+ For Windows systems: config\\wordlist.txt
+ </adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ The path to any text file contained on the system that is
+ readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -74,16 +97,19 @@
</adm:property>
<adm:property name="case-sensitive-validation" mandatory="true">
<adm:synopsis>
- Indicates whether this password validator should treat password
+ Indicates whether this password validator is to treat password
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of false indicates that any differences in capitalization
- should be ignored when looking for consecutive characters in the
- password. A value of true indicates that a character should only
- be considered repeating if all consecutive occurrences use the
- same capitalization.
+ If it is set to true, then the validator rejects a password only
+ if it appears in the dictionary with exactly the
+ same capitalization as provided by the user.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
@@ -95,10 +121,21 @@
</adm:property>
<adm:property name="test-reversed-password" mandatory="true">
<adm:synopsis>
- Indicates whether this password validator should test the reversed
+ Indicates whether this password validator is to test the reversed
value of the provided password as well as the order in which it
- was given.
+ was given.
</adm:synopsis>
+ <adm:description>
+ For example, if the user provides a new password of
+ "password" and this configuration attribute is set to true, then
+ the value "drowssap" is also tested against attribute values
+ in the user's entry.
+ </adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>true</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
index 538b10b..a566979 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/DigestMD5SASLMechanismHandlerConfiguration.xml
@@ -31,11 +31,22 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
+ The DIGEST-MD5 SASL mechanism
is used to perform all processing related to SASL DIGEST-MD5
- authentication.
+ authentication.
</adm:synopsis>
+ <adm:description>
+ The DIGEST-MD5 SASL mechanism is very similar
+ to the CRAM-MD5 mechanism in that it allows for password-based
+ authentication without exposing the password in the clear
+ (although it does require that both the client and the server
+ have access to the clear-text password). Like the CRAM-MD5
+ mechanism, it uses data that is randomly generated by the server
+ to make it resistant to replay attacks, but it also includes
+ randomly-generated data from the client, which makes it also
+ resistant to problems resulting from weak server-side random
+ number generation.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-digest-md5-sasl-mechanism-handler</ldap:name>
@@ -53,34 +64,45 @@
</adm:property-override>
<adm:property name="realm">
<adm:synopsis>
- Specifies the realm that should be used by the server for
+ Specifies the realm that is to be used by the server for
DIGEST-MD5 authentication.
</adm:synopsis>
<adm:description>
- If this is not provided, then the server will default to using a
+ If this value is not provided, then the server defaults to use a
set of realm names that correspond to the defined suffixes.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will default to a set of realm names that
+ The server defaults to a set of realm names that
correspond to the defined suffixes.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any realm string. As needed, it be a DN or matched
+ to a realm already in use for another service.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-realm</ldap:name>
</ldap:attribute>
</adm:profile>
- </adm:property>
- <adm:property name="identity-mapper" mandatory="true">
+ </adm:property> <adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match client authentication and authorization IDs to user entries.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication
+ or authorization
+ ID included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
@@ -109,23 +131,39 @@
<adm:property name="server-fqdn">
<adm:synopsis>
Specifies the DNS-resolvable fully-qualified domain name for the
- system.
+ server that is used when validating the digest-uri parameter during
+ the authentication process.
</adm:synopsis>
<adm:description>
- This is the value expected to be present in the host field of the
- digest-uri-value element.
+ If this configuration attribute is
+ present, then the server expects that clients use a digest-uri equal
+ to "ldap/" followed by the value of this attribute. For example, if
+ the attribute has a value of "directory.example.com", then the
+ server expects clients to use a digest-uri of
+ "ldap/directory.example.com". If no value is provided, then the
+ server does not attempt to validate the digest-uri provided by the
+ client and accepts any value.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to dynamically determine the
- fully-qualified domain name.
+ The server attempts to determine the
+ fully-qualified domain name dynamically.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
- </adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ The fully-qualified address that is expected for clients to use
+ when connecting to the server and authenticating via DIGEST-MD5.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
+ </adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-server-fqdn</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
index 6987cf5..5c3cf59 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryDNVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-20008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="entry-dn-virtual-attribute"
plural-name="entry-dn-virtual-attributes"
@@ -33,11 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate the entryDN operational attribute, which
- contains a normalized form of the entry's DN.
+ generates the entryDN operational attribute in directory entries,
+ which contains a normalized form of the entry's DN.
</adm:synopsis>
<adm:description>
- This provides the ability to use search filters containing the
+ This attribute is defined in the draft-zeilenga-ldap-entrydn
+ Internet Draft and contains the DN of the entry in which it is
+ contained.
+ This component provides the ability to use search filters containing the
entry's DN.
</adm:description>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
index 90493b7..bee0ce5 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDPluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="entry-uuid-plugin"
plural-name="entry-uuid-plugins" package="org.opends.server.admin.std"
@@ -32,9 +32,29 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to generate values for the entryUUID operational attribute
+ generates values for the entryUUID operational attribute
whenever an entry is added via protocol or imported from LDIF.
</adm:synopsis>
+ <adm:description>
+ The entryUUID plug-in ensures that all entries
+ added to the server, whether through an LDAP add operation or via
+ an LDIF import, are assigned an entryUUID operational attribute if
+ they do not already have one. The entryUUID attribute contains a
+ universally unique identifier that can be used to identify an entry
+ in a manner that does not change (even in the event of a modify DN
+ operation). This plug-in generates a random UUID for entries created
+ by an add operation, but the UUID is constructed from the DN of the
+ entry during an LDIF import (which means that the same LDIF file
+ can be imported on different systems but still get the same value
+ for the entryUUID attribute). This behavior is based on the
+ specification contained in RFC 4530. The implementation for the
+ entry UUID plug-in is contained in the
+ org.opends.server.plugins.EntryUUIDPlugin class. It must be
+ configured with the preOperationAdd and ldifImport plug-in types,
+ but it does not have any other custom configuration. This
+ plug-in must be enabled in any directory that is intended to be used
+ in a synchronization environment.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-entry-uuid-plugin</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
index b41184c..4bcd42e 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/EntryUUIDVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="entry-uuid-virtual-attribute"
plural-name="entry-uuid-virtual-attributes"
@@ -33,14 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to ensure that all entries contained in private backends
- will have values for the entryUUID operational attribute.
+ ensures that all entries contained in private backends
+ have values for the entryUUID operational attribute.
</adm:synopsis>
<adm:description>
- The entryUUID values will be generated based on a normalized
- representation of the entry's DN, which should not cause a
- consistency problem because we do not allow modify DN operations to
- be performed in private backends.
+ The entryUUID values are generated based on a normalized
+ representation of the entry's DN, which does not cause a
+ consistency problem because OpenDS does not allow modify DN
+ operations to be performed in private backends.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ExternalSASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ExternalSASLMechanismHandlerConfiguration.xml
index f3a13bd..952ae0c 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ExternalSASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ExternalSASLMechanismHandlerConfiguration.xml
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to perform all processing related to SASL EXTERNAL
+ performs all processing related to SASL EXTERNAL
authentication.
</adm:synopsis>
<adm:profile name="ldap">
@@ -86,11 +86,11 @@
</adm:property>
<adm:property name="certificate-attribute">
<adm:synopsis>
- Specifies the name of the attribute that should hold user
+ Specifies the name of the attribute to hold user
certificates.
