This schema defines the XML schema elements and attributes which should be used to specify the server's configuration model. Broadly speaking, there are three main components to this schema: managed objects, properties, and relations. Using these components it is possible to model the server's configuration based on its configurable components (managed objects), their configurable attributes (properties), and their relationships with other configurable components (relations). Defines the structure of a configurable component within the configuration. A managed object comprises of zero or more properties, and zero or more relations with other managed objects. A managed object can be abstract, indicating that it cannot be instantiated directly, and that it is intended as a base definition from which other child managed objects inherit their behavior. Conversely, a managed object can be derived from a parent managed object definition. In this case, the managed object will inherit the properties and relations defined by the parent. Multiple levels of inheritance are supported, but multiple inheritance is not. An annotation specifying remaining work or unsolved problems relating to this managed object definition. Its use is primarily for development purposes and should not be processed by applications. The user friendly name of this managed object. This element is optional and by default the user friendly name is derived from the definition's name attribute. The user friendly plural name of this managed object. This element is optional and by default the user friendly plural name is derived from the definition's plural-name attribute. A brief description of this managed object. The description should describe, preferably in one sentence, the purpose of this managed object. The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). A detailed description of this managed object. The description should describe in detail the purpose of this managed object. The description should be suitable for use in applications such as manual pages or detailed help. It does not need to repeat anything described in the synopsis as applications should normally display the two together. It is possible to embed rich content including XHTML markup (this will only be used where supported). The name of a tag defined in the root configuration definition. Tags can be used to group related managed object definitions together. For example, all managed objects that are associated with password management might be tagged with "password" (assuming that there is a "password" tag defined in the root configuration). Tags are inherited by derived managed object definitions. The name of the referenced tag. There must be an accompanying tag definition in the root configuration definition. A constraint on the properties of this managed object. A constraint comprises of a condition which must always evaluate to true before a modification is permitted. A brief description of this constraint. The description should describe, preferably in one sentence, the purpose the condition associated with this constraint. The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). The condition associated with this constraint. The condition must evaluate to true before modifications are permitted. An annotation relating to this managed object. Annotations can define additional information which cannot be directly represented using this XML schema. The additional information can relate to specific applications such as LDAP (e.g. LDAP object classes), CLIs (e.g. sub-command name), GUIs (e.g. how properties should be arranged and grouped in a window). Specifies a composition relationship between this managed object and other "child" managed objects. The relationship can be a singleton relationship (i.e. one to one), an optional relationship (i.e. one to zero or one), or a one to many relationship. Defines a configurable property of this managed object. A property's value or values affects the behavior of this managed object. Various different types of properties are supported, for example, strings, integers, etc. A property definition must not override a property defined elsewhere in this managed object or property inherited from a parent definition. Overrides a property definition inherited from a parent managed object definition. Using a property override it is possible to modify the behavior of an inherited property definition in a non-critical way. For example, a managed object definition might override the default behavior of an inherited Java implementation class property so that new instances are created with the correct default implementation class. A reference to a common property definition defined in a package, which should be part of this managed object's definition. An internationalized description string which can contain XHTML markup. The name of the product associated with this definition. The name of the managed object associated with this definition. The plural name of the managed object associated with this definition. An internationalized description string which cannot contain XHTML markup. Defines a configurable property of a managed object. A property's value or values affects the behavior of the associated managed object. Various different types of properties are supported, for example, strings, integers, etc. A property definition must not override a property defined elsewhere in the managed object or property inherited from a parent managed object. An annotation specifying remaining work or unsolved problems relating to this property definition. Its use is primarily for development purposes and should not be processed by applications. A brief description of this property. The description should describe, preferably in one sentence, the purpose of this property. It does not need to provide details regarding default behavior, syntax, nor how changes take effect (e.g. immediately, post-restart, etc). The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). A detailed description of this property. The description should describe in detail the purpose