GlobalConfiguration.xml revision d70586b00b9530ab99ab4b8f003e9a54793e419f
<?xml version="1.0" encoding="UTF-8"?>
<!--
! CDDL HEADER START
!
! The contents of this file are subject to the terms of the
! Common Development and Distribution License, Version 1.0 only
! (the "License"). You may not use this file except in compliance
! with the License.
!
! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
! See the License for the specific language governing permissions
! and limitations under the License.
!
! When distributing Covered Code, include this CDDL HEADER in each
! file and include the License file at legal-notices/CDDLv1_0.txt.
! If applicable, add the following below this CDDL HEADER, with the
! fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! CDDL HEADER END
!
!
! Copyright 2007-2010 Sun Microsystems, Inc.
! Portions Copyright 2011-2012 ForgeRock AS
! -->
<adm:managed-object name="global" plural-name="globals"
package="org.forgerock.opendj.server.config"
xmlns:adm="http://opendj.forgerock.org/admin"
xmlns:ldap="http://opendj.forgerock.org/admin-ldap">
<adm:user-friendly-name>Global Configuration</adm:user-friendly-name>
<adm:user-friendly-plural-name>
Global Configurations
</adm:user-friendly-plural-name>
<adm:synopsis>
The
<adm:user-friendly-name />
contains properties that affect the overall
operation of the <adm:product-name />.
</adm:synopsis>
<adm:tag name="core-server" />
<adm:profile name="ldap">
<ldap:object-class>
<ldap:name>ds-cfg-root-config</ldap:name>
<ldap:superior>top</ldap:superior>
</ldap:object-class>
</adm:profile>
<adm:property name="check-schema" advanced="true">
<adm:synopsis>
Indicates whether schema enforcement is active.
</adm:synopsis>
<adm:description>
When schema enforcement is activated, the directory server
ensures that all operations result in entries are valid
according to the defined server schema. It is strongly recommended
that this option be left enabled to prevent the inadvertent
addition of invalid data into the server.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>true</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-check-schema</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="default-password-policy" mandatory="true">
<adm:synopsis>
Specifies the name of the password policy that is in effect
for users whose entries do not specify an alternate password
policy (either via a real or virtual attribute).
</adm:synopsis>
<adm:description>
In addition, the default password policy will be used for providing
default parameters for sub-entry based password policies when not
provided or supported by the sub-entry itself.
This property must reference a password policy and no other type of
authentication policy.
</adm:description>
<adm:syntax>
<adm:aggregation relation-name="password-policy" parent-path="/" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-default-password-policy</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="add-missing-rdn-attributes" advanced="true">
<adm:synopsis>
Indicates whether the directory server should automatically add
any attribute values contained in the entry's RDN into that entry
when processing an add request.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>true</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-add-missing-rdn-attributes</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="allow-attribute-name-exceptions"
advanced="true">
<adm:synopsis>
Indicates whether the directory server should allow underscores
in attribute names and allow attribute names
to begin with numeric digits (both of which are violations of the
LDAP standards).
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>false</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-allow-attribute-name-exceptions</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="invalid-attribute-syntax-behavior"
advanced="true">
<adm:synopsis>
Specifies how the directory server should handle operations whenever
an attribute value violates the associated attribute syntax.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>reject</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="accept">
<adm:synopsis>
The directory server silently accepts attribute values
that are invalid according to their associated syntax.
Matching operations targeting those values may not behave as
expected.
</adm:synopsis>
</adm:value>
<adm:value name="reject">
<adm:synopsis>
The directory server rejects attribute values that are
invalid according to their associated syntax.
</adm:synopsis>
</adm:value>
<adm:value name="warn">
<adm:synopsis>
The directory server accepts attribute values that are
invalid according to their associated syntax, but also
logs a warning message to the error log. Matching operations
targeting those values may not behave as expected.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-invalid-attribute-syntax-behavior</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="server-error-result-code" advanced="true">
<adm:synopsis>
Specifies the numeric value of the result code when request
processing fails due to an internal server error.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>80</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:integer lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-server-error-result-code</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="single-structural-objectclass-behavior"
advanced="true">
<adm:synopsis>
Specifies how the directory server should handle operations an entry does
not contain a structural object class or contains multiple structural
classes.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>reject</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="accept">
<adm:synopsis>
The directory server silently accepts entries that do
not contain exactly one structural object class. Certain
schema features that depend on the entry's structural class
may not behave as expected.
</adm:synopsis>
</adm:value>
<adm:value name="reject">
<adm:synopsis>
The directory server rejects entries that do not contain
exactly one structural object class.
