directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anto...@apache.org
Subject svn commit: r1422759 [1/3] - in /directory/site/trunk: content/apacheds/configuration/ content/images/ templates/apacheds/
Date Mon, 17 Dec 2012 06:21:24 GMT
Author: antoine
Date: Mon Dec 17 06:21:20 2012
New Revision: 1422759

URL: http://svn.apache.org/viewvc?rev=1422759&view=rev
Log:
adding a configuration folder from confluence

Added:
    directory/site/trunk/content/apacheds/configuration/
    directory/site/trunk/content/apacheds/configuration/ads-2.0-configuration.mdtext
    directory/site/trunk/content/apacheds/configuration/adsconfig.mdtext
    directory/site/trunk/content/apacheds/configuration/adsconfig.xml   (with props)
    directory/site/trunk/content/apacheds/configuration/adsconfig.xsl   (with props)
    directory/site/trunk/content/images/Kerberos.png   (with props)
    directory/site/trunk/content/images/LdapLdaps.png   (with props)
    directory/site/trunk/content/images/NewServer.png   (with props)
    directory/site/trunk/content/images/NewServerCreation.png   (with props)
    directory/site/trunk/content/images/Overview.png   (with props)
    directory/site/trunk/content/images/Partition.png   (with props)
    directory/site/trunk/content/images/configuration-dit.png   (with props)
Modified:
    directory/site/trunk/templates/apacheds/page.html