of this property. The description should be suitable for use in applications such as manual pages or detailed help. It does not need to repeat anything described in the synopsis as applications should normally display the two together. In addition, it does not need to provide details regarding default behavior, syntax, nor how changes take effect (e.g. immediately, post-restart, etc). It is possible to embed rich content including XHTML markup (this will only be used where supported). Defines an optional action which administators must perform after they have modified this property. By default modifications to properties are assumed to take effect immediately and require no additional administrative action. Developers should be aware that, where feasible, they should implement components such that property modifications require no additional administrative action. This is required in order to minimize server downtime during administration and provide a more user-friendly experience. Defines a default behavior for the property when it has no values specified. All properties must have a default behavior defined unless they are mandatory. Defines the syntax of this property. This includes the data type used for the property and additional constraints (e.g. upper/lower bounds). An annotation relating to this property. Annotations can define additional information which cannot be directly represented using this XML schema. The additional information can relate to specific applications such as LDAP (e.g. LDAP attributes), CLIs (e.g. operand name), GUIs (e.g. how properties should be arranged and grouped in a window). The name of this property. The name should describe as concisely as possible the purpose of this property and should be suitable for use in Java method names (e.g. getters and setters). The property name should be a string comprising of short lower-case words joined with hyphens "-". For example, "use-ssl". Indicates whether or not this property is multi-valued. By default, properties are single-valued. Indicates whether or not this property is read-only. By default, properties are not read-only. Read-only properties can only be initialized during construction of the associated managed object and cannot be modified once the managed object has been created. Indicates whether or not this property is read-only and generated automatically by the server as monitoring information. By default, properties are not for monitoring. Monitoring properties are always read-only because their values are generated by the server. During construction of a managed object their values are undefined. Indicates whether or not this property is mandatory. Mandatory properties are usually those properties which have no sensible default behavior and must, therefore, be specified by administrators. If a mandatory property has default values these will be used as the values for the property if none are specified by the user. Indicates whether or not this property should be hidden from client applications. Hidden properties should rarely be used but are sometimes required in order to provide functionality that needs to be exposed in management APIs but not in front-ends such as CLIs. Indicates whether or not this property should be treated as an advanced property and hidden by default in client applications. Advanced properties should either be optional (i.e. not mandatory) or be mandatory with default values. This constraint is required so that users do not have to specify values for advanced properties. A reference to a common property definition defined in a package, which should be part of a managed object's definition. Optionally override the administrative action defined in the referenced property definition. An administrative action defines an optional action which administators must perform after they have modified this property. By default modifications to properties are assumed to take effect immediately and require no additional administrative action. Developers should be aware that, where feasible, they should implement components such that property modifications require no additional administrative action. This is required in order to minimize server downtime during administration and provide a more user-friendly experience. Optionally override the default behavior defined in the referenced property definition. The default behavior is applicable when the property has no values specified. All properties must have a default behavior defined unless they are mandatory. The name of the referenced property. The package containing the referenced property. By default, the package in which this managed object is defined will be used. Overrides a property definition inherited from a parent managed object definition. Using a property override it is possible to modify the behavior of an inherited property definition in a non-critical way. For example, a managed object definition might override the default behavior of an inherited Java implementation class property so that new instances are created with the correct default implementation class. Optionally override the administrative action defined in the overridden property definition. An administrative action defines an optional action which administators must perform after they have modified this property. By default modifications to properties are assumed to take effect immediately and require no additional administrative action. Developers should be aware that, where feasible, they should implement components such that property modifications require no additional administrative action. This is required in order to minimize server downtime during administration and provide a more user-friendly experience. Optionally override the default behavior defined in the overridden property definition. The default behavior is applicable when the property has no values specified. All properties must have a default behavior defined unless they are mandatory. The name of the overridden property. Optionally override the advanced option defined in the overridden property definition. Indicates