</adm:synopsis>
</adm:value>
<adm:value name="warn">
<adm:synopsis>
The directory server accepts entries that do not contain
exactly one structural object class, but also logs a
warning message to the error log. Certain schema features
that depend on the entry's structural class may not behave
as expected.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>
ds-cfg-single-structural-objectclass-behavior
</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="notify-abandoned-operations" advanced="true">
<adm:synopsis>
Indicates whether the directory server should send a response to
any operation that is interrupted via an abandon request.
</adm:synopsis>
<adm:description>
The LDAP specification states that abandoned operations should not
receive any response, but this may cause problems with client
applications that always expect to receive a response to each
request.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>false</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-notify-abandoned-operations</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="size-limit">
<adm:synopsis>
Specifies the maximum number of entries that can be returned
to the client during a single search operation.
</adm:synopsis>
<adm:description>
A value of 0 indicates that no size limit is enforced. Note
that this is the default server-wide limit, but it may be
overridden on a per-user basis using the ds-rlim-size-limit
operational attribute.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>1000</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:integer lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-size-limit</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="time-limit">
<adm:synopsis>
Specifies the maximum length of time that should be spent processing
a single search operation.
</adm:synopsis>
<adm:description>
A value of 0 seconds indicates that no time limit is
enforced. Note that this is the default server-wide time limit,
but it may be overridden on a per-user basis using the
ds-rlim-time-limit operational attribute.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>60 seconds</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:duration base-unit="s" lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-time-limit</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="proxied-authorization-identity-mapper"
mandatory="true">
<adm:synopsis>
Specifies the name of the identity mapper to map
authorization ID values (using the "u:" form) provided in the
proxied authorization control to the corresponding user entry.
</adm:synopsis>
<adm:syntax>
<adm:aggregation relation-name="identity-mapper"
parent-path="/">
<adm:constraint>
<adm:synopsis>
The referenced identity mapper must be enabled.
</adm:synopsis>
<adm:target-is-enabled-condition>
<adm:contains property="enabled" value="true" />
</adm:target-is-enabled-condition>
</adm:constraint>
</adm:aggregation>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>
ds-cfg-proxied-authorization-identity-mapper
</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="writability-mode">
<adm:synopsis>
Specifies the kinds of write operations the directory server
can process.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>enabled</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="enabled">
<adm:synopsis>
The directory server attempts to process all write
operations that are requested of it, regardless of their
origin.
</adm:synopsis>
</adm:value>
<adm:value name="disabled">
<adm:synopsis>
The directory server rejects all write operations that
are requested of it, regardless of their origin.
</adm:synopsis>
</adm:value>
<adm:value name="internal-only">
<adm:synopsis>
The directory server attempts to process write
operations requested as internal operations or through
synchronization, but rejects any such operations
requested from external clients.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-writability-mode</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="reject-unauthenticated-requests">
<adm:synopsis>
Indicates whether the directory server should reject any request
(other than bind or StartTLS requests) received from a client that
has not yet been authenticated, whose last authentication attempt was
unsuccessful, or whose last authentication attempt used anonymous
authentication.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>false</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-reject-unauthenticated-requests</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="bind-with-dn-requires-password">
<adm:synopsis>
Indicates whether the directory server should reject any simple
bind request that contains a DN but no password.
</adm:synopsis>
<adm:description>
Although such bind requests are technically allowed by the LDAPv3
specification (and should be treated as anonymous simple
authentication), they may introduce security problems in
applications that do not verify that the client actually provided
a password.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>true</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-bind-with-dn-requires-password</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="lookthrough-limit">
<adm:synopsis>
Specifies the maximum number of entries that the directory server
should "look through" in the course of processing a search
request.
</adm:synopsis>
<adm:description>
This includes any entry that the server must examine in the course
of processing the request, regardless of whether it actually
matches the search criteria. A value of 0 indicates that no
lookthrough limit is enforced. Note that this is the default
server-wide limit, but it may be overridden on a per-user basis
using the ds-rlim-lookthrough-limit operational attribute.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>5000</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:integer lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-lookthrough-limit</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="smtp-server" multi-valued="true">
<adm:synopsis>
Specifies the address (and optional port number) for a mail server
that can be used to send email messages via SMTP.
</adm:synopsis>
<adm:description>
It may be an IP address or resolvable hostname, optionally
followed by a colon and a port number.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If no values are defined, then the server cannot send email via SMTP.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
<adm:string>
<adm:pattern>
<adm:regex>^.+(:[0-9]+)?$</adm:regex>
<adm:usage>HOST[:PORT]</adm:usage>
<adm:synopsis>
A hostname, optionally followed by a ":" followed by a port
number.