</adm:synopsis>
<adm:description>
- This must specify the name of a valid attribute type defined in
+ This property must specify the name of a valid attribute type defined in
the server schema.
</adm:description>
<adm:default-behavior>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
index 0775180..60a7383 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/FileBasedTrustManagerProviderConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="file-based-trust-manager-provider"
plural-name="file-based-trust-manager-providers"
@@ -31,13 +31,14 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- provider accesses key information in a file on the local filesystem.
+ The file-based trust manager provider determines whether to trust a
+ presented certificate based on whether that certificate exists in a
+ server trust store file.
</adm:synopsis>
<adm:description>
- Multiple file formats may be supported, depending on the providers
- supported by the underlying Java runtime.
+ The trust store file can be in either JKS
+ (the default Java key store format) or PKCS#12 (a standard
+ certificate format) form.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -58,16 +59,24 @@
<adm:TODO>Should use a file-based property definition?</adm:TODO>
<adm:synopsis>
Specifies the path to the file containing the trust information.
- It may be an absolute path, or a path that is relative to the
+ It can be an absolute path or a path that is relative to the
<adm:product-name />
instance root.
</adm:synopsis>
<adm:description>
- Changes to this configuration attribute will take effect the next
+ Changes to this configuration attribute take effect the next
time that the trust manager is accessed.
</adm:description>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ An absolute path or a path that is relative to the OpenDS Directory Server instance root.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -84,17 +93,25 @@
Specifies the format for the data in the trust store file.
</adm:synopsis>
<adm:description>
- Valid values should always include 'JKS' and 'PKCS12', but
- different implementations may allow other values as well. If no
- value is provided, then the JVM-default value will be used.
- Changes to this configuration attribute will take effect the next
- time that the trust manager is accessed.
+ Valid values always include 'JKS' and 'PKCS12', but different
+ implementations can allow other values as well. If no value is
+ provided, then the JVM default value is used. Changes to this
+ configuration attribute take effect the next time that the
+ trust manager is accessed.
</adm:description>
<adm:default-behavior>
<adm:undefined />
</adm:default-behavior>
- <adm:syntax>
- <adm:string />
+ <adm:syntax>
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any key store format supported by the Java runtime environment. The "JKS" and "PKCS12" formats are typically available in Java environments.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
index 54119ed..12dacb1 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/GSSAPISASLMechanismHandlerConfiguration.xml
@@ -31,11 +31,17 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to perform all processing related to SASL GSSAPI
+ The GSSAPI SASL mechanism
+ performs all processing related to SASL GSSAPI
authentication using Kerberos V5.
</adm:synopsis>
+ <adm:description>
+ The GSSAPI SASL mechanism provides the ability for clients
+ to authenticate themselves to the server using existing
+ authentication in a Kerberos environment. This mechanism
+ provides the ability to achieve single sign-on for
+ Kerberos-based clients.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-gssapi-sasl-mechanism-handler</ldap:name>
@@ -53,12 +59,12 @@
</adm:property-override>
<adm:property name="realm">
<adm:synopsis>
- Specifies the realm that should be used for GSSAPI authentication.
+ Specifies the realm to be used for GSSAPI authentication.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to determine the realm from the
+ The server attempts to determine the realm from the
underlying system configuration.
</adm:synopsis>
</adm:alias>
@@ -74,16 +80,18 @@
</adm:property>
<adm:property name="kdc-address">
<adm:synopsis>
- Specifies the address of the KDC that should be used for Kerberos
+ Specifies the address of the KDC that is to be used for Kerberos
processing.
</adm:synopsis>
<adm:description>
- If provided, this should be a fully-qualified DNS-resolvable name.
+ If provided, this property must be a fully-qualified DNS-resolvable name.
+ If this property is not provided, then the server attempts to determine it
+ from the system-wide Kerberos configuration.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to determine the KDC address from the
+ The server attempts to determine the KDC address from the
underlying system configuration.
</adm:synopsis>
</adm:alias>
@@ -103,13 +111,13 @@
Kerberos processing.
</adm:synopsis>
<adm:description>
- If provided, this should be either an absolute path or one that is
+ If provided, this is either an absolute path or one that is
relative to the server instance root.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to use the system-wide default keytab.
+ The server attempts to use the system-wide default keytab.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -130,8 +138,8 @@
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The server will attempt to dynamically determine the
- fully-qualified domain name.
+ The server attempts to determine the
+ fully-qualified domain name dynamically .
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -146,8 +154,11 @@
</adm:property>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match the Kerberos principal to a user entry.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler
+ to match the Kerberos principal
+ included in the SASL bind request to the corresponding
+ user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
index 2bcb841..0076206 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/HasSubordinatesVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="has-subordinates-virtual-attribute"
plural-name="has-subordinates-virtual-attributes"
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that indicates whether
+ generates a virtual attribute that indicates whether
the entry has any subordinate entries.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
index 0310481..3faf2b4 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/IsMemberOfVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="is-member-of-virtual-attribute"
plural-name="is-member-of-virtual-attributes"
@@ -33,7 +33,8 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that contains the DNs of
+ generates the isMemberOf operational attribute,
+ which contains the DNs of
the groups in which the user is a member.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
index 76e591e..cb122c1 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LDAPAttributeDescriptionListPluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="ldap-attribute-description-list-plugin"
plural-name="ldap-attribute-description-list-plugins"
@@ -31,15 +31,23 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
+ The
<adm:user-friendly-name />
- is used to provide the ability to request that search result entries
- include all attributes that are included by a specified object
- class.
+ provides the ability for clients to include an attribute list in
+ a search request that names object classes instead of (or in
+ addition to) attributes.
</adm:synopsis>
<adm:description>
- For example, including a requested attribute of "@person" has the
- effect of requesting all attributes in the person object class.
+ For example, if a client wishes to
+ retrieve all of the attributes in the inetOrgPerson object class,
+ then that client can include "@inetOrgPerson" in the attribute
+ list rather than naming all of those attributes individually.
+ This behavior is based on the specification contained in RFC 4529.
+ The implementation for the LDAP attribute description list plugin
+ is contained in the
+ org.opends.server.plugins.LDAPADListPlugin class. It must be
+ configured with the preParseSearch plugin type, but does not have
+ any other custom configuration.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
index 2a3afe0..9a7c556 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LastModPluginConfiguration.xml
@@ -23,20 +23,28 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="last-mod-plugin"
plural-name="last-mod-plugins" package="org.opends.server.admin.std"
extends="plugin" xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
+ The
<adm:user-friendly-name />
is used to ensure that the creatorsName and createTimestamp
attributes are included in an entry whenever it is added to the
- server, and to ensure that the modifiersName and modifyTimestamp
+ server and also to ensure that the modifiersName and modifyTimestamp
attributes are updated whenever an entry is modified or renamed.
</adm:synopsis>
+ <adm:description>
+ This behavior is described in RFC 4512. The implementation for
+ the LastMod plugin is contained in the
+ org.opends.server.plugins.LastModPlugin class. It must be
+ configured with the preOperationAdd, preOperationModify, and
+ preOperationModifyDN plugin types, but it does not have any
+ other custom configuration.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-last-mod-plugin</ldap:name>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
index f91306b..9a5b8f5 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/LengthBasedPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="length-based-password-validator"
plural-name="length-based-password-validators"
@@ -39,8 +39,12 @@
<adm:user-friendly-name />
is used to determine whether a proposed password is acceptable based
on whether the number of characters it contains falls within an
- acceptable range of values.