whether or not this property should be treated as an advanced property and hidden by default in client applications. Advanced properties should either be optional (i.e. not mandatory) or be mandatory with default values. This constraint is required so that users do not have to specify values for advanced properties. Specifies the configuration of a default managed object which should be created when a parent managed object is created. For example, creation of a back-end could result in default indexes being created. Specifies one or more initial values for a property in the default managed object. The string representation of a value of this property. The name of the property. The type of default managed object to be created. This must be either the type of the managed object referenced by this relation (this is the default behavior) or a sub-type. The package containing the default managed object definition if it is not the same as this managed object's package. Specifies a relationship between a managed object and other managed objects. The relationship can be a singleton relationship (i.e. one to one), an optional relationship (i.e. one to zero or one), or a one to many relationship. Both compositions (the default) and aggregations are supported. Aggregations are defined by specifying the path to the referenced managed objects in the aggregation attribute. An annotation specifying remaining work or unsolved problems relating to this relation definition. Its use is primarily for development purposes and should not be processed by applications. An optional brief description of this relation. The description should describe, preferably in one sentence, the purpose of this relation. If a synopsis is not defined this relation will inherit the synopsis of the referenced managed object. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). An optional detailed description of this relation. The description should describe in detail the purpose of this relation. The description should be suitable for use in applications such as manual pages or detailed help. It does not need to repeat anything described in the synopsis as applications should normally display the two together. If a description is not defined this relation will inherit the description of the referenced managed object. It is possible to embed rich content including XHTML markup (this will only be used where supported). Specifies a one to one (singleton) relationship with another type of managed object. Defines a default managed object configuration which should be automatically created when the parent managed object is created. Specifies a one to zero or one (optional) relationship with another type of managed object. Defines a default managed object configuration which should be automatically created when the parent managed object is created. Specifies a one to many (instantiable) relationship with another type of managed object. Defines one or more default managed object configurations which should be automatically created when the parent managed object is created. Specifies the name that should be used to identify this default managed object instance. Indicates whether or not this relation contains unique members. If set to true then each referenced managed object must have a distinct type. In other words, there must not be more than one referenced managed object having the same type. By default, properties are single-valued. Specifies the plural name of this relation if different from the plural name of the referenced managed object type. Specifies the name of a property in the referenced managed object which should be used for naming instances. For example, an attribute index managed object could be named according to the attribute that it indexes. If present, the naming property must reference a single-valued, mandatory, read-only property. If it is not present, the administration framework will use the default naming mechanism. An annotation relating to this relation. Annotations can define additional information which cannot be directly represented using this XML schema. The additional information can relate to specific applications such as LDAP (e.g. an LDAP RDN representing the entry beneath which managed objects should be located). The name of this relation. The name should describe as concisely as possible the purpose of this relation and should be suitable for use in Java method names (e.g. getters and setters). The property name should be a string comprising of short lower-case words joined with hyphens "-". For example, "key-manager-provider". Usually the name will correspond to the name of the referenced type of managed object. If it this is not the case, then the type of referenced managed object should be specified using the "managed-object-name" attribute. The type of managed object referenced by this relation if different from this relation's name. The package containing the referenced managed object definition if it is not the same as this managed object's package. Indicates whether or not managed objects referenced by this relation should be treated as advanced and be hidden by default in client applications. Indicates whether or not this relation should be hidden from client applications. Hidden relations should rarely be used but are sometimes required in order to provide functionality that needs to be exposed in management APIs but not in front-ends such as CLIs. Defines an optional action which administators must perform after they have modified a property. By default modifications to properties are assumed to take effect immediately and require no additional administrative action. Developers should be aware that, where feasible, they should implement components such that property modifications require no additional administrative action. This is required in order to minimize server downtime during administration and provide a more user-friendly experience. Used when modifications to a property take effect immediately, and no additional administrator action is required. An optional description which can be used to describe how changes to the modified property will take effect. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Used when modifications to a property require a server restart in order to take effect. An optional description of this required administrative action. The description should describe, preferably in one sentence, what additional administrator action is required when the server is restarted. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Used when modifications to a property require a component restart in order to take effect (usually by disabling and re-enabling the component). An optional description of this required administrative action. The description should describe, preferably in one sentence, what additional administrator action is required when the component is restarted. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Used when modifications to a property require an additional administrative action in order to take effect. This should be used when neither a server restart nor a component restart are applicable. A brief description of this required administrative action. The description should describe, preferably in one sentence, what additional administrator action is required when this property is modified. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Defines a default behavior for a property when it has no values specified. All properties must have a default behavior defined unless they are mandatory. Used when a property has no tangible default behavior - its default behavior is undefined. Used when a property defaults to some special behavior that cannot be represented using property values. A brief description of this default behavior. The description should describe, preferably in one sentence, the default behavior. If present, the synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). An annotation relating to this default behavior. Annotations can define additional information which cannot be directly represented using this XML schema. The additional information can relate to specific applications. Used when a property defaults to one or more real values of the property. The string representation of a value of this property. Used when a property defaults one or more values taken from a property in another managed object. Used when the managed object providing the default values is located relative to this managed object. The relative location of the managed object (where 0 is this managed object, 1 is the parent, and 2 is the grand-parent). The type of managed object providing the default values. The package containing the managed object definition if it is not the same as this managed object's package. The name of the property containing the default values. Used when the managed object providing the default values is in a known absolute location. The location of the managed object containing the default values. The name of the property containing the default values. Defines the syntax of a property. This includes the data type used for the property and additional constraints on the values it contains (e.g. upper/lower bounds). An aggregation property names one or more managed objects which are required by the managed object associated with this property. An aggregation property definition takes care to perform referential integrity checks: referenced managed objects cannot be deleted. Nor can an aggregation reference non-existent managed objects. Referential integrity checks are not performed during value validation. Instead they are performed when changes to the managed object are committed. An optional constraint on the relationship between this managed object and referenced managed objects. The constraint specifies when and how referenced managed objects must be enabled. A brief description of the constraints applicable to referenced managed objects. The description should describe, preferably in one sentence, when referenced should be enabled and how they should be enabled. The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). A condition which indicates whether or not referenced managed objects must be enabled. The default behavior is that all referenced managed objects must be enabled. A condition which indicates whether or not referenced managed objects are enabled. Managed objects are assumed to be enabled by default. The name of the managed object which is the parent of the aggregated managed objects. The relation in the parent managed object which contains the aggregated managed objects. The type of managed object referenced by this aggregation if different from this relation's name. The package containing the referenced managed object definition if it is not the same as this managed object's package. Used for properties which contain LDAP attribute type names. Used for properties which contain Extensible matching rule type names. Used for properties which are best represented using boolean on/off type values. Used for properties which contain LDAP distinguished names. Indicates that values of this property must be immediately subordinate to the specified base DN. Used for properties which contain dseecompat ACIs. Used for properties which reference a Java class. These are typically used in plugins where the java class property identifies a class implementing the plugin's functionality. It is possible to restrict the values of this property using the instance-of attribute. Note that it is only possible to validate values on the server, since client applications don't necessarily have the same classes on their class-path. Indicates that values of this property must implement the specified Java interface. Note that it is only possible to perform validation on the server, since client applications don't necessarily have the same classes on their class-path. Used for properties which contain integer values. Where appropriate it is possible to provide a description of the units for values of this property (e.g. "number of threads"). An optional description of the units for this value of this property (e.g. "number of threads"). The description should describe