Added: directory/site/trunk/content/apacheds/configuration/ads-2.0-configuration.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/configuration/ads-2.0-configuration.mdtext?rev=1422759&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/configuration/ads-2.0-configuration.mdtext (added)
+++ directory/site/trunk/content/apacheds/configuration/ads-2.0-configuration.mdtext Mon Dec 17 06:21:20 2012
@@ -0,0 +1,957 @@
+Title: ADS 2.0 configuration
+<a name="ADS2.0configuration-Introduction"></a>
+# Introduction
+
+ADS 2.0 configuration has been completely reworked since 1.0 and 1.5
+versions. While those two versions were XML based, we decided to store the
+new configuration in the DiT (Directory Information Tree).
+
+It's now available either through an LDAP browser, programatically using an
+LDAP API or simply by editing the LDIF files stored on the disk.
+
+<a name="ADS2.0configuration-Configurationstructure"></a>
+# Configuration structure
+
+ADS is more than a *LDAP* server. It's also a *Kerberos* server, a *DNS*
+Server and a *DHCP* server. In other words, we have to define a
+configuration for many servers, some of them being backed by a *Directory
+Service*.
+
+We can consider that the main service is the *Directory Service*, on top of
+which we have servers. Each server has a specific network configuration. We
+will expose the associated configuration.
+
+<a name="ADS2.0configuration-UsingApacheDirectoryStudiotomanagetheconfiguration"></a>
+## Using Apache DirectoryStudio to manage the configuration
+
+The easiest way to manage a server configuration is to use Studio for that.
+Defining a new server will allow you to configure it, but you can also
+modify an existing server's configuration, as soon as you can connect on to
+this server. Let's see how we process in both cases.
+
+<a name="ADS2.0configuration-Newserverconfiguration"></a>
+### New server configuration
+
+You can define a brand new server configuration using Studio. All you have
+to do is :
+- to create a new Server instance
+- modify it's configuration
+- save the configuration as a file (ldif)
+- move this ldif file in the installed server workspace at the right place
+(under the configuration partition)
+
+<a name="ADS2.0configuration-Creationofanewserver"></a>
+#### Creation of a new server
+
+Click on the 'New Server' icon :
+
+
+![New server icon](../../images/NewServer.png)
+
+This will popup this window : 
+
+![New server creation](../../images/NewServerCreation.png) 
+
+Select the type of server you want to configure (here, 2.0) and name your
+server.
+
+<a name="ADS2.0configuration-Configurationoverview"></a>
+#### Configuration overview
+
+By double-clicking on the created server, you will see an overview of the
+current configuration (all the value are default values at this point) :
+
+![Overview](../../images/Overview.png)
+
+You can modify the server port here, and access to the advanced
+configurations from this screen.
+
+<a name="ADS2.0configuration-LDAP/LDAPSconfiguration"></a>
+#### LDAP/LDAPS configuration
+
+The LDAP/LDAPS tab let you configure all the SASL and TLS configuration,
+plus the server limits :
+
+![Ldap Ldaps](../../images/LdapLdaps.png)
+
+We manage two kind of limits :
+- The maximum time the server will take to process a request (when this
+time has been expired, the request will be stopped)
+- The maximum number of entries we will return
+
+<a name="ADS2.0configuration-Kerberosconfiguration"></a>
+#### Kerberos configuration
+In this tab, you can setup all the parameters needed to configure your
+Kerberos server :
+
+![Kerberos](../../images/Kerberos.png)
+
+<a name="ADS2.0configuration-Partitionconfiguration"></a>
+#### Partition configuration
+
+This is where you add new partitions and modify them.
+
+There are a few importants elements to configure for a partition :
+- its ID, which is an external name
+- its Suffix, which must be a valid DN
+- the cache size used for this partition (it's the number of page that will
+be kept in memory, considering that a page may contain more than one entry)
+
+Then you also have to configure the index used by this partition. Some of
+them are mandatory (*apacheRdn*, *apacheSubLevel*, *apachePresence*,
+*apacheOneLevel*, *apacheOneAlias*, *apacheSubAlias*, *apacheAlias*,
+*objectClass*, *entryUuid*, *entryCsn*), you can just modify their cache,
+all the others are user index, you have to create them. Each index is
+associated with an existing AttributeType.
+
+![Partition](../../images/Partition.png)
+
+<a name="ADS2.0configuration-Replication"></a>
+#### Replication
+Not yet available
+
+<a name="ADS2.0configuration-Modifyinganexistingserverconfiguration"></a>
+### Modifying an existing server configuration
+
+The server should accept live modification. If this is the case, you just
+have to connect on the server and to modify it.
+
+<a name="ADS2.0configuration-DiTconfigurationstructure"></a>
+## DiT configuration structure
+
+We need to define a directory tree to store the configuration.
+
+Here is the existing structure, where we have defined one *LDAP* server
+(_ldapServer1_), backed by one *Directory Service* (_DS1_), and two
+associated transports (*ldapSrv1* and *ldapsSrv1*) :
+
+
+    ou=config
+     |
+     +--ads-directoryServiceId=default
+          |
+          +--ads-changeLogId=defaultChangeLog
+          |
+          +--ads-journalId=defaultJournal
+          |
+          +--ou=interceptors
+          |    |
+          |    +--ads-interceptorId=aciAuthorizationInterceptor
+          |    |
+          |    +--ads-interceptorId=authenticationInterceptor
+          |    |	|
+          |    |	+--ou=authenticators
+          |    |	|    |
+          |    |	|    +--ads-authenticatorid=anonymousauthenticator
+          |    |	|    |
+          |    |	|    +--ads-authenticatorid=simpleauthenticator
+          |    |	|    |
+          |    |	|    +--ads-authenticatorid=strongauthenticator
+          |    |	|
+          |    |	+--ou=passwordPolicies
+          |    |	     |
+          |    |	     +--ads-pwdId=default
+          |    |
+          |    +--ads-interceptorId=collectiveAttributeInterceptor
+          |    |
+          |    +--ads-interceptorId=defaultAuthorizationInterceptor
+          |    |
+          |    +--ads-interceptorId=eventInterceptor
+          |    |
+          |    +--ads-interceptorId=exceptionInterceptor
+          |    |
+          |    +--ads-interceptorId=keyDerivationInterceptor
+          |    |
+          |    +--ads-interceptorId=normalizationInterceptor
+          |    |
+          |    +--ads-interceptorId=operationalAttributeInterceptor
+          |    |
+          |    +--ads-interceptorId=passwordHashingInterceptor
+          |    |
+          |    +--ads-interceptorId=referralInterceptor
+          |    |
+          |    +--ads-interceptorId=schemaInterceptor
+          |    |
+          |    +--ads-interceptorId=subentryInterceptor
+          |    |
+          |    +--ads-interceptorId=triggerInterceptor
+          |
+          +--ou=partitions
+          |    |
+          |    +--ads-partitionId=system
+          |    |	|
+          |    |	+--ou=indexes
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheRdn
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheSubLevel
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apachePresence
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheOneLevel
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheOneAlias
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheSubAlias
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=apacheAlias
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=objectClass
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=entryUUID
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=entryCSN
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=ou
+          |    |	     |
+          |    |	     +--ads-indexAttributeId=uid
+          |    |
+          |    +--ads-partitionId=example
+          | 	|
+          | 	+--ou=indexes
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheRdn
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheSubLevel
+          | 	     |
+          | 	     +--ads-indexAttributeId=apachePresence
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheOneLevel
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheOneAlias
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheSubAlias
+          | 	     |
+          | 	     +--ads-indexAttributeId=apacheAlias
+          | 	     |
+          | 	     +--ads-indexAttributeId=objectClass
+          | 	     |
+          | 	     +--ads-indexAttributeId=entryUUID
+          | 	     |
+          | 	     +--ads-indexAttributeId=entryCSN
+          | 	     |
+          | 	     +--ads-indexAttributeId=ou
+          | 	     |
+          | 	     +--ads-indexAttributeId=uid
+          | 	     |
+          | 	     +--ads-indexAttributeId=dc
+          | 	     |
+          | 	     +--ads-indexAttributeId=krb5PrincipalName
+          |
+          +--ou=servers
+    	   |
+    	   +--ads-serverId=changePasswordServer
+    	   |	|
+    	   |	+--ou=transports
+    	   |	     |
+    	   |	     +--ads-transportId=tcp
+    	   |	     |
+    	   |	     +--ads-transportId=udp
+    	   |
+    	   +--ads-serverId=dnsServer
+    	   |	|
+    	   |	+--ou=transports
+    	   |	     |
+    	   |	     +--ads-transportId=tcp
+    	   |	     |
+    	   |	     +--ads-transportId=udp
+    	   |
+    	   +--ads-serverId=httpServer
+    	   |	|
+    	   |	+--ou=transports
+    	   |	|    |
+    	   |	|    +--ads-transportid=http
+    	   |	|    |
+    	   |	|    +--ads-transportid=https
+    	   |	|
+    	   |	+--ou=httpWebApps
+    	   |	     |
+    	   |	     +--ads-id=testapp
+    	   |
+    	   +--ads-serverId=kerberosServer
+    	   |	|
+    	   |	+--ou=transports
+    	   |	     |
+    	   |	     +--ads-transportid=tcp
+    	   |	     |
+    	   |	     +--ads-transportid=udp
+    	   |
+    	   +--ads-serverId=ldapServer
+    	   |	|
+    	   |	+--ou=replConsumers
+    	   |	|
+    	   |	+--ou=transports
+    	   |	|    |
+    	   |	|    +--ads-transportid=ldap
+    	   |	|    |
+    	   |	|    +--ads-transportid=ldaps
+    	   |	|
+    	   |	+--ou=extendedOpHandlers
+    	   |	|    |
+    	   |	|    +--ads-extendedOpId=gracefulShutdownHandler
+    	   |	|    |
+    	   |	|    +--ads-extendedOpId=starttlshandler
+    	   |	|    |
+    	   |	|    +--ads-extendedOpId=storedprochandler
+    	   |	|
+    	   |	+--ou=saslMechHandlers
+    	   |	     |
+    	   |	     +--ads-saslMechName=CRAM-MD5
+    	   |	     |
+    	   |	     +--ads-saslMechName=DIGEST-MD5
+    	   |	     |
+    	   |	     +--ads-saslMechName=GSS-SPNEGO
+    	   |	     |
+    	   |	     +--ads-saslMechName=GSSAPI
+    	   |	     |
+    	   |	     +--ads-saslMechName=NTLM
+    	   |	     |
+    	   |	     +--ads-saslMechName=SIMPLE
+    	   |
+    	   +--ads-serverId=ntpServer
+    		|
+    		+--ou=transports
+    		     |
+    		     +--ads-transportId=tcp
+    		     |
+    		     +--ads-transportId=udp
+    
+
+![configuration-schema-dit](../../images/configuration-dit.png)
+
+<a name="ADS2.0configuration-DirectoryService"></a>
+### Directory Service
+
+For every server backed by a directory, this is the place we define this
+service's configuration.
+
+The Directory Service configuration itself depends on some sub-elements,
+which needs their own configuration :
+* changeLog
+* interceptors
+* journal
+* partitions
+* replication
+
+see [configuration schema description](adsconfig.html)
+
+Otherwise, we also have a set of simple paramaters, listed in the following
+table :
+
+<a name="ADS2.0configuration-ads-directoryServiceObjectClass"></a>
+#### ads-directoryService ObjectClass
+
+We have many parameters we can configure in order to get the
+DirectoryService functioning. Some parameters are mandatory, other aren't.
+Some may have one single value, others may not.
+
+Here is the list of mandatory and optional parameters
+
+<a name="ADS2.0configuration-Mandatoryparameters"></a>
+##### Mandatory parameters
+
+<table>
+<tr><th> Name </th><th> OID </th><th> Mandatory </th><th> type </th><th> SV/MV </th><th> Composite </th><th> Description </th></tr>
+<tr><td> ads-directoryServiceId </td><td> 1.3.6.1.4.1.18060.0.4.1.2.100 </td><td>
+Yes </td><td> PrintableString </td><td> SV </td><td>
+No </td><td> The unique identifier for this DirectoryService </td></tr>
+<tr><td> ads-dsReplicaId </td><td> 1.3.6.1.4.1.18060.0.4.1.2.112 </td><td> Yes </td><td>
+PrintableString </td><td> SV </td><td> No </td><td> The numeric ID
+(between 000 and 999) for this instance </td></tr>
+<tr><td> ads-interceptors </td><td> 1.3.6.1.4.1.18060.0.4.1.2.116 </td><td> Yes </td><td>
+PrintableString </td><td> MV </td><td> Yes </td><td> The list of
+interceptors </td></tr>
+<tr><td> ads-partitions </td><td> 1.3.6.1.4.1.18060.0.4.1.2.108 </td><td> Yes </td><td>
+PrintableString </td><td> MV </td><td> Yes </td><td> The list of
+partitions </td></tr>
+</table>
+
+<a name="ADS2.0configuration-Optionalparameters"></a>
+##### Optional parameters
+
+<table>
