Password Policy Subentry Virtual Attribute

The Password Policy Subentry Virtual Attribute generates a virtual attribute that points to the Password Policy subentry in effect for the entry.

Parent

The Password Policy Subentry Virtual Attribute object inherits from Virtual Attribute.

Basic Properties

attribute-type

SynopsisSpecifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
Default Value

pwdPolicySubentry

Allowed Values

The name of an attribute type defined in the LDAP schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

base-dn

SynopsisSpecifies the base DNs for the branches containing entries that are eligible to use this virtual attribute.
DescriptionIf no values are given, then the server generates virtual attributes anywhere in the server.
Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

enabled

SynopsisIndicates whether the Virtual Attribute is enabled for use.
Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced

No

Read-Only

No

filter

SynopsisSpecifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries.
DescriptionIf no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

group-dn

SynopsisSpecifies the DNs of the groups whose members can be eligible to use this virtual attribute.
DescriptionIf no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

scope

SynopsisSpecifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
Default Value

whole-subtree

Allowed Values

base-object: Search the base object only.

single-level: Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree: Search the entire subtree below the base object but do not include the base object itself.

whole-subtree: Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

No

Read-Only

No

Advanced Properties

Use the --advanced option to access advanced properties.

conflict-behavior

SynopsisSpecifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
Default Value

virtual-overrides-real

Allowed Values

merge-real-and-virtual: Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual: Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real: Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced

Yes

Read-Only

No

java-class

SynopsisSpecifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
Default Value

org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider

Allowed Values

A Java class that extends or implements:

  • org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-Only

No

Read a different version of :