<?xml version="1.0" encoding="UTF-8"?>
<!--
  ! CDDL HEADER START
  !
  ! The contents of this file are subject to the terms of the
  ! Common Development and Distribution License, Version 1.0 only
  ! (the "License").  You may not use this file except in compliance
  ! with the License.
  !
  ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
  ! or http://forgerock.org/license/CDDLv1.0.html.
  ! See the License for the specific language governing permissions
  ! and limitations under the License.
  !
  ! When distributing Covered Code, include this CDDL HEADER in each
  ! file and include the License file at legal-notices/CDDLv1_0.txt.
  ! If applicable, add the following below this CDDL HEADER, with the
  ! fields enclosed by brackets "[]" replaced with your own identifying
  ! information:
  !      Portions Copyright [yyyy] [name of copyright owner]
  !
  ! CDDL HEADER END
  !
  !
  !      Copyright 2007-2009 Sun Microsystems, Inc.
  !      Portions Copyright 2011 ForgeRock AS
  ! -->
<adm:managed-object name="dsee-compat-access-control-handler"
  plural-name="dseecompat-access-control-handlers"
  package="org.forgerock.opendj.admin" extends="access-control-handler"
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    provides an implementation that uses syntax compatible with the 
    Sun Java System Directory Server Enterprise Edition
    access control handlers.
  </adm:synopsis>
  <adm:profile name="ldap">
    <ldap:object-class>
      <ldap:name>ds-cfg-dsee-compat-access-control-handler</ldap:name>
      <ldap:superior>ds-cfg-access-control-handler</ldap:superior>
    </ldap:object-class>
  </adm:profile>
  <adm:property-override name="java-class" advanced="true">
    <adm:default-behavior>
      <adm:defined>
        <adm:value>
          org.opends.server.authorization.dseecompat.AciHandler
        </adm:value>
      </adm:defined>
    </adm:default-behavior>
  </adm:property-override>
  <adm:property name="global-aci" multi-valued="true">
    <adm:synopsis>Defines global access control rules.</adm:synopsis>
    <adm:description>
      Global access control rules apply to all entries anywhere in the
      data managed by the <adm:product-name /> directory server. The global access control
      rules may be overridden by more specific access control rules
      placed in the data.
    </adm:description>
    <adm:default-behavior>
      <adm:alias>
        <adm:synopsis>
          No global access control rules are defined, which means
          that no access is allowed for any data in the server
          unless specifically granted by access control rules in the
          data.
        </adm:synopsis>
      </adm:alias>
    </adm:default-behavior>
    <adm:syntax>
      <adm:aci />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
        <ldap:name>ds-cfg-global-aci</ldap:name>
      </ldap:attribute>
    </adm:profile>
  </adm:property>
</adm:managed-object>