Amster

SunDSWithOpenAMSchema

Realm Operations

Resource path:

/realm-config/services/id-repositories/LDAPv3ForAMDS

Resource version: 1.0

create

Usage

am> create SunDSWithOpenAMSchema --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "roleconfig" : {
      "type" : "object",
      "title" : "Role Configuration",
      "propertyOrder" : 6,
      "properties" : {
        "sun-idrepo-ldapv3-config-nsrolefilter" : {
          "title" : "Attribute Name of Filtered Role Filter",
          "description" : "",
          "propertyOrder" : 4900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-nsroledn" : {
          "title" : "Attribute Name of Role Membership.",
          "description" : "",
          "propertyOrder" : 4800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-roles-search-attribute" : {
          "title" : "LDAP Roles Search Attribute",
          "description" : "",
          "propertyOrder" : 3900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-role-attributes" : {
          "title" : "LDAP Roles Attributes",
          "description" : "",
          "propertyOrder" : 4200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterrole-objectclass" : {
          "title" : "LDAP Filter Roles Object Class",
          "description" : "",
          "propertyOrder" : 4500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterrole-attributes" : {
          "title" : "LDAP Filter Roles Attributes",
          "description" : "",
          "propertyOrder" : 4600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-nsrole" : {
          "title" : "Attribute Name for Filtered Role Membership",
          "description" : "",
          "propertyOrder" : 4700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-roles-search-filter" : {
          "title" : "LDAP Roles Search Filter",
          "description" : "",
          "propertyOrder" : 4000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterroles-search-attribute" : {
          "title" : "LDAP Filter Roles Search Attribute",
          "description" : "",
          "propertyOrder" : 4300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterroles-search-filter" : {
          "title" : "LDAP Filter Roles Search Filter",
          "description" : "",
          "propertyOrder" : 4400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-role-objectclass" : {
          "title" : "LDAP Roles Object Class",
          "description" : "",
          "propertyOrder" : 4100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "userconfig" : {
      "type" : "object",
      "title" : "User Configuration",
      "propertyOrder" : 3,
      "properties" : {
        "sun-idrepo-ldapv3-config-users-search-filter" : {
          "title" : "LDAP Users  Search Filter",
          "description" : "",
          "propertyOrder" : 2200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-value" : {
          "title" : "LDAP People Container Value",
          "description" : "",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-objectclass" : {
          "title" : "LDAP User Object Class",
          "description" : "",
          "propertyOrder" : 2300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-name" : {
          "title" : "LDAP People Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 5000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attr" : {
          "title" : "Knowledge Based Authentication Attribute Name",
          "description" : "",
          "propertyOrder" : 5300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-isactive" : {
          "title" : "Attribute Name of User Status",
          "description" : "",
          "propertyOrder" : 2600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-active" : {
          "title" : "User Status Active Value",
          "description" : "",
          "propertyOrder" : 2700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-inactive" : {
          "title" : "User Status Inactive Value",
          "description" : "",
          "propertyOrder" : 2800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-createuser-attr-mapping" : {
          "title" : "Create User Attribute Mapping",
          "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName",
          "propertyOrder" : 2500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : {
          "title" : "Knowledge Based Authentication Attempts Attribute Name",
          "description" : "",
          "propertyOrder" : 5410,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-attribute" : {
          "title" : "LDAP Users  Search Attribute",
          "description" : "",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-attributes" : {
          "title" : "LDAP User Attributes",
          "description" : "",
          "propertyOrder" : 2400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-index-attr" : {
          "title" : "Knowledge Based Authentication Active Index",
          "description" : "",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "ldapsettings" : {
      "type" : "object",
      "title" : "Server Settings",
      "propertyOrder" : 0,
      "properties" : {
        "sun-idrepo-ldapv3-config-authid" : {
          "title" : "LDAP Bind DN",
          "description" : "A user or admin with sufficient access rights to perform the supported operations.",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-search-scope" : {
          "title" : "LDAPv3 Plug-in Search Scope",
          "description" : "",
          "propertyOrder" : 2000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_min_size" : {
          "title" : "LDAP Connection Pool Minimum Size",
          "description" : "",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-timeunit" : {
          "title" : "LDAP Connection Heartbeat Time Unit",
          "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_max_size" : {
          "title" : "LDAP Connection Pool Maximum Size",
          "description" : "",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-authpw" : {
          "title" : "LDAP Bind Password",
          "description" : "",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-behera-support-enabled" : {
          "title" : "Behera Support Enabled",