+ acceptable range of values.
</adm:synopsis>
+ <adm:description>
+ Both upper and lower bounds may be
+ defined.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-length-based-password-validator</ldap:name>
@@ -58,12 +62,14 @@
</adm:property-override>
<adm:property name="max-password-length">
<adm:synopsis>
- Specifies the maximum number of characters that may be included in
- a proposed password.
+ Specifies the maximum number of characters that can be included in
+ a proposed password.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no upper bound
- enforced.
+ enforced. If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
</adm:description>
<adm:default-behavior>
<adm:defined>
@@ -71,7 +77,7 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -82,19 +88,22 @@
<adm:property name="min-password-length">
<adm:synopsis>
Specifies the minimum number of characters that must be included
- in a proposed password.
+ in a proposed password.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no lower bound
- enforced.
+ enforced.
+ If both minimum and maximum lengths
+ are defined, then the minimum length must be less than or equal to
+ the maximum length.
</adm:description>
<adm:default-behavior>
<adm:defined>
- <adm:value>1</adm:value>
+ <adm:value>6</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
index 501313e..e3c4f32 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/MemberVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="member-virtual-attribute"
plural-name="user-defined-virtual-attributes"
@@ -33,14 +33,23 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to generate a member or uniqueMember attribute whose values
- are the DNs of the members of a specified group.
+ generates a member or uniqueMember attribute whose values are
+ the DNs of the members of a specified virtual static group.
</adm:synopsis>
<adm:description>
- This is used to implement virtual static group functionality, in
- which it is possible to create an entry which looks like a static
- group but obtains all of its membership from a dynamic group (or
- some other type of group, including another static group).
+ This component is used to implement virtual static group
+ functionality, in which it is possible to create an entry
+ that looks like a static group but obtains all of its
+ membership from a dynamic group (or some other type of
+ group, including another static group).
+ This implementation is most efficient when attempting to
+ determine whether a given user is a member of a group
+ (for example, with a filter like
+ "(uniqueMember=uid=john.doe,ou=People,dc=example,dc=com)")
+ when the search does not actually return the membership
+ attribute. Although it works to generate the entire set of
+ values for the member or uniqueMember attribute, this can be
+ an expensive operation for a large group.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -70,10 +79,15 @@
the virtual attribute.
</adm:synopsis>
<adm:description>
- This can be a very expensive operation in some cases, and is not
- in-line with the primary function of virtual static groups, which
+ This operation can be very expensive in some cases and is not
+ consistent with the primary function of virtual static groups, which
is to make it possible to use static group idioms to determine
whether a given user is a member.
+ If this attribute is set to false, attempts to retrieve the entire
+ set of values receive an empty set, and only attempts to determine
+ whether the attribute has a specific value or set of values
+ (which is the primary anticipated use for virtual static groups)
+ are handled properly.
</adm:description>
<adm:default-behavior>
<adm:defined>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
index d92e37f..fd91868 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/NumSubordinatesVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="num-subordinates-virtual-attribute"
plural-name="num-subordinates-virtual-attributes"
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that specifies the
+ generates a virtual attribute that specifies the
number of immediate child entries that exist below the entry.
</adm:synopsis>
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
index 30a9461..e6acc46 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordPolicyImportPluginConfiguration.xml
@@ -31,9 +31,9 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
+ The
<adm:user-friendly-name />
- is used to ensure that clear-text passwords contained in LDIF
+ ensures that clear-text passwords contained in LDIF
entries are properly encoded before they are stored in the
appropriate Directory Server backend.
</adm:synopsis>
@@ -69,19 +69,19 @@
<adm:property name="default-user-password-storage-scheme"
multi-valued="true">
<adm:synopsis>
- Specifies the names of the password storage schemes that will be
+ Specifies the names of the password storage schemes to be
used for encoding passwords contained in attributes with the user
password syntax for entries that do not include the
- ds-pwp-password-policy-dn attribute to specify which password
- policy should be used to govern them.
+ ds-pwp-password-policy-dn attribute specifying which password
+ policy is to be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If the default password policy uses the attribute with the
- user password syntax, then the server will use the default
+ user password syntax, then the server uses the default
password storage schemes for that password policy. Otherwise,
- it will encode user password values using the "SSHA" scheme.
+ it encodes user password values using the "SSHA" scheme.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -90,8 +90,7 @@
parent-path="/">
<adm:constraint>
<adm:synopsis>
- The referenced password storage schemes must be enabled when
- the
+ The referenced password storage schemes must be enabled when the
<adm:user-friendly-name />
is enabled.
</adm:synopsis>
@@ -115,19 +114,19 @@
<adm:property name="default-auth-password-storage-scheme"
multi-valued="true">
<adm:synopsis>
- Specifies the names of password storage schemes that will be used
+ Specifies the names of password storage schemes that to be used
for encoding passwords contained in attributes with the auth
password syntax for entries that do not include the
- ds-pwp-password-policy-dn attribute to specify which password
+ ds-pwp-password-policy-dn attribute specifying which password
policy should be used to govern them.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If the default password policy uses an attribute with the auth
- password syntax, then the server will use the default password
- storage schemes for that password policy. Otherwise, it will
- encode auth password values using the "SHA1" scheme.
+ password syntax, then the server uses the default password
+ storage schemes for that password policy. Otherwise, it
+ encodes auth password values using the "SHA1" scheme.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -137,9 +136,7 @@
<adm:constraint>
<adm:synopsis>
The referenced password storage schemes must be enabled when
- the
- <adm:user-friendly-name />
- is enabled.
+ the Password Policy Import plug-in is enabled.
</adm:synopsis>
<adm:target-needs-enabling-condition>
<adm:contains property="enabled" value="true" />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
index 0c0c672..1395f23 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="password-validator"
plural-name="password-validators"
@@ -33,9 +33,21 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for determining whether proposed passwords are
- acceptable for use.
+ are responsible for determining whether a proposed password is
+ acceptable for use and could include checks like ensuring it
+ meets minimum length requirements, that it has an appropriate
+ range of characters, or that it is not in the history.
</adm:synopsis>
+ <adm:description>
+ The password policy for a user specifies the set of password
+ validators that should be used whenever that user provides a
+ new password. In order to activate a password validator, the
+ corresponding configuration entry must be enabled, and the DN
+ of that entry should be included in the password-validator
+ attribute of the password policy in which you want that
+ validator active. All password validator configuration entries
+ must contain the password-validator structural objectclass.
+ </adm:description>
<adm:tag name="user-management" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -48,9 +60,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ password validator is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -63,10 +74,12 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ password validator implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
index e250c57..9edec3a 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PlainSASLMechanismHandlerConfiguration.xml
@@ -33,9 +33,19 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to perform all processing related to SASL PLAIN
+ performs all processing related to SASL PLAIN
authentication.