+<tr><th> Name </th><th> OID </th><th> Mandatory </th><th> type </th><th> SV/MV </th><th> Composite </th><th> Description </th></tr>
+<tr><td> ads-servers </td><td> 1.3.6.1.4.1.18060.0.4.1.2.115 </td><td> No </td><td>
+PrintableString </td><td> SV </td><td> Yes </td><td> The servers we
+have to start </td></tr>
+<tr><td> ads-dsAccessControlEnabled </td><td> 1.3.6.1.4.1.18060.0.4.1.2.101 </td><td>
+No </td><td> Boolean </td><td> SV </td><td> No </td><td> Is
+the access control enabled or not (default to no) </td></tr>
+<tr><td> ads-dsAllowAnonymousAccess </td><td> 1.3.6.1.4.1.18060.0.4.1.2.102 </td><td>
+No </td><td> Boolean </td><td> SV </td><td> No </td><td> If
+one can connect with the anonymous account (default to no) </td></tr>
+<tr><td> ads-changeLog </td><td> 1.3.6.1.4.1.18060.0.4.1.2.105 </td><td> No </td><td>
+PrintableString </td><td> SV </td><td> Yes </td><td> The ChangeLog
+configuration </td></tr>
+<tr><td> ads-dsDenormalizeOpAttrsEnabled </td><td> 1.3.6.1.4.1.18060.0.4.1.2.103 </td><td>
+No </td><td> Boolean </td><td> SV </td><td> No </td><td> A
+flag telling the server to return a denormalized version of operational
+attributes </td></tr>
+<tr><td> ads-journal </td><td> 1.3.6.1.4.1.18060.0.4.1.2.117 </td><td> No </td><td>
+PrintableString </td><td> SV </td><td> Yes </td><td> The Journal
+configuration </td></tr>
+<tr><td> ads-dsMaxPDUSize </td><td> 1.3.6.1.4.1.18060.0.4.1.2.110 </td><td> No </td><td>
+Integer </td><td> SV </td><td> No </td><td> The max size for an
+incoming PDU </td></tr>
+<tr><td> ads-dsPasswordHidden </td><td> 1.3.6.1.4.1.18060.0.4.1.2.104 </td><td> No
+</td><td> Boolean </td><td> SV </td><td> No </td><td> Tells if the password
+is hidden </td></tr>
+<tr><td> ads-dsSyncPeriodMillis </td><td> 1.3.6.1.4.1.18060.0.4.1.2.111 </td><td>
+No </td><td> Integer </td><td> SV </td><td> No </td><td>
+Duration between two flush on disk </td></tr>
+<tr><td> ads-dsTestEntries </td><td> 1.3.6.1.4.1.18060.0.4.1.2.113 </td><td> No </td><td>
+PrintableString </td><td> MV </td><td> No </td><td> The set of
+entries to inject at startup (may be obsolete) </td></tr>
+</table>
+
+
+<a name="ADS2.0configuration-Interceptors"></a>
+## Interceptors
+
+Some interceptors can be configured (Authentication and PassowordPolicy).
+They will be described with a specific ObjectClass.
+
+Otherwise, they only have an identifier, and an order number, as the
+interceptors are used in an ordered chain. (we may want later to allow an
+administrator to inject a new interceptor)
+
+This ObjectClass contains the informations relative to a base interceptor.
+It will be extended by each interceptor specific interceptor.
+
+<a name="ADS2.0configuration-Mandatoryparameters"></a>
+#### Mandatory parameters
+
+<table>
+<tr><th> Name </th><th> OID </th><th> Mandatory </th><th> type </th><th> SV/MV </th><th> Composite </th><th> Description </th></tr>
+<tr><td> ads-interceptorId </td><td> 1.3.6.1.4.1.18060.0.4.1.2.130 </td><td> Yes </td><td>
+PrintableString </td><td> SV </td><td> No </td><td> The Interceptor
+identifier </td></tr>
+<tr><td> ads-interceptorOrder </td><td> 1.3.6.1.4.1.18060.0.4.1.2.131 </td><td>
+Yes </td><td> Integer </td><td> SV </td><td> No </td><td>
+The Interceptor order number </td></tr>
+<tr><td> ads-interceptorClassName </td><td> 1.3.6.1.4.1.18060.0.4.1.2.804 </td><td>
+Yes </td><td> PrintableString </td><td> SV </td><td>
+No </td><td> Fully qualified class name of the interceptor </td></tr>
+</table>
+
+<a name="ADS2.0configuration-Authenticationinterceptor"></a>
+### Authentication interceptor
+
+<a name="ADS2.0configuration-ads-authenticationInterceptor"></a>
+#### ads-authenticationInterceptor
+
+<table>
+<tr><th> Name </th><th> OID </th><th> Mandatory </th><th> type </th><th> SV/MV </th><th> Composite </th><th> Description </th></tr>
+<tr><td> ads-authenticators </td><td> 1.3.6.1.4.1.18060.0.4.1.2.933 </td><td> No </td><td>
+N/A </td><td> MV </td><td> Yes </td><td> A
+reference to the authenticators </td></tr>
+<tr><td> ads-passwordPolicies </td><td> 1.3.6.1.4.1.18060.0.4.1.2.313 </td><td> No
+</td><td> PrintableString </td><td> MV </td><td> Yes </td><td> The
+PasswordPolicy configurations </td></tr>
+</table>
+
+
+
+
+
+
+
+<a name="ADS2.0configuration-ChangeLog"></a>
+## ChangeLog
+
+Here is the configuration :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> changeLogStore </td><td> </td><td> A store for change events on the directory (not
+described atm) </td></tr>
+<tr><td> enabled </td><td> true </td><td> Tells if the changeLog system is up and running </td></tr>
+<tr><td> exposed </td><td> false </td><td> Tells if the changeLog system is visible by the clients
+</td></tr>
+<tr><td> partitionSuffix </td><td> ou=changelog </td><td> The prefix of the partition </td></tr>
+<tr><td> revisionsContainerName </td><td> ou=revisions </td><td> The name of the revisions
+container under the partition </td></tr>
+<tr><td> tagsContainerName </td><td> ou=tags </td><td> The name of the tags container under the
+partition </td></tr>
+</table>
+
+{note}
+The _partitionSuffix_, _revisionsContainerName_ and _tagsContainerName_
+should not be exposed. They won't be associated with a schema element. The
+_changeLogStore_ is not defined right now, as we only have a InMemory
+changeLog system working.
+{note}
+
+
+
+<a name="ADS2.0configuration-ChangeLogschema"></a>
+### ChangeLog schema
+
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+Here is the list of AttributeTypes we need for the changeLog :
+
+<table>
+<tr><th> AttributeType </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-changeLogEnabled](configuration-schema#ads-changelogenabled.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> </td></tr>
+<tr><td> [ads-changeLogExposed](configuration-schema#ads-changelogexposed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClass"></a>
+#### ObjectClass
+
+Here is the ObjectClass we need for the changeLog :
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-changeLog](configuration-schema#ads-changelog.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> The ChangeLog
+ObjectClass </td></tr>
+</table>
+
+
+<a name="ADS2.0configuration-Journal"></a>
+## Journal
+
+This is the system storing every modifications in order to be able to
+restore the server if it crashes, or to manage replication. It is backed by
+a store, which needs to be configured too. Here is the configuration :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> enabled </td><td> true </td><td> Tells if the journal system is up and running </td></tr>
+<tr><td> rotation </td><td> 0 </td><td> The size before a journal rotation occurs </td></tr>
+<tr><td> filename </td><td> journal.ldif </td><td> The journal's file name </td></tr>
+<tr><td> workingDirectory </td><td> the DirectoryService working directory </td><td> The place on
+disk where the journal is stored </td></tr>
+</table>
+
+<a name="ADS2.0configuration-Journalschema"></a>
+### Journal schema
+
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+Here is the list of AttributeTypes we need for the journal :
+
+<table>
+<tr><th> AttributeType </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-journalFileName](configuration-schema#ads-journalfilename.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The journal's file name </td></tr>
+<tr><td> [ads-journalWorkingDirectory](configuration-schema#ads-journalworkingdirectory.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The place on disk where the
+journal is stored </td></tr>
+<tr><td> [ads-journalRotation](configuration-schema#ads-journalrotation.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The size before a journal rotation
+occurs </td></tr>
+<tr><td> [ads-journalEnabled](configuration-schema#ads-journalenabled.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Tells if the journal system is up
+and running </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClass"></a>
+#### ObjectClass
+
+Here is the ObjectClass we need for the journal :
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-journal](configuration-schema#ads-journal.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> The Journal
+ObjectClass </td></tr>
+</table>
+
+
+<a name="ADS2.0configuration-Partition"></a>
+## Partition
+
+The Partition parameters are listed in the following table :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> cacheSize </td><td> 100 </td><td> Number of cached entries </td></tr>
+<tr><td> id </td><td> N/A </td><td> The partition id </td></tr>
+<tr><td> indexedAttributes </td><td> N/A </td><td> The list of indexed attributes </td></tr>
+<tr><td> optimizerEnabled </td><td> true </td><td> Tells if the optimizer is enabled or not </td></tr>
+<tr><td> property </td><td> N/A </td><td> ??? </td></tr>
+<tr><td> suffix </td><td> N/A </td><td> The partition's suffix </td></tr>
+<tr><td> syncOnWrite </td><td> true </td><td> Tells the server to flush on disk for every write </td></tr>
+</table>
+
+the *indexedAttributes* parameter itself is a composite attribute, and will
+be described below.
+
+{note}
+The 'property' parameter will probably be removed.
+{note}
+
+{note}
+The 'optimizerEnabled' parameter will probably be removed.
+{note}
+
+
+<a name="ADS2.0configuration-Partitionschema"></a>
+### Partition schema
+
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> ads-partitionCacheSize </td><td> 100 </td><td> Number of cached entries </td></tr>
+<tr><td> ads-partitionId </td><td> N/A </td><td> The partition Id </td></tr>
+<tr><td> ads-partitionIndexedAttributes </td><td> N/A </td><td> The list of indexed attributes </td></tr>
+<tr><td> ads-partitionOptimizerEnabled </td><td> true </td><td> Tells if the optimizer is enabled
+or not. probably a useless parameter </td></tr>
+<tr><td> ads-partitionProperty </td><td> N/A </td><td> Will be removed </td></tr>
+<tr><td> ads-partitionSuffix </td><td> N/A </td><td> The partition suffix </td></tr>
+<tr><td> ads-partitionSyncOnWrite </td><td> true </td><td> Tells the server to flush on disk for
+every write </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClass"></a>
+#### ObjectClass
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> ads-partition </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> The
+Partition ObjectClass </td></tr>
+</table>
+
+<a name="ADS2.0configuration-Index"></a>
+## Index
+
+The Index parameters are listed in the following table :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> attributeId </td><td> N/A </td><td> The attributeType name or OID </td></tr>
+<tr><td> cacheSize </td><td> 100 </td><td> Number of key we cache </td></tr>
+<tr><td> numDupLimit </td><td> 512 </td><td> The number of duplicated element we allow before
+switching to a secondary tree </td></tr>
+<tr><td> filename </td><td> the attributeName </td><td> Name of the index file </td></tr>
+<tr><td> workingDirectory </td><td> The DS's working directory </td><td> The place on disk where
+the index will be stored </td></tr>
+</table>
+
+{note}
+The cacheSize is likely to be removed.
+{note}
+
+<a name="ADS2.0configuration-Indexschema"></a>
+### Index schema
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> [ads-indexAttributeId](configuration-schema#ads-indexattributeid.html)
+ </td><td> N/A </td><td> The attributeType name or OID </td></tr>
+<tr><td> [ads-indexCacheSize](configuration-schema#ads-indexcachesize.html)
+ </td><td> 100 </td><td> Number of key we cache </td></tr>
+<tr><td> [ads-indexNumDupLimit](configuration-schema#ads-indexnumduplimit.html)
+ </td><td> 512 </td><td> The number of duplicated element we allow before switching to a
+secondary tree </td></tr>
+<tr><td> [ads-indexFilename](configuration-schema#ads-indexfilename.html)
+ </td><td> the attributeName </td><td> Name of the index file </td></tr>
+<tr><td> [ads-indexWorkingDirectory](configuration-schema#ads-indexworkingdirectory.html)
+ </td><td> The DS's working directory </td><td> The place on disk where the index will be
+stored </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClass"></a>
+#### ObjectClass
+
+We will define at least two ObjectClasses, as we may have different kind of
+index (JDBM, Oracle, ...)
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-index](configuration-schema#ads-index.html)
+ </td><td> ABSTRACT </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> A global indexed
+attribute (can be JDBM or anything else) </td></tr>
+<tr><td> [ads-jdbmIndex](configuration-schema#ads-jdbmindex.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> A JDBM indexed
+attribute </td></tr>
+</table>
+
+<a name="ADS2.0configuration-LdapServer"></a>
+## LdapServer
+
+The LdapServer parameters are described in the following table :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> id </td><td> N/A </td><td> The LdapServer identifier </td></tr>
+<tr><td> transports </td><td> N/A </td><td> The LdapServer transports </td></tr>
+<tr><td> confidentialityRequired </td><td> false </td><td> Tells the server to accept requests
+using startTLS or LDAPS </td></tr>
+<tr><td> allowAnonymousAccess </td><td> true </td><td> Tells the server to accept Anynymous
+requests or not </td></tr>
+<tr><td> maxSizeLimit </td><td> 1000 </td><td> The maximum number of entries to return </td></tr>