          "description" : "When enabled, Behera draft control will be used in the outgoing requests for operations that may modify password value. This will allow OpenAM to display password policy related error messages when password policies are not met.",
          "propertyOrder" : 6100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchbase" : {
          "title" : "LDAP Connection Heartbeat Search Base",
          "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1301,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-ldap-server" : {
          "title" : "LDAP Server",
          "description" : "Format: LDAP server host name:port | server_ID | site_ID",
          "propertyOrder" : 600,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "minItems" : 1,
          "type" : "array",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-interval" : {
          "title" : "LDAP Connection Heartbeat Interval",
          "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-max-result" : {
          "title" : "Maximum Results Returned from Search",
          "description" : "",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-time-limit" : {
          "title" : "Search Timeout",
          "description" : "In seconds.",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-organization_name" : {
          "title" : "LDAP Organization DN",
          "description" : "",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-affinity-enabled" : {
          "title" : "Affinity Enabled",
          "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.",
          "propertyOrder" : 6200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection-mode" : {
          "title" : "LDAP Connection Mode",
          "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchfilter" : {
          "title" : "LDAP Connection Heartbeat Search Filter",
          "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1302,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "groupconfig" : {
      "type" : "object",
      "title" : "Group Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "sun-idrepo-ldapv3-config-group-container-value" : {
          "title" : "LDAP Groups Container Value",
          "description" : "",
          "propertyOrder" : 3200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-objectclass" : {
          "title" : "LDAP Groups Object Class",
          "description" : "",
          "propertyOrder" : 3300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-attributes" : {
          "title" : "LDAP Groups Attributes",
          "description" : "",
          "propertyOrder" : 3400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-uniquemember" : {
          "title" : "Attribute Name of Unique Member",
          "description" : "",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-filter" : {
          "title" : "LDAP Groups Search Filter",
          "description" : "",
          "propertyOrder" : 3000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-attribute" : {
          "title" : "LDAP Groups Search Attribute",
          "description" : "",
          "propertyOrder" : 2900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberof" : {
          "title" : "Attribute Name for Group Membership",
          "description" : "",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-name" : {
          "title" : "LDAP Groups Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 3100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberurl" : {
          "title" : "Attribute Name of Group Member URL",
          "description" : "",
          "propertyOrder" : 3700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "persistentsearch" : {
      "type" : "object",
      "title" : "Persistent Search Controls",
      "propertyOrder" : 7,
      "properties" : {
        "sun-idrepo-ldapv3-config-psearchbase" : {
          "title" : "Persistent Search Base DN",
          "description" : "",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-filter" : {
          "title" : "Persistent Search Filter",
          "description" : "",
          "propertyOrder" : 5600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-scope" : {
          "title" : "Persistent Search Scope",
          "description" : "",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "cachecontrol" : {
      "type" : "object",
      "title" : "Cache Control",
      "propertyOrder" : 9,
      "properties" : {
        "sun-idrepo-ldapv3-dncache-enabled" : {
          "title" : "DN Cache",
          "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-dncache-size" : {
          "title" : "DN Cache Size",
          "description" : "In DN items, only used when DN Cache is enabled.",
          "propertyOrder" : 6000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "pluginconfig" : {
      "type" : "object",
      "title" : "Plug-in Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sunIdRepoClass" : {
          "title" : "LDAPv3 Repository Plug-in Class Name",
          "description" : "",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sunIdRepoSupportedOperations" : {
          "title" : "LDAPv3 Plug-in Supported Types and Operations",
          "description" : "",
          "propertyOrder" : 1900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sunIdRepoAttributeMapping" : {
          "title" : "Attribute Name Mapping",
          "description" : "",
          "propertyOrder" : 1800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "authentication" : {
      "type" : "object",
      "title" : "Authentication Configuration",
      "propertyOrder" : 4,
      "properties" : {
        "sun-idrepo-ldapv3-config-auth-naming-attr" : {
          "title" : "Authentication Naming Attribute",
          "description" : "",
          "propertyOrder" : 5200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "errorhandling" : {
      "type" : "object",
      "title" : "Error Handling Configuration",
      "propertyOrder" : 8,
      "properties" : {
        "com.iplanet.am.ldap.connection.delay.between.retries" : {
          "title" : "The Delay Time Between Retries",
          "description" : "In milliseconds.",
          "propertyOrder" : 5800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}