</adm:synopsis>
+ <adm:description>
+ The PLAIN SASL mechanism provides the ability for clients to
+ authenticate using a username and password. This authentication
+ is very similar to standard LDAP simple authentication, with the
+ exception that it can authenticate based on an authentication ID
+ (for example, a username) rather than requiring a full DN, and
+ it can also include an authorization ID in addition to the
+ authentication ID. Note that the SASL PLAIN mechanism does not
+ make any attempt to protect the password.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-plain-sasl-mechanism-handler</ldap:name>
@@ -53,8 +63,10 @@
</adm:property-override>
<adm:property name="identity-mapper" mandatory="true">
<adm:synopsis>
- Specifies the name of the identity mapper that should be used to
- match client authentication and authorization IDs to user entries.
+ Specifies the name of the identity mapper that is to be used
+ with this SASL mechanism handler to match the authentication or
+ authorization ID included in the SASL bind request to the
+ corresponding user in the directory.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
index c70c2d5..5e3df4b 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/PluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="plugin" plural-name="plugins"
package="org.opends.server.admin.std"
@@ -49,9 +49,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ plug-in is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -64,9 +63,8 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ plug-in implementation.
</adm:synopsis>
<adm:syntax>
<adm:java-class>
@@ -84,8 +82,7 @@
<adm:property name="plugin-type" mandatory="true"
multi-valued="true">
<adm:synopsis>
- The plugin types, which define the conditions under which this
- plugin should be invoked.
+ Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked.
</adm:synopsis>
<adm:requires-admin-action>
<adm:component-restart />
@@ -371,13 +368,13 @@
</adm:property>
<adm:property name="invoke-for-internal-operations" advanced="true">
<adm:synopsis>
- Indicates whether the plugin should be invoked for internal
+ Indicates whether the plug-in should be invoked for internal
operations.
</adm:synopsis>
<adm:description>
- Note that any plugin which may be invoked for internal operations
- should be careful to ensure that they do not create any new
- internal operatons that can cause the same plugin to be
+ Any plug-in that can be invoked for internal operations
+ must ensure that it does not create any new
+ internal operatons that can cause the same plug-in to be
re-invoked.
</adm:description>
<adm:default-behavior>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
index 57d88cf..1a90a68 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ProfilerPluginConfiguration.xml
@@ -23,16 +23,15 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="profiler-plugin"
plural-name="profiler-plugins" package="org.opends.server.admin.std"
extends="plugin" xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
- <adm:user-friendly-name />
- is used to capture profiling information about operations performed
+ The Profiler plug-in
+ captures profiling information about operations performed
inside the JVM while the Directory Server is running.
</adm:synopsis>
<adm:profile name="ldap">
@@ -66,19 +65,25 @@
</adm:property-override>
<adm:property name="profile-sample-interval" mandatory="true">
<adm:synopsis>
- Specifies the sample interval that should be used when capturing
- profiling information in the server.
+ Specifies the sample interval in milliseconds to be used when
+ capturing profiling information in the server.
</adm:synopsis>
+ <adm:description>
+ When capturing
+ data, the profiler thread sleeps for this length of time
+ between calls to obtain traces for all threads running in the
+ JVM.
+ </adm:description>
<adm:requires-admin-action>
<adm:none>
<adm:synopsis>
- Changes to this configuration attribute will take effect the
+ Changes to this configuration attribute take effect the
next time the profiler is started.
</adm:synopsis>
</adm:none>
</adm:requires-admin-action>
<adm:syntax>
- <adm:duration lower-limit="1" base-unit="ms" />
+ <adm:duration lower-limit="1" upper-limit="2147483647" base-unit="ms" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -88,15 +93,26 @@
</adm:property>
<adm:property name="profile-directory" mandatory="true">
<adm:synopsis>
- Specifies the path to the directory into which profile information
- will be written.
+ Specifies the path to the directory where profile information
+ is to be written. This path may be either an absolute path or a path
+ that is relative to the root of the OpenDS Directory Server
+ instance.
</adm:synopsis>
<adm:description>
The directory must exist and the Directory Server must have
permission to create new files in it.
</adm:description>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>DIR</adm:usage>
+ <adm:synopsis>
+ The path to any directory that exists on the filesystem
+ and that can be read and written by the server user.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -106,12 +122,16 @@
</adm:property>
<adm:property name="enable-profiling-on-startup" mandatory="true">
<adm:synopsis>
- Indicates whether the profiler plugin should start collecting data
+ Indicates whether the profiler plug-in is to start collecting data
automatically when the Directory Server is started.
</adm:synopsis>
<adm:description>
- This will only be read when the server is started, and any changes
- will take effect on the next restart.
+ This property is read only when the server is
+ started, and any changes take effect on the next restart.
+ This property is typically set to "false" unless startup
+ profiling is required, because otherwise the volume of data that
+ can be collected can cause the server to run out of memory if it
+ is not turned off in a timely manner.
</adm:description>
<adm:syntax>
<adm:boolean />
@@ -127,12 +147,12 @@
Specifies the action that should be taken by the profiler.
</adm:synopsis>
<adm:description>
- A value of "start" will cause the profiler thread to start
+ A value of "start" causes the profiler thread to start
collecting data if it is not already active. A value of "stop"
- will cause the profiler thread to stop collecting data and write
- it do disk, and a value of "cancel" will cause the profiler thread
+ causes the profiler thread to stop collecting data and write
+ it to disk, and a value of "cancel" causes the profiler thread
to stop collecting data and discard anything that has been
- captured. These operations will occur immediately.
+ captured. These operations occur immediately.
</adm:description>
<adm:default-behavior>
<adm:defined>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
index 81e466c..5668184 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReferentialIntegrityPluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="referential-integrity-plugin"
plural-name="referential-integrity-plugins"
@@ -31,17 +31,18 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
+ The
<adm:user-friendly-name />
- is used to maintain referential integrity for DN valued attributes.
+ maintains referential integrity for DN valued attributes.
</adm:synopsis>
<adm:description>
- The values of these attributes may reference entries that have been
+ The values of these attributes can reference entries that have been
deleted by a delete operation or renamed by a modify DN operation.
- The referential integrity plugin will remove stale references to
- deleted entries or update references to renamed entries. The
- referential integrity plugin allows the scope of this referential
- check to be limited to a set of base DNs if desired. It also can be
+ The referential integrity plug-in either removes stale references to
+ deleted entries or updates references to renamed entries. The
+ plug-in allows the scope of this referential
+ check to be limited to a set of base DNs if desired. The plug-in
+ also can be
configured to perform the referential checking in the background
mode specified intervals.
</adm:description>
@@ -73,12 +74,12 @@
multi-valued="true">
<adm:synopsis>
Specifies the attribute types for which referential integrity
- should be maintained.
+ is to be maintained.
</adm:synopsis>
<adm:description>
- There must be at least one attribute type specified and the syntax
- of them must either be distinguished name
- (1.3.6.1.4.1.1466.115.121.1.12) or name and optional uid
+ At least one attribute type must be specified, and the syntax
+ of any attributes must be either a distinguished name
+ (1.3.6.1.4.1.1466.115.121.1.12) or name and optional UID
(1.3.6.1.4.1.1466.115.121.1.34).
</adm:description>
<adm:syntax>
@@ -92,13 +93,13 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the scope within which referential integrity will be
- maintained.
+ Specifies the base DN that limits the scope within which
+ referential integrity is maintained.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- Referential integrity will be maintained in all public naming
+ Referential integrity is maintained in all public naming
contexts.