+<tr><td> MaxTimeLimit </td><td> 1000 </td><td> The maximul time before an operation is aborted (in
+seconds) </td></tr>
+<tr><td> extendedOperationHandlers </td><td> ??? </td></tr>
+<tr><td> saslHost </td><td> N/A </td><td> The name of this host, validated during SASL negotiation
+</td></tr>
+<tr><td> saslPrincipal </td><td> ldap/ldap.example.com@EXAMPLE.COM </td><td> The service
+principal, used by GSSAPI </td></tr>
+<tr><td> saslQop </td><td> "auth, "auth-int", "auth-conf" </td><td> The quality of protection
+(QoP), used by DIGEST-MD5 and GSSAPI </td></tr>
+<tr><td> saslRealms </td><td> N/A </td><td> The realms serviced by this SASL host </td></tr>
+<tr><td> saslMechanismHandlers </td><td> N/A </td><td> <String, MechanismHandler> \--> To be
+explicited </td></tr>
+<tr><td> directoryService </td><td> N/A </td><td> The reference to the associated DirectoryService
+</td></tr>
+<tr><td> keystoreFile </td><td> The JVM keystore </td><td> The keystore file to use to store
+certificates </td></tr>
+<tr><td> certificatePassword </td><td> N/A </td><td> The certificate passord </td></tr>
+<tr><td> replicationSystem </td><td> </td><td> ??? Should be associated to the DirectoryService </td></tr>
+</table>
+
+Some of the parameters will not be used : _extendedOperationHandlers_,
+_saslQop_, _saslMechanismHandlers_ and _replicationSystem_.
+
+None of those parameters are composite, except the DirectoryService, which
+has already been described.
+
+<a name="ADS2.0configuration-LdapServerschema"></a>
+### LdapServer schema
+
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+<table>
+<tr><th> AttributeType </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-ldapServerId](configuration-schema#ads-ldapserverid.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The LdapServer identifier </td></tr>
+<tr><td> [ads-ldapServerId](configuration-schema#ads-ldapserverid.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The LdapServer transports </td></tr>
+<tr><td> [ads-ldapServerTransports](configuration-schema#ads-ldapservertransports.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Tells the server to accept
+requests using startTLS or LDAPS </td></tr>
+<tr><td> [ads-ldapServerAllowAnonymousAccess](configuration-schema#ads-ldapserverallowanonymousaccess.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Tells the server to accept
+Anynymous requests or not </td></tr>
+<tr><td> [ads-ldapServerMaxSizeLimit](configuration-schema#ads-ldapservermaxsizelimit.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The maximum number of entries to
+return </td></tr>
+<tr><td> [ads-ldapServerMaxTimeLimit](configuration-schema#ads-ldapservermaxtimelimit.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The maximul time before an
+operation is aborted (in seconds) </td></tr>
+<tr><td> [ads-ldapServerSaslHost](configuration-schema#ads-ldapserversaslhost.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The name of this host, validated
+during SASL negotiation </td></tr>
+<tr><td> [ads-ldapServerSaslPrincipal](configuration-schema#ads-ldapserversaslprincipal.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The service principal, used by
+GSSAPI </td></tr>
+<tr><td> [ads-ldapServerSaslRealms](configuration-schema#ads-ldapserversaslrealms.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The realms serviced by this SASL
+host </td></tr>
+<tr><td> [ads-ldapServerDirectoryService](configuration-schema#ads-ldapserverdirectoryservice.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The reference to the associated
+DirectoryService </td></tr>
+<tr><td> [ads-ldapServerKeystoreFile](configuration-schema#ads-ldapserverkeystorefile.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The keystore file to use to store
+certificates </td></tr>
+<tr><td> [ads-ldapServerCertificatePassword](configuration-schema#ads-ldapservercertificatepassword.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The certificate passord </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClass"></a>
+#### ObjectClass
+
+Here is the list of ObjectClasses we need for the LdapServer
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-ldapServer](configuration-schema#ads-ldapserver.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> Base class for the
+LdapServer ObjectClass </td></tr>
+</table>
+
+
+<a name="ADS2.0configuration-KerberosServer"></a>
+## KerberosServer
+
+The KerberosServer parameters are described in the following table :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> id </td><td> N/A </td><td> The KerberosServer identifier </td></tr>
+<tr><td> transports </td><td> N/A </td><td> The KerberosServer transports </td></tr>
+<tr><td> AllowableClockSkew </td><td> </td><td> The allowable clock skew </td></tr>
+<tr><td> EncryptionTypes </td><td> </td><td> The encryption types </td></tr>
+<tr><td> EmptyAddressesAllowed </td><td> true </td><td> Whether empty addresses are allowed </td></tr>
+<tr><td> ForwardableAllowed </td><td> true </td><td> Whether forwardable addresses are allowed </td></tr>
+<tr><td> PaEncTimestampRequired </td><td> true </td><td> Whether pre-authentication by encrypted
+timestamp is required </td></tr>
+<tr><td> PostdatedAllowed </td><td> true </td><td> Whether postdated tickets are allowed </td></tr>
+<tr><td> ProxiableAllowed </td><td> true </td><td> Whether proxiable addresses are allowed </td></tr>
+<tr><td> RenewableAllowed </td><td> true </td><td> Whether renewable tickets are allowed </td></tr>
+<tr><td> KdcPrincipal </td><td> krbtgt/EXAMPLE.COM@EXAMPLE.COM </td><td> The service principal
+name </td></tr>
+<tr><td> MaximumRenewableLifetime </td><td> 7 days </td><td> The maximum renewable lifetime </td></tr>
+<tr><td> MaximumTicketLifetime </td><td> 1 day </td><td> The maximum ticket lifetime </td></tr>
+<tr><td> PrimaryRealm </td><td> EXAMPLE.COM </td><td> The primary realm </td></tr>
+<tr><td> BodyChecksumVerified </td><td> true </td><td> Whether to verify the body checksum </td></tr>
+<tr><td> SearchBaseDn </td><td> NA </td><td> The place we are looking for entries </td></tr>
+</table>
+
+<a name="ADS2.0configuration-KerberosServerSchema"></a>
+### KerberosServer Schema
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+Here is the list of AttributeTypes we need for the KerberosServer
+
+<table>
+<tr><th> AttributeType </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-krbAllowableClockSkew](configuration-schema#ads-krballowableclockskew.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The allowable clock skew </td></tr>
+<tr><td> [ads-krbEncryptionTypes](configuration-schema#ads-krbencryptiontypes.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The encryption types </td></tr>
+<tr><td> [ads-krbEmptyAddressesAllowed](configuration-schema#ads-krbemptyaddressesallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether empty addresses are
+allowed </td></tr>
+<tr><td> [ads-krbForwardableAllowed](configuration-schema#ads-krbforwardableallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether forwardable addresses are
+allowed </td></tr>
+<tr><td> [ads-krbForwardableAllowed](configuration-schema#ads-krbforwardableallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether forwardable addresses are
+allowed </td></tr>
+<tr><td> [ads-krbPaEncTimestampRequired](configuration-schema#ads-krbpaenctimestamprequired.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether pre-authentication by
+encrypted timestamp is required </td></tr>
+<tr><td> [ads-krbPostdatedAllowed](configuration-schema#ads-krbpostdatedallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether postdated tickets are
+allowed </td></tr>
+<tr><td> [ads-krbProxiableAllowed](configuration-schema#ads-krbproxiableallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether proxiable addresses are
+allowed </td></tr>
+<tr><td> [ads-krbRenewableAllowed](configuration-schema#ads-krbrenewableallowed.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether renewable tickets are
+allowed </td></tr>
+<tr><td> [ads-krbKdcPrincipal](configuration-schema#ads-krbkdcprincipal.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The service principal name </td></tr>
+<tr><td> [ads-krbMaximumRenewableLifetime](configuration-schema#ads-krbmaximumrenewablelifetime.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The maximum renewable lifetime </td></tr>
+<tr><td> [ads-krbMaximumTicketLifetime](configuration-schema#ads-krbmaximumticketlifetime.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The maximum ticket lifetime </td></tr>
+<tr><td> [ads-krbPrimaryRealm](configuration-schema#ads-krbprimaryrealm.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The primary realm </td></tr>
+<tr><td> [ads-krbBodyChecksumVerified](configuration-schema#ads-krbbodychecksumverified.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Whether to verify the body
+checksum </td></tr>
+<tr><td> [ads-kerberosServerId](configuration-schema#ads-kerberosserverid.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The kerberos server identifier </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClasses"></a>
+#### ObjectClasses
+
+Here is the list of ObjectClass we need for the KerberosServer
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+</table>
+
+<a name="ADS2.0configuration-TransportLayer"></a>
+## Transport Layer
+
+The *transport layer* is the layer in charge of managing incoming requests
+and outgoing responses. All the servers are depending on this layer. It
+support *TCP* and *UDP* transports.
+
+The configuration parameters are the following :
+
+<table>
+<tr><th> Parameter </th><th> Default value </th><th> Description </th></tr>
+<tr><td> address </td><td> localhost </td><td> The listening address. Can be '*' if the server is
+listening on all the interfaces </td></tr>
+<tr><td> port </td><td> \-1 </td><td> The port the server is listening on. </td></tr>
+<tr><td> sslEnabled </td><td> false </td><td> Tells if SSL is enabled for this transport. Only
+available for a TCP transport </td></tr>
+<tr><td> backlog </td><td> 50 </td><td> The number of incoming requests queued when all the
+threads are busy </td></tr>
+<tr><td> threads </td><td> 3 </td><td> The number of threads to use in the executor to handle the
+incoming requests </td></tr>
+</table>
+
+The base transport is determinated by the type of transport object we will
+create :_TcpTransport_ or _UdpTransport_.
+
+For instance, in the current *server.xml* file, we have this configuration
+for the *LDAP* server and for the *Kerberos* server :
+
+      ...
+      <ldapServer id="ldapServer" ...>
+        <transports>
+          <tcpTransport address="0.0.0.0" port="10389" nbThreads="8"
+backLog="50" enableSSL="false"/>
+          <tcpTransport address="localhost" port="10686" enableSSL="true"/>
+        </transports>
+      ...
+
+
+
+
+      ...
+      <kdcServer id="kdcServer">
+        <transports>
+          <tcpTransport port="60088" nbThreads="4" backLog="50"/>
+          <udpTransport port="60088" nbThreads="4" backLog="50"/>
+        </transports>
+      ...
+
+
+<a name="ADS2.0configuration-Transportschema"></a>
+### Transport schema
+
+To be able to store the transport in the *DiT*, we must define a specific
+set of AttributeTypes and ObjectClasses to store them. Here are those
+definitions.
+
+<a name="ADS2.0configuration-AttributeTypes"></a>
+#### AttributeTypes
+
+Here is the list of AttributeTypes we need for the transport layer
+
+<table>
+<tr><th> AttributeType </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-transportAddress](configuration-schema#ads-transportaddress.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The IP Address </td></tr>
+<tr><td> [ipServicePort](http://ldap.akbkhome.com/index.php/attribute/ipServicePort.html)
+ </td><td> no </td><td> 1.3.6.1.1.1.1.15 </td><td> The IP port </td></tr>
+<tr><td> [ads-transportBacklog](configuration-schema#ads-transportbacklog.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The backlog size </td></tr>
+<tr><td> [ads-transportEnableSSL](configuration-schema#ads-transportenablessl.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> Tells if SSL is on </td></tr>
+<tr><td> [ads-transportNbThreads](configuration-schema#ads-transportnbthreads.html)
+ </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.2.xxx </td><td> The number of threads in the
+executor </td></tr>
+</table>
+
+<a name="ADS2.0configuration-ObjectClasses"></a>
+#### ObjectClasses
+
+Here is the list of ObjectClasses we need for the transport layer
+
+<table>
+<tr><th> ObjectClass </th><th> type </th><th> ADS </th><th> OID </th><th> Description </th></tr>
+<tr><td> [ads-transport](configuration-schema#ads-transport.html)
+ </td><td> ABSTRACT </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> Base class for the
+transport's ObjectClasses </td></tr>
+<tr><td> [ads-tcpTransport](configuration-schema#ads-tcptransport.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> The TCP transport </td></tr>
+<tr><td> [ads-udpTransport](configuration-schema#ads-udptransport.html)
+ </td><td> STRUCTURAL </td><td> yes </td><td> 1.3.6.1.4.1.18060.0.4.1.3.xxx </td><td> The UDP transport </td></tr>