the unit, preferably in one sentence. If present, the description should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Indicates whether or not this property supports a special value representing infinity. This is useful where properties are used to constrain some behavior and the administrator wishes to remove the constraint (e.g. number of simultaneous client connections). Indicates a lower limit for this integer property. Indicates an upper limit for this integer property. Used for properties which contain IP addresses. IPv4 and IPv6 address forms are supported. In addition name resolution is performed when non-numeric addresses are specified. Used for properties which contain IP address masks. IPv4 and IPv6 address mask forms are supported. Used for properties which represent a computer storage size. Sizes can be specified using both decimal and binary units. For example, "1kb" represents 1000 bytes, and "1kib" represents 1024 bytes. Values must always specify the unit and can include a fractional part (e.g. 1.5mb). Both short and long unit names are supported (e.g. "kb" and "kilobytes"). Indicates whether or not this property supports a special value representing infinity. This is useful where properties are used to constrain some behavior and the administrator wishes to remove the constraint (e.g. maximum log size). Indicates a lower limit for this size property. Indicates an upper limit for this size property. Used for properties which contain a time duration. Specifies the minimum granularity which can be used to specify duration property values. For example, if the base unit is in seconds then values represented in milliseconds will not be permitted. The default base unit is seconds. Specifies the biggest duration unit which can be used to specify duration property values. Values presented in units greater than this unit will not be permitted. There is no default maximum unit. Indicates whether or not this property supports a special value representing infinity. This is useful where properties are used to constrain some behavior and the administrator wishes to remove the constraint (e.g. connection time-out). Indicates a lower limit for this duration property. Indicates an upper limit for this duration property. Used for properties which contain passwords. Values will be represented using strings which are then encrypted. Typically password properties are write-only and should never be displayed in client applications (even during creation). Used for properties which contain values taken from a finite set of values. There must be at least one possible value defined. Defines one of the possible values that this property can contain. A description of this enumeration value. The description should describe the behavior indicated by the value preferably in one sentence. The description should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). The name of this enumeration value. The name should describe as concisely as possible the behavior indicated by this value and should be suitable for use in Java source code (e.g. enumerations). The enumeration value name should be a string comprising of short lower-case words joined with hyphens "-". For example, "optional". Used for properties which contain string values. It is possible to contrain the permitted set of values using a regular expression. Constrains the permitted set of values using a regular expression. All values of this property must match the provided regular expression. The regular expression conforming to the syntax supported by the Java "java.util.regex.Pattern" class. The usage string which should be displayed in help relating to this string based property. For example, a pattern which is used to match a host/port string could have the usage HOST:PORT. An description of the regular expression (e.g. "email address"). The description should describe the type of string represented by the regular expression, preferably in one sentence. If present, the description should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). Indicates whether or not values of this property should be treated in a case-insensitive manner. An identifier name comprising of a 1 or more sequences of lower case letters or digits separated by a single hyphen '-'. The first sequence must begin with a letter. An identifier name comprising of a 1 or more sequences of lower case letters or digits separated by a single dot '.'. The first sequence must begin with a letter. A managed object path which can be used to specify the location of referenced managed objects. A managed object path has a similar syntax to unix file system paths, and comprises of zero or more path elements separated by a forward slash "/". The root configuration is referenced using the path "/". Subsequent path elements identify subordinate managed objects. Each path element is comprised of the relation name, an optional definition name, and the name of the managed object instance if the relation is one-to-many. The path "/relation=connection-handler+name=my handler" identifies a connection handler called "my handler" where "my handler" can be any type of connection handler. If "my handler" must be an LDAP connection handler then the type needs to be specified in the path: "/relation=connection-handler+type=ldap-connection-handler+name=my handler". The global configuration is identified by the path "/relation=global-configuration" (no name is required because the relation is one-to-one). An annotation relating to the associated element. Annotations can define additional information which cannot be directly represented using this XML schema. The additional information can relate to specific applications such as CLIs, GUIs, etc. The name of this profile e.g. "ldap". Defines the root managed object and its relationships with top-level managed objects. The root managed object serves as a single point of access to the rest of the configuration. It is essentially a virtual managed object and has no properties of its own, just relationships. There can only be a single root managed object defined per