</adm:synopsis>
</adm:alias>
@@ -114,11 +115,11 @@
</adm:property>
<adm:property name="log-file">
<adm:synopsis>
- Specifies the log file location where the update records will be
- written when the plugin is in background mode processing.
+ Specifies the log file location where the update records are
+ written when the plug-in is in background-mode processing.
</adm:synopsis>
<adm:description>
- The default location is in the logs directory of the server
+ The default location is the logs directory of the server
instance, using the file name "referint".
</adm:description>
<adm:default-behavior>
@@ -127,7 +128,15 @@
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>FILE</adm:usage>
+ <adm:synopsis>
+ A path to an existing file that is readable by the server.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -137,8 +146,8 @@
</adm:property>
<adm:property name="update-interval">
<adm:synopsis>
- Specifies the interval, in seconds, when referential integrity
- updates will be made.
+ Specifies the interval in seconds when referential integrity
+ updates are made.
</adm:synopsis>
<adm:description>
If this value is 0, then the updates are made synchronously in the
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
index 5bdaaa5..82dc0a5 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RepeatedCharactersPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="repeated-characters-password-validator"
plural-name="repeated-characters-password-validators"
@@ -35,8 +35,13 @@
<adm:user-friendly-name />
is used to determine whether a proposed password is acceptable based
on the number of times any character may appear consecutively in a
- password value.
+ password value.
</adm:synopsis>
+ <adm:description>
+ It ensures that user passwords do not contain strings
+ of the same character repeated several times, like "aaaaaa" or
+ "aaabbb".
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>
@@ -56,15 +61,20 @@
</adm:property-override>
<adm:property name="max-consecutive-length" mandatory="true">
<adm:synopsis>
- Specifies the maximum number of times that any character may
+ Specifies the maximum number of times that any character can
appear consecutively in a password value.
</adm:synopsis>
<adm:description>
A value of zero indicates that there will be no maximum limit
- enforced.
+ enforced.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>2</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -78,12 +88,18 @@
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of false indicates that any differences in capitalization
- should be ignored when looking for consecutive characters in the
- password. A value of true indicates that a character should only
- be considered repeating if all consecutive occurrences use the
- same capitalization.
+ If the value of this property is false, the validator ignores
+ any differences in capitalization
+ when looking for consecutive characters in the
+ password. If the value is true, the validator considers a
+ character to be repeating only if all consecutive occurrences
+ use the same capitalization.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
index 0199388..6632767 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationDomainConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="replication-domain"
plural-name="replication-domains"
@@ -74,8 +74,7 @@
<adm:property name="server-id" mandatory="true" read-only="true">
<adm:synopsis>
Specifies a unique identifier for the Directory Server within the
- <adm:user-friendly-name />
- .
+ <adm:user-friendly-name />.
</adm:synopsis>
<adm:description>
Each Directory Server within the same
@@ -134,10 +133,10 @@
use when communicating with Replication Servers.
</adm:synopsis>
<adm:description>
- The Directory Server will expect a regular heart-beat coming from
+ The Directory Server expects a regular heart-beat coming from
the Replication Server within the specified interval. If a
heartbeat is not received within the interval, the Directory
- Server will close its connection and connect to another
+ Server closes its connection and connects to another
Replication Server.
</adm:description>
<adm:default-behavior>
@@ -172,10 +171,10 @@
<adm:synopsis>
Indicates that updates should be accepted even though it is
not possible to send them to any Replication Server. Best
- effort will be made to re-send those updates to a
+ effort is made to re-send those updates to a
Replication Servers when one of them is available, however
- those changes will be at risk because they will only be
- available from the historical information. This mode may
+ those changes are at risk because they are only
+ available from the historical information. This mode can
also introduce high replication latency.
</adm:synopsis>
</adm:value>
@@ -183,7 +182,7 @@
<adm:synopsis>
Indicates that all updates attempted on this
<adm:user-friendly-name />
- will be rejected when no Replication Server is available.
+ are rejected when no Replication Server is available.
</adm:synopsis>
</adm:value>
</adm:enumeration>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
index ff45ade..2a8a72d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationServerConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="replication-server"
plural-name="replication-servers"
@@ -32,7 +32,7 @@
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are used to publish updates to Directory Servers within a
+ publish updates to Directory Servers within a
Replication Domain.
</adm:synopsis>
<adm:tag name="replication" />
@@ -48,7 +48,7 @@
<adm:user-friendly-plural-name />
to which this
<adm:user-friendly-name />
- should try to connect at startup time.
+ tries to connect at startup time.
</adm:synopsis>
<adm:description>
Addresses must be specified using the syntax: hostname:port
@@ -77,8 +77,7 @@
read-only="true">
<adm:synopsis>
Specifies a unique identifier for the
- <adm:user-friendly-name />
- .
+ <adm:user-friendly-name />.
</adm:synopsis>
<adm:description>
Each
@@ -98,9 +97,8 @@
<adm:synopsis>
Specifies the window size that the
<adm:user-friendly-name />
- will use when communicating with other
- <adm:user-friendly-plural-name />
- .
+ uses when communicating with other
+ <adm:user-friendly-plural-name />.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -118,7 +116,7 @@
</adm:property>
<adm:property name="queue-size" advanced="true">
<adm:synopsis>
- Specifies the number of changes that will be kept in memory for
+ Specifies the number of changes that are kept in memory for
each Directory Server in the Replication Domain.
</adm:synopsis>
<adm:default-behavior>
@@ -140,7 +138,7 @@
<adm:synopsis>
The path where the
<adm:user-friendly-name />
- will store all persistent information.
+ stores all persistent information.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -160,7 +158,7 @@
<adm:synopsis>
The time (in seconds) after which the
<adm:user-friendly-name />
- will erase all persistent information.
+ erases all persistent information.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -180,7 +178,7 @@
<adm:synopsis>
The port on which this
<adm:user-friendly-name />
- will wait for connections from other
+ waits for connections from other
<adm:user-friendly-plural-name />
or Directory Servers.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
index 9065bbf..8d2c46b 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/ReplicationSynchronizationProviderConfiguration.xml
@@ -35,7 +35,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to provide multi-master replication of data across multiple
+ provides multi-master replication of data across multiple
Directory Server instances.
</adm:synopsis>
<adm:profile name="ldap">
@@ -81,10 +81,10 @@
</adm:property-override>
<adm:property name="num-update-replay-threads" mandatory="false" read-only="false" advanced="true">
<adm:synopsis>
- Specifies the number of update replay threads
+ Specifies the number of update replay threads.
</adm:synopsis>
<adm:description>
- This is the number of threads created for replaying every updates
+ This value is the number of threads created for replaying every updates
received for all the replication domains.
</adm:description>
<adm:default-behavior>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
index b89d4cf..e72641c 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="root-dn" plural-name="root-dns"
package="org.opends.server.admin.std"
@@ -34,7 +34,7 @@
<adm:user-friendly-name />
configuration contains all the Root DN Users defined in the
Directory Server. In addition, it also defines the default set of
- privileges that Root DN Users will automatically inherit.
+ privileges that Root DN Users automatically inherit.