Added: directory/site/trunk/content/apacheds/configuration/adsconfig.mdtext
URL: http://svn.apache.org/viewvc/directory/site/trunk/content/apacheds/configuration/adsconfig.mdtext?rev=1422759&view=auto
==============================================================================
--- directory/site/trunk/content/apacheds/configuration/adsconfig.mdtext (added)
+++ directory/site/trunk/content/apacheds/configuration/adsconfig.mdtext Mon Dec 17 06:21:20 2012
@@ -0,0 +1 @@
+#Apache Directory config schema

## Object Classes


### class ads-authenticationInterceptor	{#ads-authenticationInterceptor}
description | type | oid | superior
----------- | ---- | --- | --------
The AuthenticationInterceptor ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.131 | [ads-interceptor](#ads-interceptor)

#### attributes
| optional |
| -------- |
| [ads-authenticators](#ads-authenticators) |
| [ads-passwordPolicies](#ads-passwordPolicies) |


### class ads-authenticator	{#ads-authenticator}
description | type | oid | superior
----------- | ---- | --- | --------
A generic authenticator | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.901 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-authenticatorId](#ads-authenticatorId) |


### class ads-authenticatorImpl	{#ads-authenticatorImpl}
description | type | oid | superior
----------- | ---- | --- | --------
an authenticator implementation | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.902 | [ads-authenticator](#ads-authenticator)

#### attributes
| mandatory |
| -------- |
| [ads-authenticatorClass](#ads-authenticatorClass) |


### class ads-base	{#ads-base}
description | type | oid | superior
----------- | ---- | --- | --------
The base bean | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.0 | 

#### attributes
| optional |
| -------- |
| [ads-enabled](#ads-enabled) |
| description |


### class ads-changeLog	{#ads-changeLog}
description | type | oid | superior
----------- | ---- | --- | --------
The ChangeLog | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.120 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-changeLogId](#ads-changeLogId) |

| optional |
| -------- |
| [ads-changeLogExposed](#ads-changeLogExposed) |


### class ads-changePasswordServer	{#ads-changePasswordServer}
description | type | oid | superior
----------- | ---- | --- | --------
The ChangePassword ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.800 | [ads-dsBasedServer](#ads-dsBasedServer)

#### attributes
| optional |
| -------- |
| [ads-krbAllowableClockSkew](#ads-krbAllowableClockSkew) |
| [ads-krbEmptyAddressesAllowed](#ads-krbEmptyAddressesAllowed) |
| [ads-krbEncryptionTypes](#ads-krbEncryptionTypes) |
| [ads-krbPrimaryRealm](#ads-krbPrimaryRealm) |
| [ads-chgPwdPolicyCategoryCount](#ads-chgPwdPolicyCategoryCount) |
| [ads-chgPwdPolicyPasswordLength](#ads-chgPwdPolicyPasswordLength) |
| [ads-chgPwdPolicyTokenSize](#ads-chgPwdPolicyTokenSize) |
| [ads-chgPwdServicePrincipal](#ads-chgPwdServicePrincipal) |


### class ads-delegatingAuthenticator	{#ads-delegatingAuthenticator}
description | type | oid | superior
----------- | ---- | --- | --------
delegated authentication configuration | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.904 | [ads-authenticator](#ads-authenticator)

#### attributes
| mandatory |
| -------- |
| [ads-delegateHost](#ads-delegateHost) |
| [ads-delegatePort](#ads-delegatePort) |


### class ads-dhcpServer	{#ads-dhcpServer}
description | type | oid | superior
----------- | ---- | --- | --------
The DhcpServer ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.600 | [ads-dsBasedServer](#ads-dsBasedServer)

#### attributes

### class ads-directoryService	{#ads-directoryService}
description | type | oid | superior
----------- | ---- | --- | --------
The DirectoryService ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.100 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-directoryServiceId](#ads-directoryServiceId) |
| [ads-dsReplicaId](#ads-dsReplicaId) |
| [ads-interceptors](#ads-interceptors) |
| [ads-partitions](#ads-partitions) |

| optional |
| -------- |
| [ads-servers](#ads-servers) |
| [ads-dsAccessControlEnabled](#ads-dsAccessControlEnabled) |
| [ads-dsAllowAnonymousAccess](#ads-dsAllowAnonymousAccess) |
| [ads-changeLog](#ads-changeLog) |
| [ads-dsDenormalizeOpAttrsEnabled](#ads-dsDenormalizeOpAttrsEnabled) |
| [ads-journal](#ads-journal) |
| [ads-dsMaxPDUSize](#ads-dsMaxPDUSize) |
| [ads-dsPasswordHidden](#ads-dsPasswordHidden) |
| [ads-dsSyncPeriodMillis](#ads-dsSyncPeriodMillis) |
| [ads-dsTestEntries](#ads-dsTestEntries) |