configuration model. The name of the product associated with this configuration model. Defines a tag which can be used to group related types of managed object. Administration tools can take advantage of managed object tags to make it easier for users to discover related components. A brief description of this tag. The description should describe, preferably in one sentence, the types of managed object that this tag applies to. The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). The name of the product associated with this definition. The name of this tag. The name should describe as concisely as possible the purpose of this tag and should be suitable for use in Java method names (e.g. getters and setters). The property name should be a string comprising of short lower-case words joined with hyphens "-". For example, "security". The name of this root managed object, which is always "root". The package containing this root managed object, which is always "org.forgerock.opendj.server.config". Defines the structure of a configurable component within the configuration. A managed object comprises of zero or more properties, and zero or more relations with other managed objects. A managed object can be abstract, indicating that it cannot be instantiated directly, and that it is intended as a base definition from which other child managed objects inherit their behavior. Conversely, a managed object can be derived from a parent managed object definition. In this case, the managed object will inherit the properties and relations defined by the parent. Multiple levels of inheritance are supported, but multiple inheritance is not. The name of this managed object. The name should describe as concisely as possible the role of this managed object and should be suitable for use in Java method names (e.g. class names). The managed object name should be a string comprising of short lower-case words joined with hyphens "-". For example, "ldap-connection-handler". NOTE: a managed object name must end in the name of the definition's uppermost super-type. For example, "ldap-connection-handler" is a sub-type of "connection-handler" and therefore ends in "-connection-handler". The plural name of this managed object. The plural name should correspond to the singular name defined in the "name" attribute and it should be suitable for use in Java method names (e.g. getters). The managed object plural name should be a string comprising of short lower-case words joined with hyphens "-". For example, "ldap-connection-handlers". The package containing this managed object. Indicates whether or not this managed object is abstract. Abstract managed objects cannot be instantiated directly and are intended for use as base definitions for inheritance. Indicates whether or not this managed object should be treated as advanced and therefore should be hidden by default in client applications. This feature is not inherited by child managed objects. Indicates whether or not this managed object should be hidden from client applications. Hidden managed objects should rarely be used but are sometimes required in order to provide functionality that needs to be exposed in management APIs but not in front-ends such as CLIs. Indicates whether or not this managed object inherits from a parent managed object and, if so, the name of the parent. If specified, this managed object will inherit all of the properties and relations defined in the parent managed object. The package containing the parent managed object. By default, the package in which this managed object is defined will be used. Defines a common information associated with all managed objects defined in the containing package. A package definition comprises of a description of the package together with common property definitions which can be referenced from within managed objects using "property-reference" elements. Sharing property definitions in this way makes maintenance easier in situations where the property definition needs modifying, since all referencing managed objects will automatically inherit the changes. An annotation specifying remaining work or unsolved problems relating to this package definition. Its use is primarily for development purposes and should not be processed by applications. A brief description of this package. The description should describe, preferably in one sentence, the purpose of this package, for example, the type of managed objects it defines. The synopsis should be suitable for use in applications such as tool-tips, CLI help, and the summary description in Javadoc. It is possible to embed rich content including XHTML markup (this will only be used where supported). A detailed description of this package. The description should describe in detail the purpose of this package. The description should be suitable for use in applications such as manual pages or detailed help. It does not need to repeat anything described in the synopsis as applications should normally display the two together. It is possible to embed rich content including XHTML markup (this will only be used where supported). Defines a common configurable property for this package. Managed objects can inherit this property definition by referencing it using a "property-reference" element. The package containing this package definition. A condition which evaluates to true if the sub-condition is false, or false if the sub-condition is true. A condition which evaluates to true if and only if all of its sub-conditions are true. A condition which evaluates to false if and only if none of its sub-conditions are true. Creates a condition which evaluates to false if and only if the first sub-condition evaluates to true and the second sub-condition evaluates to false. This can be used to represent if-then relationships. A condition which evaluates to true if and only if a property contains a particular value. The name of the property to be tested. The property value. Creates a condition which evaluates to true if and only if a particular property has any values specified. The name of the property to be tested.