</adm:synopsis>
<adm:tag name="core" />
<adm:profile name="ldap">
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
index 487022d..2608ca4 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDNUserConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="root-dn-user" plural-name="root-dn-users"
package="org.opends.server.admin.std"
@@ -32,8 +32,8 @@
<adm:synopsis>
A
<adm:user-friendly-name />
- are administrative users who may be granted special privileges which
- are not available to non-root users (e.g., the ability to bind to
+ are administrative users who can granted special privileges that
+ are not available to non-root users (for example, the ability to bind to
the server in lockdown mode).
</adm:synopsis>
<adm:description>
@@ -51,13 +51,13 @@
</adm:profile>
<adm:property name="alternate-bind-dn" multi-valued="true">
<adm:synopsis>
- Specifies one or more alternate DNs that may be used to bind to
+ Specifies one or more alternate DNs that can be used to bind to
the server as this root user.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- This root user will only be allowed to bind using the DN of
+ This root user is allowed to bind only using the DN of
the associated configuration entry.
</adm:synopsis>
</adm:alias>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
index e6e9804..700fa65 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/RootDSEBackendConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="root-dse-backend"
plural-name="root-dse-backends" package="org.opends.server.admin.std"
@@ -35,8 +35,8 @@
contains the Directory Server root DSE.
</adm:synopsis>
<adm:description>
- This is a special meta-backend that will dynamically generate the
- root DSE entry for base-level searches, and will simply redirect to
+ This is a special meta-backend that dynamically generates the
+ root DSE entry for base-level searches and simply redirects to
other backends for operations in other scopes.
</adm:description>
<adm:tag name="core" />
@@ -49,14 +49,14 @@
</adm:profile>
<adm:property name="subordinate-base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the set of base DNs that will be used for singleLevel,
+ Specifies the set of base DNs used for singleLevel,
wholeSubtree, and subordinateSubtree searches based at the root
DSE.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The set of all user-defined suffixes will be used.
+ The set of all user-defined suffixes is used.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
@@ -71,7 +71,7 @@
</adm:property>
<adm:property name="show-all-attributes" mandatory="true">
<adm:synopsis>
- Indicates whether all attributes in the root DSE should be treated
+ Indicates whether all attributes in the root DSE are to be treated
like user attributes (and therefore returned to clients by
default) regardless of the Directory Server schema configuration.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
index 005f133..448f5c1 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SASLMechanismHandlerConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="sasl-mechanism-handler"
plural-name="sasl-mechanism-handlers"
@@ -32,10 +32,16 @@
xmlns:ldap="http://www.opends.org/admin-ldap"
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
- <adm:user-friendly-plural-name />
- are responsible for the processing associated with SASL bind
- operations.
+ The SASL mechanism handler configuration entry is the parent
+ for all SASL mechanism handlers defined in the OpenDS
+ Directory Server.
</adm:synopsis>
+ <adm:description>
+ SASL mechanism handlers are responsible for
+ authenticating users during the course of processing a SASL
+ (Simple Authentication and Security Layer, as defined in
+ RFC 4422) bind.
+ </adm:description>
<adm:tag name="security" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -48,9 +54,8 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
- <adm:user-friendly-name />
- is enabled for use.
+ Indicates whether the
+ SASL mechanism handler is enabled for use.
</adm:synopsis>
<adm:syntax>
<adm:boolean />
@@ -63,10 +68,12 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the Java class that provides the
+ SASL mechanism handler implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
index 262d12b..2ef7b42 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SevenBitCleanPluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="seven-bit-clean-plugin"
plural-name="seven-bit-clean-plugins"
@@ -31,18 +31,18 @@
xmlns:adm="http://www.opends.org/admin"
xmlns:ldap="http://www.opends.org/admin-ldap">
<adm:synopsis>
- The
+ The
<adm:user-friendly-name />
- may be used to ensure that values for a specified set of attributes
+ ensures that values for a specified set of attributes
are 7-bit clean.
</adm:synopsis>
<adm:description>
That is, for those attributes, the values are not allowed to contain
any bytes having the high-order bit set, which is used to indicate
- the presence of non-ASCII characters. Some applications may not
+ the presence of non-ASCII characters. Some applications do not
properly handle attribute values that contain non-ASCII characters,
- and this plugin may help ensure that attributes used by those
- applications do not contain characters which may cause problems in
+ and this plug-in can help ensure that attributes used by those
+ applications do not contain characters that can cause problems in
those applications.
</adm:description>
<adm:profile name="ldap">
@@ -94,7 +94,7 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies the base DN below which the checking will be performed.
+ Specifies the base DN below which the checking is performed.
</adm:synopsis>
<adm:description>
Any attempt to update a value for one of the configured attributes
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
index 75ce735..7853a5b 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SimilarityBasedPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="similarity-based-password-validator"
plural-name="similarity-based-password-validators"
@@ -33,10 +33,22 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
- on whether the number of characters it contains falls within an
- acceptable range of values.
+ determines whether a proposed password is acceptable by measuring
+ how similar it is to the user's current password.
</adm:synopsis>
+ <adm:description>
+ In particular,
+ it uses the Levenshtein Distance algorithm to determine the
+ minimum number of changes (where a change may be inserting,
+ deleting, or replacing a character) to transform one string into
+ the other. It can be used to prevent users from making only minor
+ changes to their current password when setting a new password.
+ Note that for this password validator to be effective, it is
+ necessary to have access to the user's current password.
+ Therefore, if this password validator is to be enabled, the
+ password-change-requires-current-password attribute in the
+ password policy configuration must also be set to true.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-similarity-based-password-validator</ldap:name>
@@ -57,11 +69,11 @@
Specifies the minimum difference of new and old password.
</adm:synopsis>
<adm:description>
- A value of zero indicates that there will be no difference is
+ A value of zero indicates that no difference between passwords is
acceptable.
</adm:description>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
index f3c4723..f3d2830 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SubschemaSubentryVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="subschema-subentry-virtual-attribute"
plural-name="subschema-subentry-virtual-attributes"
@@ -33,9 +33,9 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- may be used to generate a virtual attribute that specifies the
- location of the subschemaSubentry with the schema definitions in
- effect for the entry.
+ generates a virtual attribute that specifies the location of the
+ subschemaSubentry with the schema definitions in effect for the
+ entry. This attribute is defined in RFC 4512.
</adm:synopsis>
<adm:profile name="ldap">
<ldap:object-class>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
index c04b8a0..5589700 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/SynchronizationProviderConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="synchronization-provider"
plural-name="synchronization-providers"
@@ -33,9 +33,23 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for handling Synchronization of the Directory Server
+ are responsible for handling synchronization of the Directory Server
data with other OpenDS instances or other data repositories.
</adm:synopsis>
+ <adm:description>
+ The OpenDS Directory Server takes a centralized approach to
+ replication, rather than the point-to-point approach taken by Sun
+ Java System Directory Server. In OpenDS, one or more replication
+ servers are created in the environment. The replication servers
+ typically do not store user data but keep a log of all changes made
+ within the topology. Each Directory Server instance in the topology
+ is pointed at the replication servers. This plan simplifies the
+ deployment and management of the environment. Although you can run
+ the replication server on the same system (or even in the same
+ instance) as the Directory Server, the two servers can be separated
+ onto different systems. This approach can provide better performance
+ or functionality in large environments.
+ </adm:description>
<adm:tag name="replication" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -48,7 +62,7 @@
</adm:profile>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -63,7 +77,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
index b3d4e22..91b797f 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TraditionalWorkQueueConfiguration.xml
@@ -37,6 +37,24 @@
watch a queue and pick up an operation to process whenever one
becomes available.