delete

Usage

am> delete SunDSWithOpenAMSchema --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

getAllTypes

Obtain the collection of all secondary configuration types related to the resource.

Usage

am> action SunDSWithOpenAMSchema --realm Realm --actionName getAllTypes

getCreatableTypes

Obtain the collection of secondary configuration types that have yet to be added to the resource.

Usage

am> action SunDSWithOpenAMSchema --realm Realm --actionName getCreatableTypes

nextdescendents

Obtain the collection of secondary configuration instances that have been added to the resource.

Usage

am> action SunDSWithOpenAMSchema --realm Realm --actionName nextdescendents

query

Get the full list of instances of this collection. This query only supports _queryFilter=true filter.

Usage

am> query SunDSWithOpenAMSchema --realm Realm --filter filter

Parameters

--filter

A CREST formatted query filter, where "true" will query all.

read

Usage

am> read SunDSWithOpenAMSchema --realm Realm --id id

Parameters

--id

The unique identifier for the resource.

update

Usage

am> update SunDSWithOpenAMSchema --realm Realm --id id --body body

Parameters

--id

The unique identifier for the resource.

--body

The resource in JSON format, described by the following JSON schema:

{
  "type" : "object",
  "properties" : {
    "roleconfig" : {
      "type" : "object",
      "title" : "Role Configuration",
      "propertyOrder" : 6,
      "properties" : {
        "sun-idrepo-ldapv3-config-nsrolefilter" : {
          "title" : "Attribute Name of Filtered Role Filter",
          "description" : "",
          "propertyOrder" : 4900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-nsroledn" : {
          "title" : "Attribute Name of Role Membership.",
          "description" : "",
          "propertyOrder" : 4800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-roles-search-attribute" : {
          "title" : "LDAP Roles Search Attribute",
          "description" : "",
          "propertyOrder" : 3900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-role-attributes" : {
          "title" : "LDAP Roles Attributes",
          "description" : "",
          "propertyOrder" : 4200,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterrole-objectclass" : {
          "title" : "LDAP Filter Roles Object Class",
          "description" : "",
          "propertyOrder" : 4500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterrole-attributes" : {
          "title" : "LDAP Filter Roles Attributes",
          "description" : "",
          "propertyOrder" : 4600,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-nsrole" : {
          "title" : "Attribute Name for Filtered Role Membership",
          "description" : "",
          "propertyOrder" : 4700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-roles-search-filter" : {
          "title" : "LDAP Roles Search Filter",
          "description" : "",
          "propertyOrder" : 4000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterroles-search-attribute" : {
          "title" : "LDAP Filter Roles Search Attribute",
          "description" : "",
          "propertyOrder" : 4300,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-filterroles-search-filter" : {
          "title" : "LDAP Filter Roles Search Filter",
          "description" : "",
          "propertyOrder" : 4400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-role-objectclass" : {
          "title" : "LDAP Roles Object Class",
          "description" : "",
          "propertyOrder" : 4100,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "userconfig" : {
      "type" : "object",
      "title" : "User Configuration",
      "propertyOrder" : 3,
      "properties" : {
        "sun-idrepo-ldapv3-config-users-search-filter" : {
          "title" : "LDAP Users  Search Filter",
          "description" : "",
          "propertyOrder" : 2200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-value" : {
          "title" : "LDAP People Container Value",
          "description" : "",
          "propertyOrder" : 5100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-objectclass" : {
          "title" : "LDAP User Object Class",
          "description" : "",
          "propertyOrder" : 2300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-people-container-name" : {
          "title" : "LDAP People Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 5000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attr" : {
          "title" : "Knowledge Based Authentication Attribute Name",
          "description" : "",
          "propertyOrder" : 5300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-isactive" : {
          "title" : "Attribute Name of User Status",
          "description" : "",
          "propertyOrder" : 2600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-active" : {
          "title" : "User Status Active Value",
          "description" : "",
          "propertyOrder" : 2700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-inactive" : {
          "title" : "User Status Inactive Value",
          "description" : "",
          "propertyOrder" : 2800,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-createuser-attr-mapping" : {
          "title" : "Create User Attribute Mapping",
          "description" : "Format: attribute name or TargetAttributeName=SourceAttributeName",
          "propertyOrder" : 2500,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-attempts-attr" : {
          "title" : "Knowledge Based Authentication Attempts Attribute Name",
          "description" : "",
          "propertyOrder" : 5410,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-users-search-attribute" : {
          "title" : "LDAP Users  Search Attribute",
          "description" : "",