</adm:synopsis>
</adm:pattern>
</adm:string>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-smtp-server</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="allowed-task" advanced="true"
multi-valued="true">
<adm:synopsis>
Specifies the fully-qualified name of a Java class that may be
invoked in the server.
</adm:synopsis>
<adm:description>
Any attempt to invoke a task not included in the list of allowed
tasks is rejected.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If no values are defined, then the server does not allow any
tasks to be invoked.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
<adm:string />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-allowed-task</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="disabled-privilege" multi-valued="true">
<adm:synopsis>
Specifies the name of a privilege that should not be evaluated by
the server.
</adm:synopsis>
<adm:description>
If a privilege is disabled, then it is assumed that all
clients (including unauthenticated clients) have that
privilege.
</adm:description>
<adm:default-behavior>
<adm:alias>
<adm:synopsis>
If no values are defined, then the server enforces all
privileges.
</adm:synopsis>
</adm:alias>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="bypass-lockdown">
<adm:synopsis>
Allows the associated user to bypass server lockdown mode.
</adm:synopsis>
</adm:value>
<adm:value name="bypass-acl">
<adm:synopsis>
Allows the associated user to bypass access control checks
performed by the server.
</adm:synopsis>
</adm:value>
<adm:value name="modify-acl">
<adm:synopsis>
Allows the associated user to modify the server's access
control configuration.
</adm:synopsis>
</adm:value>
<adm:value name="config-read">
<adm:synopsis>
Allows the associated user to read the server configuration.
</adm:synopsis>
</adm:value>
<adm:value name="config-write">
<adm:synopsis>
Allows the associated user to update the server
configuration. The config-read privilege is also required.
</adm:synopsis>
</adm:value>
<adm:value name="jmx-read">
<adm:synopsis>
Allows the associated user to perform JMX read operations.
</adm:synopsis>
</adm:value>
<adm:value name="jmx-write">
<adm:synopsis>
Allows the associated user to perform JMX write operations.
</adm:synopsis>
</adm:value>
<adm:value name="jmx-notify">
<adm:synopsis>
Allows the associated user to subscribe to receive JMX
notifications.
</adm:synopsis>
</adm:value>
<adm:value name="ldif-import">
<adm:synopsis>
Allows the user to request that the server process LDIF
import tasks.
</adm:synopsis>
</adm:value>
<adm:value name="ldif-export">
<adm:synopsis>
Allows the user to request that the server process LDIF
export tasks.
</adm:synopsis>
</adm:value>
<adm:value name="backend-backup">
<adm:synopsis>
Allows the user to request that the server process backup
tasks.
</adm:synopsis>
</adm:value>
<adm:value name="backend-restore">
<adm:synopsis>
Allows the user to request that the server process restore
tasks.
</adm:synopsis>
</adm:value>
<adm:value name="server-lockdown">
<adm:synopsis>
Allows the user to place and bring the server of lockdown mode.
</adm:synopsis>
</adm:value>
<adm:value name="server-shutdown">
<adm:synopsis>
Allows the user to request that the server shut down.
</adm:synopsis>
</adm:value>
<adm:value name="server-restart">
<adm:synopsis>
Allows the user to request that the server perform an
in-core restart.
</adm:synopsis>
</adm:value>
<adm:value name="proxied-auth">
<adm:synopsis>
Allows the user to use the proxied authorization control, or
to perform a bind that specifies an alternate authorization
identity.
</adm:synopsis>
</adm:value>
<adm:value name="disconnect-client">
<adm:synopsis>
Allows the user to terminate other client connections.
</adm:synopsis>
</adm:value>
<adm:value name="cancel-request">
<adm:synopsis>
Allows the user to cancel operations in progress on other
client connections.
</adm:synopsis>
</adm:value>
<adm:value name="password-reset">
<adm:synopsis>
Allows the user to reset user passwords.
</adm:synopsis>
</adm:value>
<adm:value name="data-sync">
<adm:synopsis>
Allows the user to participate in data synchronization.
</adm:synopsis>
</adm:value>
<adm:value name="update-schema">
<adm:synopsis>
Allows the user to make changes to the server schema.
</adm:synopsis>
</adm:value>
<adm:value name="privilege-change">
<adm:synopsis>
Allows the user to make changes to the set of defined root
privileges, as well as to grant and revoke privileges for
users.
