dsconfig set-virtual-attribute-prop — Modifies Virtual Attribute properties
dsconfig set-virtual-attribute-prop
{options}
The dsconfig set-virtual-attribute-prop command takes the following options:
--name {name}
The name of the Virtual Attribute.
Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide.
By default, OpenDJ directory server supports the following Virtual Attribute types:
Default {name}: Collective Attribute Subentries Virtual Attribute
Enabled by default: true
See the section called “Collective Attribute Subentries Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Entity Tag Virtual Attribute
Enabled by default: true
See the section called “Entity Tag Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Entry DN Virtual Attribute
Enabled by default: true
See the section called “Entry DN Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Entry UUID Virtual Attribute
Enabled by default: true
See the section called “Entry UUID Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Governing Structure Rule Virtual Attribute
Enabled by default: true
See the section called “Governing Structure Rule Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Has Subordinates Virtual Attribute
Enabled by default: true
See the section called “Has Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Is Member Of Virtual Attribute
Enabled by default: true
See the section called “Is Member Of Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Member Virtual Attribute
Enabled by default: true
See the section called “Member Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Num Subordinates Virtual Attribute
Enabled by default: true
See the section called “Num Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Password Expiration Time Virtual Attribute
Enabled by default: true
See the section called “Password Expiration Time Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Password Policy Subentry Virtual Attribute
Enabled by default: true
See the section called “Password Policy Subentry Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Structural Object Class Virtual Attribute
Enabled by default: true
See the section called “Structural Object Class Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: Subschema Subentry Virtual Attribute
Enabled by default: true
See the section called “Subschema Subentry Virtual Attribute” for the properties of this Virtual Attribute type.
Default {name}: User Defined Virtual Attribute
Enabled by default: true
See the section called “User Defined Virtual Attribute” for the properties of this Virtual Attribute type.
--set {PROP:VALUE}
Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.
Virtual Attribute properties depend on the Virtual Attribute type, which depends on the --name {name}
option.
--reset {property}
Resets a property back to its default values where PROP is the name of the property to be reset.
Virtual Attribute properties depend on the Virtual Attribute type, which depends on the --name {name}
option.
--add {PROP:VALUE}
Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.
Virtual Attribute properties depend on the Virtual Attribute type, which depends on the --name {name}
option.
--remove {PROP:VALUE}
Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.
Virtual Attribute properties depend on the Virtual Attribute type, which depends on the --name {name}
option.
Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
collectiveAttributeSubentries
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type entity-tag-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
etag
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
The algorithm which should be used for calculating the entity tag checksum value.
adler-32
The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster.
The CRC-32 checksum algorithm.
No
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
real-overrides-virtual
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum.
ds-sync-hist
The name of an attribute type defined in the server schema.
Yes
No
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.EntityTagVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type entry-dn-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
entryDN
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.EntryDNVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type entry-uuid-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
entryUUID
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
real-overrides-virtual
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.EntryUUIDVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
governingStructureRule
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type has-subordinates-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
hasSubordinates
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type is-member-of-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
isMemberOf
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.IsMemberOfVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type member-virtual-attribute have the following properties:
Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly.
false
true
false
No
Yes
None
No
No
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
None
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
No
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.MemberVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type num-subordinates-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
numSubordinates
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
ds-pwp-password-expiration-time
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
pwdPolicySubentry
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type structural-object-class-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
structuralObjectClass
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
subschemaSubentry
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
virtual-overrides-real
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
Yes (Use --advanced in interactive mode.)
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Virtual Attributes of type user-defined-virtual-attribute have the following properties:
Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.
None
The name of an attribute type defined in the server schema.
No
Yes
None
No
No
Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.
The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.
real-overrides-virtual
Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.
Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.
Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.
No
No
None
No
No
Indicates whether the Virtual Attribute is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.
(objectClass=*)
Any valid search filter string.
Yes
No
None
No
No
Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.
Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.
A valid DN.
Yes
No
None
No
No
Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.
org.opends.server.extensions.UserDefinedVirtualAttributeProvider
A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider
No
Yes
The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.
whole-subtree
Search the base object only.
Search the immediate children of the base object but do not include any of their descendants or the base object itself.
Search the entire subtree below the base object but do not include the base object itself.
Search the base object and the entire subtree below the base object.
No
No
None
No
No
Specifies the values to be included in the virtual attribute.
None
A String
Yes
Yes
None
No
No