          "propertyOrder" : 2100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-user-attributes" : {
          "title" : "LDAP User Attributes",
          "description" : "",
          "propertyOrder" : 2400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-auth-kba-index-attr" : {
          "title" : "Knowledge Based Authentication Active Index",
          "description" : "",
          "propertyOrder" : 5400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "ldapsettings" : {
      "type" : "object",
      "title" : "Server Settings",
      "propertyOrder" : 0,
      "properties" : {
        "sun-idrepo-ldapv3-config-authid" : {
          "title" : "LDAP Bind DN",
          "description" : "A user or admin with sufficient access rights to perform the supported operations.",
          "propertyOrder" : 700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-search-scope" : {
          "title" : "LDAPv3 Plug-in Search Scope",
          "description" : "",
          "propertyOrder" : 2000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_min_size" : {
          "title" : "LDAP Connection Pool Minimum Size",
          "description" : "",
          "propertyOrder" : 1100,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-timeunit" : {
          "title" : "LDAP Connection Heartbeat Time Unit",
          "description" : "Defines the time unit corresponding to the Heartbeat Interval setting.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Interval parameter to define the exact interval.",
          "propertyOrder" : 1400,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection_pool_max_size" : {
          "title" : "LDAP Connection Pool Maximum Size",
          "description" : "",
          "propertyOrder" : 1200,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-authpw" : {
          "title" : "LDAP Bind Password",
          "description" : "",
          "propertyOrder" : 800,
          "required" : false,
          "type" : "string",
          "format" : "password",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-behera-support-enabled" : {
          "title" : "Behera Support Enabled",
          "description" : "When enabled, Behera draft control will be used in the outgoing requests for operations that may modify password value. This will allow OpenAM to display password policy related error messages when password policies are not met.",
          "propertyOrder" : 6100,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchbase" : {
          "title" : "LDAP Connection Heartbeat Search Base",
          "description" : "Defines the search base to the KeepAlive and Availability Search request.<br><br>This setting controls the search base to the KeepAlive and Availability search request. The default value for search base DN is \"\". The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1301,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-ldap-server" : {
          "title" : "LDAP Server",
          "description" : "Format: LDAP server host name:port | server_ID | site_ID",
          "propertyOrder" : 600,
          "required" : true,
          "items" : {
            "type" : "string"
          },
          "minItems" : 1,
          "type" : "array",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-heartbeat-interval" : {
          "title" : "LDAP Connection Heartbeat Interval",
          "description" : "Specifies how often should OpenAM send a heartbeat request to the directory.<br><br>This setting controls how often OpenAM <b>should</b> send a heartbeat search request to the configured directory. If a connection becomes unresponsive (e.g. due to a network error) then it may take up to the interval period before the problem is detected. Use along with the Heartbeat Time Unit parameter to define the exact interval. Zero or negative value will result in disabling heartbeat requests.",
          "propertyOrder" : 1300,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-max-result" : {
          "title" : "Maximum Results Returned from Search",
          "description" : "",
          "propertyOrder" : 1500,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-time-limit" : {
          "title" : "Search Timeout",
          "description" : "In seconds.",
          "propertyOrder" : 1600,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-organization_name" : {
          "title" : "LDAP Organization DN",
          "description" : "",
          "propertyOrder" : 900,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-affinity-enabled" : {
          "title" : "Affinity Enabled",
          "description" : "Enables affinity based request load balancing when accessing the user store servers (based on DN). It is imperative that the connection string setting is set to the same value for all OpenAM servers in the deployment when this feature is enabled.",
          "propertyOrder" : 6200,
          "required" : true,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-connection-mode" : {
          "title" : "LDAP Connection Mode",
          "description" : "Defines which protocol/operation is used to establish the connection to the LDAP Directory Server.<br><br>If 'LDAP' is selected, the connection <b>won't be secured</b> and passwords are transferred in <b>cleartext</b> over the network.<br/> If 'LDAPS' is selected, the connection is secured via SSL or TLS. <br/> If 'StartTLS' is selected, the connection is secured by using StartTLS extended operation.",
          "propertyOrder" : 1000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "openam-idrepo-ldapv3-keepalive-searchfilter" : {
          "title" : "LDAP Connection Heartbeat Search Filter",