</adm:synopsis>
+ <adm:description>
+ The traditional work queue is named that because its implementation
+ is similar to that used by the Sun Java System Directory Server.
+ The traditional work queue is a FIFO queue serviced by a fixed
+ number of worker threads. However, there are a couple of notable
+ differences in its design: 1) The number of worker threads is fixed,
+ but it can be changed on the fly and those changes take effect
+ immediately. In the Sun Java System Directory Server, changes to the
+ number of worker threads require a server restart to take effect.
+ 2) The work queue in the Sun Java System Directory Server is
+ unbounded. If all threads are busy processing existing operations
+ and new requests arrive, they continue to accumulate in the work
+ queue and the server appears to be frozen. In the OpenDS Directory
+ Server, it is possible to place a size limit on the work queue.
+ When this number of operations are in the queue, waiting to be
+ picked up by threads, any new requests received are rejected with
+ an error message.
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-traditional-work-queue</ldap:name>
@@ -54,11 +72,17 @@
</adm:property-override>
<adm:property name="num-worker-threads" mandatory="true">
<adm:synopsis>
- The number of worker threads that should be used to process
- operations placed into the queue.
- </adm:synopsis>
+ Specifies the number of worker threads to be used for processing
+ operations placed in the queue.
+ </adm:synopsis>
+ <adm:description>
+ If the value is increased,
+ the additional worker threads are created immediately. If the
+ value is reduced, the appropriate number of threads are destroyed
+ as operations complete processing.
+ </adm:description>
<adm:syntax>
- <adm:integer lower-limit="1" />
+ <adm:integer lower-limit="1" upper-limit="2147483647" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -68,23 +92,28 @@
</adm:property>
<adm:property name="max-work-queue-capacity">
<adm:synopsis>
- The maximum number of queued operations that can be in the work
+ Specifies the maximum number of queued operations that can be in the work
queue at any given time.
</adm:synopsis>
<adm:description>
If the work queue is already full and additional requests are
- received by the server, they will be rejected.
+ received by the server, the requests are rejected.
+ A value of zero indicates that there is no limit to the size
+ of the queue.
</adm:description>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The work queue will not impose any limit on the number of
+ The work queue does not impose any limit on the number of
operations that can be enqueued at any one time.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TrustManagerProviderConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TrustManagerProviderConfiguration.xml
index 95ae6ab..639c152 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TrustManagerProviderConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/TrustManagerProviderConfiguration.xml
@@ -33,7 +33,7 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for determining whether to trust presented
+ determine whether to trust presented
certificates.
</adm:synopsis>
<adm:tag name="security" />
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
index 70d8395..0cbf1d0 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueAttributePluginConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="unique-attribute-plugin"
plural-name="unique-attribute-plugins"
@@ -33,7 +33,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used enforce constraints on the value of an attribute within a
+ enforces constraints on the value of an attribute within a
portion of the directory.
</adm:synopsis>
<adm:description>
@@ -83,12 +83,12 @@
</adm:property>
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
- Specifies a base DN that the attribute must be unique within.
+ Specifies a base DN within which the attribute must be unique.
</adm:synopsis>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The plugin will use the server's public naming contexts in the
+ The plug-in uses the server's public naming contexts in the
searches.
</adm:synopsis>
</adm:alias>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
index 4c954a4..a433067 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UniqueCharactersPasswordValidatorConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="unique-characters-password-validator"
plural-name="unique-characters-password-validators"
@@ -33,9 +33,13 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to determine whether a proposed password is acceptable based
+ determines whether a proposed password is acceptable based
on the number of unique characters that it contains.
</adm:synopsis>
+ <adm:description>
+ This validator can be used to prevent simple passwords that contain only
+ a few characters like "aabbcc" or "abcabc".
+ </adm:description>
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-unique-characters-password-validator</ldap:name>
@@ -57,11 +61,16 @@
will be allowed to contain.
</adm:synopsis>
<adm:description>
- A value of zero indicates that there will be no minimum value
+ A value of zero indicates that no minimum value is
enforced.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>5</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
- <adm:integer lower-limit="0" />
+ <adm:integer lower-limit="0" upper-limit="2147483647"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -75,12 +84,17 @@
characters in a case-sensitive manner.
</adm:synopsis>
<adm:description>
- A value of true indicates that a capital letter should not be
- considered the same as its lower-case counterpart. A value of
- false indicates that differences in capitalization should be
- ignored when looking at the number of unique characters in the
- password.
+ If the value of this property is true, then the validator does
+ not consider a capital letter to be the same as its lower-case
+ counterpart. If the value is false, the validator ignores
+ differences in capitalization when counting the number of
+ unique characters in the password.
</adm:description>
+ <adm:default-behavior>
+ <adm:defined>
+ <adm:value>false</adm:value>
+ </adm:defined>
+ </adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
index 9908ace..7548ccf 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/UserDefinedVirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="user-defined-virtual-attribute"
plural-name="user-defined-virtual-attributes"
@@ -33,13 +33,13 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is used to create virtual attributes with user-defined values in
- entries that match the criteria defined in the plugin's
+ creates virtual attributes with user-defined values in
+ entries that match the criteria defined in the plug-in's
configuration.
</adm:synopsis>
<adm:description>
- This provides functionality that is similar to Class of Service
- (CoS) in the Sun Java System Directory Server.
+ The functionality of these attributes is similar to Class
+ of Service (CoS) in the Sun Java System Directory Server.
</adm:description>
<adm:profile name="ldap">
<ldap:object-class>
@@ -58,7 +58,7 @@
</adm:property-override>
<adm:property name="value" mandatory="true" multi-valued="true">
<adm:synopsis>
- Specifies the value(s) which should be included in virtual
+ Specifies the values to be included in the virtual
attribute.
</adm:synopsis>
<adm:syntax>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
index dfa217e..96956f1 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/VirtualAttributeConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="virtual-attribute"
plural-name="virtual-attributes" package="org.opends.server.admin.std"
@@ -32,9 +32,13 @@
xmlns:cli="http://www.opends.org/admin-cli">
<adm:synopsis>
<adm:user-friendly-plural-name />
- are responsible for dynamically generating attribute values which
+ are responsible for dynamically generating attribute values that
appear in entries but are not persistently stored in the backend.
</adm:synopsis>
+ <adm:description>
+ Virtual attributes are associated with a virtual attribute
+ provider, which contains the logic for generating the value.
+ </adm:description>
<adm:tag name="core" />
<adm:profile name="ldap">
<ldap:object-class>
@@ -47,10 +51,12 @@
</adm:profile>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
- <adm:user-friendly-name />
- implementation.
+ Specifies the fully-qualified name of the virtual attribute
+ provider class that generates the attribute values.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:component-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
@@ -66,7 +72,7 @@
</adm:property>
<adm:property name="enabled" mandatory="true">
<adm:synopsis>
- Indicate whether the
+ Indicates whether the
<adm:user-friendly-name />
is enabled for use.
</adm:synopsis>
@@ -81,7 +87,7 @@
</adm:property>
<adm:property name="attribute-type" mandatory="true">
<adm:synopsis>
- Specifies the attribute type for the attribute whose values should
+ Specifies the attribute type for the attribute whose values are to
be dynamically assigned by the virtual attribute.