### class ads-dnsServer	{#ads-dnsServer}
description | type | oid | superior
----------- | ---- | --- | --------
The DnsServer ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.500 | [ads-dsBasedServer](#ads-dsBasedServer)

#### attributes

### class ads-dsBasedServer	{#ads-dsBasedServer}
description | type | oid | superior
----------- | ---- | --- | --------
The DirectoryService based server ObjectClass | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.260 | [ads-server](#ads-server)

#### attributes
| optional |
| -------- |
| [ads-searchBaseDN](#ads-searchBaseDN) |


### class ads-extendedOpHandler	{#ads-extendedOpHandler}
description | type | oid | superior
----------- | ---- | --- | --------
Extended operation handler | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.802 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-extendedOpHandlerClass](#ads-extendedOpHandlerClass) |
| [ads-extendedOpId](#ads-extendedOpId) |


### class ads-httpServer	{#ads-httpServer}
description | type | oid | superior
----------- | ---- | --- | --------
integrated jetty http server | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.804 | [ads-server](#ads-server)

#### attributes
| optional |
| -------- |
| [ads-httpConfFile](#ads-httpConfFile) |
| ads-httpwebApps |


### class ads-httpWebApp	{#ads-httpWebApp}
description | type | oid | superior
----------- | ---- | --- | --------
a web app | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.803 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-httpWarFile](#ads-httpWarFile) |
| ads-id |

| optional |
| -------- |
| [ads-httpAppCtxPath](#ads-httpAppCtxPath) |


### class ads-index	{#ads-index}
description | type | oid | superior
----------- | ---- | --- | --------
A generic indexed attribute | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.160 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-indexAttributeId](#ads-indexAttributeId) |
| [ads-indexHasReverse](#ads-indexHasReverse) |


### class ads-interceptor	{#ads-interceptor}
description | type | oid | superior
----------- | ---- | --- | --------
The Interceptor ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.130 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-interceptorId](#ads-interceptorId) |
| [ads-interceptorOrder](#ads-interceptorOrder) |
| [ads-interceptorClassName](#ads-interceptorClassName) |


### class ads-jdbmIndex	{#ads-jdbmIndex}
description | type | oid | superior
----------- | ---- | --- | --------
A JDBM indexed attribute | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.161 | [ads-index](#ads-index)

#### attributes
| optional |
| -------- |
| [ads-indexFileName](#ads-indexFileName) |
| [ads-indexWorkingDir](#ads-indexWorkingDir) |
| [ads-indexNumDupLimit](#ads-indexNumDupLimit) |
| [ads-indexCacheSize](#ads-indexCacheSize) |


### class ads-jdbmPartition	{#ads-jdbmPartition}
description | type | oid | superior
----------- | ---- | --- | --------
A JDBM partition | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.151 | [ads-partition](#ads-partition)

#### attributes
| optional |
| -------- |
| [ads-partitionCacheSize](#ads-partitionCacheSize) |
| [ads-jdbmPartitionOptimizerEnabled](#ads-jdbmPartitionOptimizerEnabled) |


### class ads-journal	{#ads-journal}
description | type | oid | superior
----------- | ---- | --- | --------
The Journal | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.140 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-journalId](#ads-journalId) |
| [ads-journalFileName](#ads-journalFileName) |

| optional |
| -------- |
| [ads-journalWorkingDir](#ads-journalWorkingDir) |
| [ads-journalRotation](#ads-journalRotation) |


### class ads-kdcServer	{#ads-kdcServer}
description | type | oid | superior
----------- | ---- | --- | --------
The KerberosServer ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.400 | [ads-dsBasedServer](#ads-dsBasedServer)

#### attributes
| optional |
| -------- |
| [ads-krbAllowableClockSkew](#ads-krbAllowableClockSkew) |
| [ads-krbEncryptionTypes](#ads-krbEncryptionTypes) |
| [ads-krbEmptyAddressesAllowed](#ads-krbEmptyAddressesAllowed) |
| [ads-krbForwardableAllowed](#ads-krbForwardableAllowed) |
| [ads-krbPaEncTimestampRequired](#ads-krbPaEncTimestampRequired) |
| [ads-krbPostdatedAllowed](#ads-krbPostdatedAllowed) |
| [ads-krbProxiableAllowed](#ads-krbProxiableAllowed) |
| [ads-krbRenewableAllowed](#ads-krbRenewableAllowed) |
| [ads-krbKdcPrincipal](#ads-krbKdcPrincipal) |
| [ads-krbMaximumRenewableLifetime](#ads-krbMaximumRenewableLifetime) |
| [ads-krbMaximumTicketLifetime](#ads-krbMaximumTicketLifetime) |
| [ads-krbPrimaryRealm](#ads-krbPrimaryRealm) |
| [ads-krbBodyChecksumVerified](#ads-krbBodyChecksumVerified) |


### class ads-ldapServer	{#ads-ldapServer}
description | type | oid | superior
----------- | ---- | --- | --------
The LdapServer ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.300 | [ads-dsBasedServer](#ads-dsBasedServer)

#### attributes
| optional |
| -------- |
| [ads-confidentialityRequired](#ads-confidentialityRequired) |
| [ads-maxSizeLimit](#ads-maxSizeLimit) |
| [ads-maxTimeLimit](#ads-maxTimeLimit) |
| [ads-saslHost](#ads-saslHost) |
| [ads-saslPrincipal](#ads-saslPrincipal) |
| [ads-saslRealms](#ads-saslRealms) |
| [ads-keystoreFile](#ads-keystoreFile) |
| [ads-certificatePassword](#ads-certificatePassword) |
| [ads-replReqHandler](#ads-replReqHandler) |
| [ads-saslMechHandlers](#ads-saslMechHandlers) |
| [ads-extendedOpHandlers](#ads-extendedOpHandlers) |
| [ads-replConsumers](#ads-replConsumers) |


### class ads-ntpServer	{#ads-ntpServer}
description | type | oid | superior
----------- | ---- | --- | --------
The NtpServer ObjectClass | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.700 | [ads-server](#ads-server)

#### attributes

### class ads-partition	{#ads-partition}
description | type | oid | superior
----------- | ---- | --- | --------
A generic partition | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.150 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-partitionId](#ads-partitionId) |
| [ads-partitionSuffix](#ads-partitionSuffix) |

| optional |
| -------- |
| [ads-contextEntry](#ads-contextEntry) |
| [ads-partitionSyncOnWrite](#ads-partitionSyncOnWrite) |
| [ads-indexes](#ads-indexes) |


### class ads-passwordPolicy	{#ads-passwordPolicy}
description | type | oid | superior
----------- | ---- | --- | --------
class to hold the PasswordPolicy configuration | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.900 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-pwdId](#ads-pwdId) |
| [ads-pwdAttribute](#ads-pwdAttribute) |

| optional |
| -------- |
| [ads-pwdMinAge](#ads-pwdMinAge) |
| [ads-pwdMaxAge](#ads-pwdMaxAge) |
| [ads-pwdInHistory](#ads-pwdInHistory) |
| [ads-pwdCheckQuality](#ads-pwdCheckQuality) |
| [ads-pwdMinLength](#ads-pwdMinLength) |
| [ads-pwdMaxLength](#ads-pwdMaxLength) |
| [ads-pwdExpireWarning](#ads-pwdExpireWarning) |
| [ads-pwdGraceAuthNLimit](#ads-pwdGraceAuthNLimit) |
| [ads-pwdGraceExpire](#ads-pwdGraceExpire) |
| [ads-pwdLockout](#ads-pwdLockout) |
| [ads-pwdLockoutDuration](#ads-pwdLockoutDuration) |
| [ads-pwdMaxFailure](#ads-pwdMaxFailure) |
| [ads-pwdFailureCountInterval](#ads-pwdFailureCountInterval) |
| [ads-pwdMustChange](#ads-pwdMustChange) |
| [ads-pwdAllowUserChange](#ads-pwdAllowUserChange) |
| [ads-pwdSafeModify](#ads-pwdSafeModify) |
| [ads-pwdMinDelay](#ads-pwdMinDelay) |
| [ads-pwdMaxDelay](#ads-pwdMaxDelay) |
| [ads-pwdMaxIdle](#ads-pwdMaxIdle) |


### class ads-replConsumer	{#ads-replConsumer}
description | type | oid | superior
----------- | ---- | --- | --------
replication consumer configuration | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.806 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-replConsumerId](#ads-replConsumerId) |
| [ads-searchBaseDN](#ads-searchBaseDN) |
| [ads-replProvHostName](#ads-replProvHostName) |
| [ads-replProvPort](#ads-replProvPort) |
| [ads-replAliasDerefMode](#ads-replAliasDerefMode) |
| [ads-replAttributes](#ads-replAttributes) |
| [ads-replRefreshInterval](#ads-replRefreshInterval) |
| [ads-replRefreshNPersist](#ads-replRefreshNPersist) |
| [ads-replSearchScope](#ads-replSearchScope) |
| [ads-replSearchFilter](#ads-replSearchFilter) |
| [ads-replSearchSizeLimit](#ads-replSearchSizeLimit) |
| [ads-replSearchTimeOut](#ads-replSearchTimeOut) |
| [ads-replUserDn](#ads-replUserDn) |
| [ads-replUserPassword](#ads-replUserPassword) |

| optional |
| -------- |
| [ads-replUseTls](#ads-replUseTls) |
| [ads-replStrictCertValidation](#ads-replStrictCertValidation) |
| [ads-replPeerCertificate](#ads-replPeerCertificate) |
| [ads-replConsumerImpl](#ads-replConsumerImpl) |
| [ads-replCookie](#ads-replCookie) |


