<?xml version="1.0" encoding="UTF-8"?>
<!--
  ! CDDL HEADER START
  !
  ! The contents of this file are subject to the terms of the
  ! Common Development and Distribution License, Version 1.0 only
  ! (the "License").  You may not use this file except in compliance
  ! with the License.
  !
  ! You can obtain a copy of the license at
  ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
  ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
  ! See the License for the specific language governing permissions
  ! and limitations under the License.
  !
  ! When distributing Covered Code, include this CDDL HEADER in each
  ! file and include the License file at
  ! trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
  ! add the following below this CDDL HEADER, with the fields enclosed
  ! by brackets "[]" replaced with your own identifying information:
  !      Portions Copyright [yyyy] [name of copyright owner]
  !
  ! CDDL HEADER END
  !
  !
  !      Copyright 2007-2008 Sun Microsystems, Inc.
  ! -->
<adm:managed-object name="character-set-password-validator"
  plural-name="character-set-password-validators"
  package="org.opends.server.admin.std" extends="password-validator"
  xmlns:adm="http://www.opends.org/admin"
  xmlns:ldap="http://www.opends.org/admin-ldap">
  <adm:synopsis>
    The
    <adm:user-friendly-name />
    determines whether a proposed password is acceptable by
    checking whether it contains a sufficient number of characters
    from one or more user-defined character sets. 
  </adm:synopsis>
  <adm:description>
    For example, 
    the validator can ensure that passwords must
    have at least one lowercase letter, one uppercase letter, one digit,
    and one symbol.
  </adm:description>
  <adm:profile name="ldap">
    <ldap:object-class>
      <ldap:name>ds-cfg-character-set-password-validator</ldap:name>
      <ldap:superior>ds-cfg-password-validator</ldap:superior>
    </ldap:object-class>
  </adm:profile>
  <adm:property-override name="java-class" advanced="true">
    <adm:default-behavior>
      <adm:defined>
        <adm:value>
          org.opends.server.extensions.CharacterSetPasswordValidator
        </adm:value>
      </adm:defined>
    </adm:default-behavior>
  </adm:property-override>
  <adm:property name="character-set" mandatory="true"
    multi-valued="true">
    <adm:synopsis>
      Specifies a character set containing characters that a password
      may contain and a value indicating the minimum number of
      characters required from that set.
    </adm:synopsis>
    <adm:description>
      Each value must be an integer (indicating the minimum required
      characters from the set) followed by a colon and the characters to
      include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz"
      indicates that a user password must contain at least three
      characters from the set of lowercase ASCII letters). Multiple
      character sets can be defined in separate values, although no
      character can appear in more than one character set.
    </adm:description>
    <adm:syntax>
      <adm:string case-insensitive="false" />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
        <ldap:name>ds-cfg-character-set</ldap:name>
      </ldap:attribute>
    </adm:profile>
  </adm:property>
  <adm:property name="allow-unclassified-characters" mandatory="true">
    <adm:synopsis>
      Indicates whether this password validator allows passwords to
      contain characters outside of any of the user-defined character
      sets.
    </adm:synopsis>
    <adm:description>
      If this is "false", then only those characters in the user-defined
      character sets may be used in passwords. Any password containing a 
      character not included in any character set will be rejected.
    </adm:description>
    <adm:syntax>
      <adm:boolean />
    </adm:syntax>
    <adm:profile name="ldap">
      <ldap:attribute>
        <ldap:name>ds-cfg-allow-unclassified-characters</ldap:name>
      </ldap:attribute>
    </adm:profile>
  </adm:property>
</adm:managed-object>