</adm:synopsis>
</adm:value>
<adm:value name="unindexed-search">
<adm:synopsis>
Allows the user to request that the server process a search
that cannot be optimized using server indexes.
</adm:synopsis>
</adm:value>
<adm:value name="subentry-write">
<adm:synopsis>
Allows the associated user to perform LDAP subentry write
operations.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-disabled-privilege</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="return-bind-error-messages">
<adm:synopsis>
Indicates whether responses for failed bind operations should
include a message string providing the reason for the
authentication failure.
</adm:synopsis>
<adm:description>
Note that these messages may include information that could
potentially be used by an attacker. If this option is disabled,
then these messages appears only in the server's access log.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>false</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-return-bind-error-messages</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="idle-time-limit">
<adm:synopsis>
Specifies the maximum length of time that a client connection may
remain established since its last completed operation.
</adm:synopsis>
<adm:description>
A value of "0 seconds" indicates that no idle time limit is enforced.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>0 seconds</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:duration base-unit="ms" lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-idle-time-limit</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="save-config-on-successful-startup">
<adm:synopsis>
Indicates whether the directory server should save a copy of its
configuration whenever the startup process completes successfully.
</adm:synopsis>
<adm:description>
This ensures that the server provides a "last known good"
configuration, which can be used as a reference (or copied into
the active config) if the server fails to start with the current
"active" configuration.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>true</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-save-config-on-successful-startup</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="workflow-configuration-mode" hidden="true">
<adm:synopsis>
Specifies the workflow configuration mode (auto vs. manual).
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>auto</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="auto">
<adm:synopsis>
In the "auto" configuration mode, there is no workflow
configuration. The workflows are created automatically based
on the backend configuration. There is one workflow per
backend base DN.
</adm:synopsis>
</adm:value>
<adm:value name="manual">
<adm:synopsis>
In the "manual" configuration mode, each workflow is created
according to its description in the configuration.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-workflow-configuration-mode</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="etime-resolution" mandatory="false">
<adm:synopsis>
Specifies the resolution to use for operation elapsed processing time (etime)
measurements.
</adm:synopsis>
<adm:default-behavior>
<adm:defined>
<adm:value>
milliseconds
</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:enumeration>
<adm:value name="milliseconds">
<adm:synopsis>
Use millisecond resolution.
</adm:synopsis>
</adm:value>
<adm:value name="nanoseconds">
<adm:synopsis>
Use nanosecond resolution.
</adm:synopsis>
</adm:value>
</adm:enumeration>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-etime-resolution</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="entry-cache-preload" mandatory="false">
<adm:synopsis>
Indicates whether or not to preload the entry cache on startup.
</adm:synopsis>
<adm:requires-admin-action>
<adm:server-restart />
</adm:requires-admin-action>
<adm:default-behavior>
<adm:defined>
<adm:value>false</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:boolean />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-entry-cache-preload</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="max-allowed-client-connections">
<adm:synopsis>
Specifies the maximum number of client connections that may be
established at any given time
</adm:synopsis>
<adm:description>
A value of 0 indicates that unlimited client connection is allowed.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>0</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:integer lower-limit="0" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-max-allowed-client-connections</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="max-psearches">
<adm:synopsis>
Defines the maximum number of concurrent persistent searches that
can be performed on directory server
</adm:synopsis>
<adm:description>
The persistent search mechanism provides an active channel through which entries that change,
and information about the changes that occur, can be communicated. Because each persistent search
operation consumes resources, limiting the number of simultaneous persistent searches keeps the
performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>-1</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<adm:integer lower-limit="0" allow-unlimited="true" />
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-max-psearches</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
<adm:property name="max-internal-buffer-size" advanced="true">
<adm:synopsis>
The threshold capacity beyond which internal cached buffers used for
encoding and decoding entries and protocol messages will be trimmed
after use.
</adm:synopsis>
<adm:description>
Individual buffers may grow very large when encoding and decoding
large entries and protocol messages and should be reduced in size when
they are no longer needed. This setting specifies the threshold at which
a buffer is determined to have grown too big and should be trimmed down
after use.
</adm:description>
<adm:default-behavior>
<adm:defined>
<adm:value>32 KB</adm:value>
</adm:defined>
</adm:default-behavior>
<adm:syntax>
<!-- Upper limit to force 32-bit value -->
<adm:size lower-limit="512 B" upper-limit="1 GB"/>
</adm:syntax>
<adm:profile name="ldap">
<ldap:attribute>
<ldap:name>ds-cfg-max-internal-buffer-size</ldap:name>
</ldap:attribute>
</adm:profile>
</adm:property>
</adm:managed-object>