</adm:synopsis>
<adm:syntax>
@@ -96,12 +102,16 @@
<adm:property name="base-dn" multi-valued="true">
<adm:synopsis>
Specifies the base DNs for the branches containing entries that
- may be eligible to use this virtual attribute.
+ are eligible to use this virtual attribute.
</adm:synopsis>
+ <adm:description>
+ If no values are given, then the server generates virtual attributes
+ anywhere in the server.
+ </adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- The location of the entry in the server will not be taken into
+ The location of the entry in the server is not taken into
account when determining whether an entry is eligible to use
this virtual attribute.
</adm:synopsis>
@@ -118,13 +128,19 @@
</adm:property>
<adm:property name="group-dn" multi-valued="true">
<adm:synopsis>
- Specifies the DNs of the groups whose members may be eligible to
+ Specifies the DNs of the groups whose members can be eligible to
use this virtual attribute.
</adm:synopsis>
+ <adm:description>
+ If no values are given, then group
+ membership is not taken into account when generating the virtual
+ attribute. If one or more group DNs are specified, then only
+ members of those groups are allowed to have the virtual attribute.
+ </adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
- Group membership will not be taken into account when
+ Group membership is not taken into account when
determining whether an entry is eligible to use this virtual
attribute.
</adm:synopsis>
@@ -141,16 +157,31 @@
</adm:property>
<adm:property name="filter" multi-valued="true">
<adm:synopsis>
- Specifies the search filters for entries that may be eligible to
- use this virtual attribute.
+ Specifies the search filters to be applied against entries to
+ determine if the virtual attribute is to be generated for those
+ entries.
</adm:synopsis>
+ <adm:description>
+ If no values are given, then any entry is eligible to
+ have the value generated. If one or more filters are specified,
+ then only entries that match at least one of those filters are
+ allowed to have the virtual attribute.
+ </adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>(objectClass=*)</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
- <adm:string />
+ <adm:string>
+ <adm:pattern>
+ <adm:regex>.*</adm:regex>
+ <adm:usage>STRING</adm:usage>
+ <adm:synopsis>
+ Any valid search filter string.
+ </adm:synopsis>
+ </adm:pattern>
+ </adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
@@ -160,8 +191,9 @@
</adm:property>
<adm:property name="conflict-behavior">
<adm:synopsis>
- Specifies the behavior that the server should exhibit for entries
- that contain one or more real values for the associated attribute.
+ Specifies the behavior that the server is to exhibit for entries
+ that already contain one or more real values for the associated
+ attribute.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
@@ -172,20 +204,23 @@
<adm:enumeration>
<adm:value name="real-overrides-virtual">
<adm:synopsis>
- Any real values contained in the entry should be preserved
- and virtual values should not be generated.
+ Indicates that any real values contained in the entry are
+ preserved and used, and virtual values are not generated.
</adm:synopsis>
</adm:value>
<adm:value name="virtual-overrides-real">
<adm:synopsis>
- Any real values contained in the entry should be suppressed
- and virtual values should be generated.
+ Indicates that the virtual attribute provider suppresses
+ any real values contained in the entry
+ and generates virtual values and uses them.
</adm:synopsis>
</adm:value>
<adm:value name="merge-real-and-virtual">
<adm:synopsis>
- Any real values contained in the entry should be preserved
- and merged with the set of generated virtual values.
+ Indicates that the virtual attribute provider
+ is to preserve any real values contained in the entry
+ and merge them with the set of generated virtual values
+ so that both the real and virtual values are used.
</adm:synopsis>
</adm:value>
</adm:enumeration>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
index 450e37c..a9d450d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkQueueConfiguration.xml
@@ -23,7 +23,7 @@
! CDDL HEADER END
!
!
- ! Portions Copyright 2007 Sun Microsystems, Inc.
+ ! Portions Copyright 2007-2008 Sun Microsystems, Inc.
! -->
<adm:managed-object name="work-queue" plural-name="work-queues"
package="org.opends.server.admin.std"
@@ -33,12 +33,14 @@
<adm:synopsis>
The
<adm:user-friendly-name />
+ provides the configuration for the server work queue and
is responsible for ensuring that requests received from clients are
processed in a timely manner.
</adm:synopsis>
<adm:description>
+ Only a single work queue can be defined in the server.
Whenever a connection handler receives a client request, it should
- be placed in the work queue so that it may be processed
+ place the request in the work queue to be processed
appropriately.
</adm:description>
<adm:tag name="core" />
@@ -53,10 +55,13 @@
</adm:profile>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
+ <adm:requires-admin-action>
+ <adm:server-restart />
+ </adm:requires-admin-action>
<adm:syntax>
<adm:java-class>
<adm:instance-of>
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowConfiguration.xml
index df99eb2..a266a8d 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowConfiguration.xml
@@ -32,7 +32,7 @@
<adm:synopsis>
The
<adm:user-friendly-name />
- is a list of processing steps (Work Flow Elements) which are applied
+ is a list of processing steps (Work Flow Elements) that are applied
to data as it is retrieved from the Directory Server.
</adm:synopsis>
<adm:tag name="core" />
@@ -51,7 +51,7 @@
<adm:description>
If a
<adm:user-friendly-name />
- is not enabled, then its contents will not be accessible when
+ is not enabled, then its contents are not accessible when
processing operations.
</adm:description>
<adm:syntax>
@@ -65,9 +65,8 @@
</adm:property>
<adm:property name="workflow-id" mandatory="true" read-only="true">
<adm:synopsis>
- Provides a name that will be used to identify the
- <adm:user-friendly-name />
- .
+ Provides a name that identifies the
+ <adm:user-friendly-name />.
</adm:synopsis>
<adm:description>
The name must be unique among all
diff --git a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
index b966845..f2c0177 100644
--- a/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
+++ b/opendj-sdk/opends/src/admin/defn/org/opends/server/admin/std/WorkflowElementConfiguration.xml
@@ -37,11 +37,11 @@
<adm:description>
A
<adm:user-friendly-name />
- may perform a task such as mapping DNs, renaming attributes,
+ can perform a task such as mapping DNs, renaming attributes,
filtering attributes, joining data sources, proxying, or
load-balancing. The simplest
<adm:user-friendly-name />
- is the Local Backend Work Flow Element which is used to route data
+ is the Local Backend Work Flow Element, which routes data
to a Backend.
</adm:description>
<adm:tag name="core" />
@@ -63,7 +63,7 @@
<adm:description>
If a
<adm:user-friendly-name />
- is not enabled, then its contents will not be accessible when
+ is not enabled, then its contents are not accessible when
processing operations.
</adm:description>
<adm:syntax>
@@ -78,7 +78,7 @@
<adm:property name="workflow-element-id" mandatory="true"
read-only="true">
<adm:synopsis>
- Provides a name that will be used to identify the associated
+ Provides a name that identifies the associated
<adm:user-friendly-name />
.
</adm:synopsis>
@@ -98,7 +98,7 @@
</adm:property>
<adm:property name="java-class" mandatory="true">
<adm:synopsis>
- The fully-qualified name of the Java class that provides the
+ Specifies the fully-qualified name of the Java class that provides the
<adm:user-friendly-name />
implementation.
</adm:synopsis>
--
Gitblit v1.10.0