### class ads-replEventLog	{#ads-replEventLog}
description | type | oid | superior
----------- | ---- | --- | --------
class to hold a replication consumer event log details | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.805 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-dsReplicaId](#ads-dsReplicaId) |
| [ads-replAliasDerefMode](#ads-replAliasDerefMode) |
| [ads-searchBaseDN](#ads-searchBaseDN) |
| [ads-replSearchScope](#ads-replSearchScope) |
| [ads-replSearchFilter](#ads-replSearchFilter) |
| [ads-replRefreshNPersist](#ads-replRefreshNPersist) |

| optional |
| -------- |
| [ads-replLastSentCsn](#ads-replLastSentCsn) |
| [ads-replCookie](#ads-replCookie) |


### class ads-saslMechHandler	{#ads-saslMechHandler}
description | type | oid | superior
----------- | ---- | --- | --------
SASL mechanism handler | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.801 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-saslMechName](#ads-saslMechName) |
| [ads-saslMechClassName](#ads-saslMechClassName) |

| optional |
| -------- |
| [ads-ntlmMechProvider](#ads-ntlmMechProvider) |


### class ads-server	{#ads-server}
description | type | oid | superior
----------- | ---- | --- | --------
The server ObjectClass | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.250 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-serverId](#ads-serverId) |

| optional |
| -------- |
| [ads-transports](#ads-transports) |


### class ads-tcpTransport	{#ads-tcpTransport}
description | type | oid | superior
----------- | ---- | --- | --------
A TCP transport | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.19 | [ads-transport](#ads-transport)

#### attributes

### class ads-transport	{#ads-transport}
description | type | oid | superior
----------- | ---- | --- | --------
A transport (TCP or UDP) | ABSTRACT | 1.3.6.1.4.1.18060.0.4.1.3.18 | [ads-base](#ads-base)

#### attributes
| mandatory |
| -------- |
| [ads-transportId](#ads-transportId) |
| [ads-systemPort](#ads-systemPort) |

| optional |
| -------- |
| [ads-transportAddress](#ads-transportAddress) |
| [ads-transportBacklog](#ads-transportBacklog) |
| [ads-transportEnableSSL](#ads-transportEnableSSL) |
| [ads-transportNbThreads](#ads-transportNbThreads) |


### class ads-udpTransport	{#ads-udpTransport}
description | type | oid | superior
----------- | ---- | --- | --------
an UDP transport | STRUCTURAL | 1.3.6.1.4.1.18060.0.4.1.3.20 | [ads-transport](#ads-transport)