          "description" : "Defines the search filter to the KeepAlive and Availability Search request.<br><br>This setting controls the search filter to the KeepAlive and Availability search request. The default value for search filter is \"(objectClass=*)\". The Absolute True and False filter \"(&)\" can also be used. The LDAP server connection pool will be marked as unavailable if the search fails with an error, returns no entries, or if more than one entry is returned.",
          "propertyOrder" : 1302,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "groupconfig" : {
      "type" : "object",
      "title" : "Group Configuration",
      "propertyOrder" : 5,
      "properties" : {
        "sun-idrepo-ldapv3-config-group-container-value" : {
          "title" : "LDAP Groups Container Value",
          "description" : "",
          "propertyOrder" : 3200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-objectclass" : {
          "title" : "LDAP Groups Object Class",
          "description" : "",
          "propertyOrder" : 3300,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-attributes" : {
          "title" : "LDAP Groups Attributes",
          "description" : "",
          "propertyOrder" : 3400,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-uniquemember" : {
          "title" : "Attribute Name of Unique Member",
          "description" : "",
          "propertyOrder" : 3600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-filter" : {
          "title" : "LDAP Groups Search Filter",
          "description" : "",
          "propertyOrder" : 3000,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-groups-search-attribute" : {
          "title" : "LDAP Groups Search Attribute",
          "description" : "",
          "propertyOrder" : 2900,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberof" : {
          "title" : "Attribute Name for Group Membership",
          "description" : "",
          "propertyOrder" : 3500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-group-container-name" : {
          "title" : "LDAP Groups Container Naming Attribute",
          "description" : "",
          "propertyOrder" : 3100,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-memberurl" : {
          "title" : "Attribute Name of Group Member URL",
          "description" : "",
          "propertyOrder" : 3700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "persistentsearch" : {
      "type" : "object",
      "title" : "Persistent Search Controls",
      "propertyOrder" : 7,
      "properties" : {
        "sun-idrepo-ldapv3-config-psearchbase" : {
          "title" : "Persistent Search Base DN",
          "description" : "",
          "propertyOrder" : 5500,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-filter" : {
          "title" : "Persistent Search Filter",
          "description" : "",
          "propertyOrder" : 5600,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-config-psearch-scope" : {
          "title" : "Persistent Search Scope",
          "description" : "",
          "propertyOrder" : 5700,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "cachecontrol" : {
      "type" : "object",
      "title" : "Cache Control",
      "propertyOrder" : 9,
      "properties" : {
        "sun-idrepo-ldapv3-dncache-enabled" : {
          "title" : "DN Cache",
          "description" : "Used to enable/disable the DN Cache within the OpenAM repository implementation.<br><br>The DN Cache is used to cache DN lookups which tend to happen in bursts during authentication. The DN Cache can become out of date when a user is moved or renamed in the underlying LDAP store and this is not reflected in a persistent search result. Enable when the underlying LDAP store supports persistent search and move/rename (mod_dn) results are available.",
          "propertyOrder" : 5900,
          "required" : false,
          "type" : "boolean",
          "exampleValue" : ""
        },
        "sun-idrepo-ldapv3-dncache-size" : {
          "title" : "DN Cache Size",
          "description" : "In DN items, only used when DN Cache is enabled.",
          "propertyOrder" : 6000,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    },
    "pluginconfig" : {
      "type" : "object",
      "title" : "Plug-in Configuration",
      "propertyOrder" : 2,
      "properties" : {
        "sunIdRepoClass" : {
          "title" : "LDAPv3 Repository Plug-in Class Name",
          "description" : "",
          "propertyOrder" : 1700,
          "required" : true,
          "type" : "string",
          "exampleValue" : ""
        },
        "sunIdRepoSupportedOperations" : {
          "title" : "LDAPv3 Plug-in Supported Types and Operations",
          "description" : "",
          "propertyOrder" : 1900,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        },
        "sunIdRepoAttributeMapping" : {
          "title" : "Attribute Name Mapping",
          "description" : "",
          "propertyOrder" : 1800,
          "required" : false,
          "items" : {
            "type" : "string"
          },
          "type" : "array",
          "exampleValue" : ""
        }
      }
    },
    "authentication" : {
      "type" : "object",
      "title" : "Authentication Configuration",
      "propertyOrder" : 4,
      "properties" : {
        "sun-idrepo-ldapv3-config-auth-naming-attr" : {
          "title" : "Authentication Naming Attribute",
          "description" : "",
          "propertyOrder" : 5200,
          "required" : false,
          "type" : "string",
          "exampleValue" : ""
        }
      }
    },
    "errorhandling" : {
      "type" : "object",
      "title" : "Error Handling Configuration",
      "propertyOrder" : 8,
      "properties" : {
        "com.iplanet.am.ldap.connection.delay.between.retries" : {
          "title" : "The Delay Time Between Retries",
          "description" : "In milliseconds.",
          "propertyOrder" : 5800,
          "required" : false,
          "type" : "integer",
          "exampleValue" : ""
        }
      }
    }
  }
}