#### attributes
## Attribute types

alias |  description | syntax | equality | ordering | substring
---------- | ----- | ----- | ------ | ------ | -------- | --------
ads-allowAnonymousAccess	{#ads-allowAnonymousAccess} | Tells the server to accept Anynymous requests or not | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-authenticatorClass	{#ads-authenticatorClass} | the fully qualified class name of an authenticator implementation | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-authenticatorId	{#ads-authenticatorId} | Authenticator Id | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-authenticators	{#ads-authenticators} | A reference to the authenticators |  |  |  | 
ads-certificatePassword	{#ads-certificatePassword} | The certificate passord | 1.3.6.1.4.1.1466.115.121.1.15 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-changeLog	{#ads-changeLog} | The ChangeLog system | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-changeLogExposed	{#ads-changeLogExposed} | Tells if the changeLog system is visible by the clients | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-changeLogId	{#ads-changeLogId} | The ChangeLog identifier | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-chgPwdPolicyCategoryCount	{#ads-chgPwdPolicyCategoryCount} | The policy category count | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-chgPwdPolicyPasswordLength	{#ads-chgPwdPolicyPasswordLength} | The policy minimum password length | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-chgPwdPolicyTokenSize	{#ads-chgPwdPolicyTokenSize} | The policy token size | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-chgPwdServicePrincipal	{#ads-chgPwdServicePrincipal} | The Change Password service principal | 1.3.6.1.4.1.1466.115.121.1.26 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-compositeElement	{#ads-compositeElement} | A base AttributeType for attributeType referencing composite configuration elements | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-confidentialityRequired	{#ads-confidentialityRequired} | Tells the server to accept requests using startTLS or LDAPS | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-contextEntry	{#ads-contextEntry} | The Partition context entry | 1.3.6.1.4.1.1466.115.121.1.15 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-delegateHost	{#ads-delegateHost} | an external host handling delegate authentication | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-delegatePort	{#ads-delegatePort} | Port number on system | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-directoryServiceId	{#ads-directoryServiceId} | The DirectoryService ID | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-dsAccessControlEnabled	{#ads-dsAccessControlEnabled} | Tells if access control is activated or not | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-dsAllowAnonymousAccess	{#ads-dsAllowAnonymousAccess} | Tells if anonymous access are allowed or not | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-dsDenormalizeOpAttrsEnabled	{#ads-dsDenormalizeOpAttrsEnabled} | Tells if the operational attributes are denormalized or not | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-dsMaxPDUSize	{#ads-dsMaxPDUSize} | Gives the maximum size of a PDU | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-dsPasswordHidden	{#ads-dsPasswordHidden} | Tells if the password is stored encrypted even for PLAIN authentication | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-dsReplicaId	{#ads-dsReplicaId} | The server identifier, used for replication | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-dsSyncPeriodMillis	{#ads-dsSyncPeriodMillis} | Define the duration between two flushes on disk | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-dsTestEntries	{#ads-dsTestEntries} | The set of entries to inject at startup (may be obsolete) | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-enabled	{#ads-enabled} | specifies whether a config element is enabled or not, default is true | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-enableReplProvider	{#ads-enableReplProvider} | flag to prepare the server as a replication provider | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-extendedOpHandlerClass	{#ads-extendedOpHandlerClass} | Fully qualified class name of the extended operation handler | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-extendedOpHandlers	{#ads-extendedOpHandlers} | The reference to the extended operation Handlers | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-extendedOpId	{#ads-extendedOpId} | an ID used for ExtendeOpertion names | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-httpAppCtxPath	{#ads-httpAppCtxPath} | A web app context path | 1.3.6.1.4.1.1466.115.121.1.44 | caseIgnoreMatch | caseIgnoreOrderingMatch | caseIgnoreSubstringsMatch
ads-httpConfFile	{#ads-httpConfFile} | Jetty web server config file path | 1.3.6.1.4.1.1466.115.121.1.44 | caseIgnoreMatch | caseIgnoreOrderingMatch | caseIgnoreSubstringsMatch
ads-httpWarFile	{#ads-httpWarFile} | a web app archive | 1.3.6.1.4.1.1466.115.121.1.44 | caseIgnoreMatch | caseIgnoreOrderingMatch | caseIgnoreSubstringsMatch
ads-httpWebApps	{#ads-httpWebApps} | The references to the web applications | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-Id	{#ads-Id} | a generic ID which can be used in any configuration entry DN | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-indexAttributeId	{#ads-indexAttributeId} | The attributeType name or OID | 1.3.6.1.4.1.1466.115.121.1.38 | objectIdentifierMatch |  | 
ads-indexCacheSize	{#ads-indexCacheSize} | The number of key we store in the cache for this index | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-indexes	{#ads-indexes} | A reference to the indexed attributes |  |  |  | 
ads-indexFileName	{#ads-indexFileName} | The index file name | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-indexHasReverse	{#ads-indexHasReverse} | A flag telling if the index has a reverse table | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-indexNumDupLimit	{#ads-indexNumDupLimit} | The number of duplicated element we allow before switching to a secondary tree | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-indexWorkingDir	{#ads-indexWorkingDir} | The place on disk where the index file is stored | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-interceptorClassName	{#ads-interceptorClassName} | Fully qualified class name of the interceptor | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-interceptorId	{#ads-interceptorId} | The Interceptor identifier | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-interceptorOrder	{#ads-interceptorOrder} | The Interceptor order number | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-interceptors	{#ads-interceptors} | The references to the interceptors | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-jdbmPartitionOptimizerEnabled	{#ads-jdbmPartitionOptimizerEnabled} | Enables JDBM partition optimizer | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-journal	{#ads-journal} | The reference to the Journal | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-journalFileName	{#ads-journalFileName} | The journal file name. | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-journalId	{#ads-journalId} | The Journal ID | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-journalRotation	{#ads-journalRotation} | The size before a journal rotation occurs. | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-journalWorkingDir	{#ads-journalWorkingDir} | The place on disk where the journal is stored. | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-keystoreFile	{#ads-keystoreFile} | The keystore file to use to store certificates | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-krbAllowableClockSkew	{#ads-krbAllowableClockSkew} | The allowable clock skew | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-krbBodyChecksumVerified	{#ads-krbBodyChecksumVerified} | Whether to verify the body checksum | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbEmptyAddressesAllowed	{#ads-krbEmptyAddressesAllowed} | Whether empty addresses are allowed | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbEncryptionTypes	{#ads-krbEncryptionTypes} | The encryption types | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-krbForwardableAllowed	{#ads-krbForwardableAllowed} | Whether forwardable addresses are allowed | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbKdcPrincipal	{#ads-krbKdcPrincipal} | The service principal name | 1.3.6.1.4.1.1466.115.121.1.26 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-krbMaximumRenewableLifetime	{#ads-krbMaximumRenewableLifetime} | The maximum renewable lifetime | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-krbMaximumTicketLifetime	{#ads-krbMaximumTicketLifetime} | The maximum ticket lifetime | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-krbPaEncTimestampRequired	{#ads-krbPaEncTimestampRequired} | Whether pre-authentication by encrypted timestamp is required | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbPostdatedAllowed	{#ads-krbPostdatedAllowed} | Whether postdated tickets are allowed | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbPrimaryRealm	{#ads-krbPrimaryRealm} | The primary realm | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-krbProxiableAllowed	{#ads-krbProxiableAllowed} | Whether proxiable addresses are allowed | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-krbRenewableAllowed	{#ads-krbRenewableAllowed} | Whether renewable tickets are allowed | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-maxSizeLimit	{#ads-maxSizeLimit} | The maximum number of entries to return | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-maxTimeLimit	{#ads-maxTimeLimit} | The maximum time before an operation is aborted (in seconds) | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-ntlmMechProvider	{#ads-ntlmMechProvider} | Fully qualified class name of SASL NTLM provider | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-partitionCacheSize	{#ads-partitionCacheSize} | The number of entries in the cache for this partition | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-partitionId	{#ads-partitionId} | The Partition identifier | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-partitions	{#ads-partitions} | The set of partitions | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-partitionSuffix	{#ads-partitionSuffix} | The partition suffix | 1.3.6.1.4.1.1466.115.121.1.12 | distinguishedNameMatch | distinguishedNameMatch | 
ads-partitionSyncOnWrite	{#ads-partitionSyncOnWrite} | directs a partition to synchronize the underlying storage upon a write operation | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-passwordPolicies	{#ads-passwordPolicies} | The PasswordPolicy configuration | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-pwdAllowUserChange	{#ads-pwdAllowUserChange} |  | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-pwdAttribute	{#ads-pwdAttribute} |  | 1.3.6.1.4.1.1466.115.121.1.38 | objectIdentifierMatch |  | 
ads-pwdCheckQuality	{#ads-pwdCheckQuality} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdExpireWarning	{#ads-pwdExpireWarning} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdFailureCountInterval	{#ads-pwdFailureCountInterval} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdGraceAuthNLimit	{#ads-pwdGraceAuthNLimit} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdGraceExpire	{#ads-pwdGraceExpire} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdId	{#ads-pwdId} | an ID used to identify the passwordPolicy configuration | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-pwdInHistory	{#ads-pwdInHistory} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdLockout	{#ads-pwdLockout} |  | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-pwdLockoutDuration	{#ads-pwdLockoutDuration} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMaxAge	{#ads-pwdMaxAge} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMaxDelay	{#ads-pwdMaxDelay} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMaxFailure	{#ads-pwdMaxFailure} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMaxIdle	{#ads-pwdMaxIdle} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMaxLength	{#ads-pwdMaxLength} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMinAge	{#ads-pwdMinAge} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMinDelay	{#ads-pwdMinDelay} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMinLength	{#ads-pwdMinLength} |  | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch |  | 
ads-pwdMustChange	{#ads-pwdMustChange} |  | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-pwdSafeModify	{#ads-pwdSafeModify} |  | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-replAliasDerefMode	{#ads-replAliasDerefMode} | the alias dereference mode of replication search | 1.3.6.1.4.1.18060.0.4.1.0.11 | caseExactMatch | caseExactOrderingMatch | 
ads-replAttributes	{#ads-replAttributes} | the attributes to be replicated | 1.3.6.1.4.1.1466.115.121.1.15 | caseIgnoreIA5Match | caseExactOrderingMatch | caseIgnoreIA5SubstringsMatch
ads-replConsumerId	{#ads-replConsumerId} | The replication consumer ID | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-replConsumerImpl	{#ads-replConsumerImpl} | The FQCN of the replication consumer/client handler | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-replConsumers	{#ads-replConsumers} | The replication consumers of this server instance | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-replCookie	{#ads-replCookie} | cookie sent from the replication provider | 1.3.6.1.4.1.1466.115.121.1.40 | octetStringMatch | octetStringOrderingMatch | octetStringSubstringsMatch
ads-replEnabled	{#ads-replEnabled} | A flag set when the replication is enabled | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-replLastSentCsn	{#ads-replLastSentCsn} | the CSN that was sent to the client as part of cookie | 1.3.6.1.4.1.4203.666.11.2.1 | csnMatch | csnOrderingMatch | 
ads-replPeerCertificate	{#ads-replPeerCertificate} | X.509 certificate of the replica peer |  |  |  | 
ads-replProvHostName	{#ads-replProvHostName} | replication provider host name | 1.3.6.1.4.1.1466.115.121.1.26 | caseIgnoreIA5Match | caseIgnoreOrderingMatch | caseIgnoreSubstringsMatch
ads-replProvPort	{#ads-replProvPort} | replication provider port number | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-replRefreshInterval	{#ads-replRefreshInterval} | time interval between two refreshOnly sessions | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-replRefreshNPersist	{#ads-replRefreshNPersist} | flag indicating refreshAndPersist mode of replication | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-replReqHandler	{#ads-replReqHandler} | FQCN of the replication replication request handler on a master/provider | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-replSearchFilter	{#ads-replSearchFilter} | Search filter used in replication | 1.3.6.1.4.1.1466.115.121.1.26 | caseIgnoreIA5Match | caseIgnoreOrderingMatch | caseIgnoreSubstringsMatch
ads-replSearchScope	{#ads-replSearchScope} | the search scope of the replication | 1.3.6.1.4.1.18060.0.4.1.0.10 | caseExactMatch | caseExactOrderingMatch | 
ads-replSearchSizeLimit	{#ads-replSearchSizeLimit} | size limit imposed during replication refreshOnly phase | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-replSearchTimeOut	{#ads-replSearchTimeOut} | search timeout imposed during replication refreshOnly phase | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-replStrictCertValidation	{#ads-replStrictCertValidation} | flag to indicate strict certificate validation | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-replUserDn	{#ads-replUserDn} | user DN used for authenticating with replication provider | 1.3.6.1.4.1.1466.115.121.1.12 | distinguishedNameMatch |  | 
ads-replUserPassword	{#ads-replUserPassword} | replication user password | 1.3.6.1.4.1.1466.115.121.1.40 | octetStringMatch |  | 
ads-replUseTls	{#ads-replUseTls} | flag to indicate the use of TLS | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-saslHost	{#ads-saslHost} | The name of this host, validated during SASL negotiation | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-saslMechClassName	{#ads-saslMechClassName} | Fully qualified class name of SASL mechanism implementation | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-saslMechHandlers	{#ads-saslMechHandlers} | The reference to the SASL mechanism Handlers | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-saslMechName	{#ads-saslMechName} | SASL mechanism name | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-saslPrincipal	{#ads-saslPrincipal} | The service principal, used by GSSAPI | 1.3.6.1.4.1.1466.115.121.1.26 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-saslRealms	{#ads-saslRealms} | The realms serviced by this SASL host | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-searchBaseDN	{#ads-searchBaseDN} | base DN of the DIT to be searched or replicated | 1.3.6.1.4.1.1466.115.121.1.12 | distinguishedNameMatch | distinguishedNameMatch | 
ads-serverId	{#ads-serverId} | The server ID | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-servers	{#ads-servers} | The references to the servers | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-systemPort	{#ads-systemPort} | Port number on system | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-transportAddress	{#ads-transportAddress} | The Address to listen on. | 1.3.6.1.4.1.1466.115.121.1.26 | caseIgnoreOrderingMatch | caseExactOrderingMatch | caseIgnoreIA5SubstringsMatch
ads-transportBacklog	{#ads-transportBacklog} | The number of messages waiting to be processed. | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-transportEnableSSL	{#ads-transportEnableSSL} | Tells if this transport support SSL. | 1.3.6.1.4.1.1466.115.121.1.7 | booleanMatch |  | 
ads-transportId	{#ads-transportId} | The transport ID | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
ads-transportNbThreads	{#ads-transportNbThreads} | The number of threads to use for the Acceptor | 1.3.6.1.4.1.1466.115.121.1.27 | integerMatch | integerOrderingMatch | 
ads-transports	{#ads-transports} | The reference to the associated transports | 1.3.6.1.4.1.1466.115.121.1.44 | caseExactMatch | caseExactOrderingMatch | caseExactSubstringsMatch
\ No newline at end of file



Mime
View raw message