Name

dsconfig create-virtual-attribute — Creates Virtual Attributes

Synopsis

dsconfig create-virtual-attribute {options}

Options

The dsconfig create-virtual-attribute command takes the following options:

--name {name}

The name of the new Virtual Attribute.

Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Virtual Attribute types:

collective-attribute-subentries-virtual-attribute

Default {name}: Collective Attribute Subentries Virtual Attribute

Enabled by default: true

See the section called “Collective Attribute Subentries Virtual Attribute” for the properties of this Virtual Attribute type.

entity-tag-virtual-attribute

Default {name}: Entity Tag Virtual Attribute

Enabled by default: true

See the section called “Entity Tag Virtual Attribute” for the properties of this Virtual Attribute type.

entry-dn-virtual-attribute

Default {name}: Entry DN Virtual Attribute

Enabled by default: true

See the section called “Entry DN Virtual Attribute” for the properties of this Virtual Attribute type.

entry-uuid-virtual-attribute

Default {name}: Entry UUID Virtual Attribute

Enabled by default: true

See the section called “Entry UUID Virtual Attribute” for the properties of this Virtual Attribute type.

governing-structure-rule-virtual-attribute

Default {name}: Governing Structure Rule Virtual Attribute

Enabled by default: true

See the section called “Governing Structure Rule Virtual Attribute” for the properties of this Virtual Attribute type.

has-subordinates-virtual-attribute

Default {name}: Has Subordinates Virtual Attribute

Enabled by default: true

See the section called “Has Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.

is-member-of-virtual-attribute

Default {name}: Is Member Of Virtual Attribute

Enabled by default: true

See the section called “Is Member Of Virtual Attribute” for the properties of this Virtual Attribute type.

member-virtual-attribute

Default {name}: Member Virtual Attribute

Enabled by default: true

See the section called “Member Virtual Attribute” for the properties of this Virtual Attribute type.

num-subordinates-virtual-attribute

Default {name}: Num Subordinates Virtual Attribute

Enabled by default: true

See the section called “Num Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.

password-expiration-time-virtual-attribute

Default {name}: Password Expiration Time Virtual Attribute

Enabled by default: true

See the section called “Password Expiration Time Virtual Attribute” for the properties of this Virtual Attribute type.

password-policy-subentry-virtual-attribute

Default {name}: Password Policy Subentry Virtual Attribute

Enabled by default: true

See the section called “Password Policy Subentry Virtual Attribute” for the properties of this Virtual Attribute type.

structural-object-class-virtual-attribute

Default {name}: Structural Object Class Virtual Attribute

Enabled by default: true

See the section called “Structural Object Class Virtual Attribute” for the properties of this Virtual Attribute type.

subschema-subentry-virtual-attribute

Default {name}: Subschema Subentry Virtual Attribute

Enabled by default: true

See the section called “Subschema Subentry Virtual Attribute” for the properties of this Virtual Attribute type.

user-defined-virtual-attribute

Default {name}: User Defined Virtual Attribute

Enabled by default: true

See the section called “User Defined Virtual Attribute” for the properties of this Virtual Attribute type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Virtual Attribute properties depend on the Virtual Attribute type, which depends on the --name {name} option.

-t | --type {type}

The type of Virtual Attribute which should be created. The value for TYPE can be one of: collective-attribute-subentries | custom | entity-tag | entry-dn | entry-uuid | governing-structure-rule | has-subordinates | is-member-of | member | num-subordinates | password-expiration-time | password-policy-subentry | structural-object-class | subschema-subentry | user-defined.

Virtual Attribute properties depend on the Virtual Attribute type, which depends on the {type} you provide.

By default, OpenDJ directory server supports the following Virtual Attribute types:

collective-attribute-subentries-virtual-attribute

Default {type}: Collective Attribute Subentries Virtual Attribute

Enabled by default: true

See the section called “Collective Attribute Subentries Virtual Attribute” for the properties of this Virtual Attribute type.

entity-tag-virtual-attribute

Default {type}: Entity Tag Virtual Attribute

Enabled by default: true

See the section called “Entity Tag Virtual Attribute” for the properties of this Virtual Attribute type.

entry-dn-virtual-attribute

Default {type}: Entry DN Virtual Attribute

Enabled by default: true

See the section called “Entry DN Virtual Attribute” for the properties of this Virtual Attribute type.

entry-uuid-virtual-attribute

Default {type}: Entry UUID Virtual Attribute

Enabled by default: true

See the section called “Entry UUID Virtual Attribute” for the properties of this Virtual Attribute type.

governing-structure-rule-virtual-attribute

Default {type}: Governing Structure Rule Virtual Attribute

Enabled by default: true

See the section called “Governing Structure Rule Virtual Attribute” for the properties of this Virtual Attribute type.

has-subordinates-virtual-attribute

Default {type}: Has Subordinates Virtual Attribute

Enabled by default: true

See the section called “Has Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.

is-member-of-virtual-attribute

Default {type}: Is Member Of Virtual Attribute

Enabled by default: true

See the section called “Is Member Of Virtual Attribute” for the properties of this Virtual Attribute type.

member-virtual-attribute

Default {type}: Member Virtual Attribute

Enabled by default: true

See the section called “Member Virtual Attribute” for the properties of this Virtual Attribute type.

num-subordinates-virtual-attribute

Default {type}: Num Subordinates Virtual Attribute

Enabled by default: true

See the section called “Num Subordinates Virtual Attribute” for the properties of this Virtual Attribute type.

password-expiration-time-virtual-attribute

Default {type}: Password Expiration Time Virtual Attribute

Enabled by default: true

See the section called “Password Expiration Time Virtual Attribute” for the properties of this Virtual Attribute type.

password-policy-subentry-virtual-attribute

Default {type}: Password Policy Subentry Virtual Attribute

Enabled by default: true

See the section called “Password Policy Subentry Virtual Attribute” for the properties of this Virtual Attribute type.

structural-object-class-virtual-attribute

Default {type}: Structural Object Class Virtual Attribute

Enabled by default: true

See the section called “Structural Object Class Virtual Attribute” for the properties of this Virtual Attribute type.

subschema-subentry-virtual-attribute

Default {type}: Subschema Subentry Virtual Attribute

Enabled by default: true

See the section called “Subschema Subentry Virtual Attribute” for the properties of this Virtual Attribute type.

user-defined-virtual-attribute

Default {type}: User Defined Virtual Attribute

Enabled by default: true

See the section called “User Defined Virtual Attribute” for the properties of this Virtual Attribute type.

Collective Attribute Subentries Virtual Attribute

Virtual Attributes of type collective-attribute-subentries-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

collectiveAttributeSubentries

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.CollectiveAttributeSubentriesVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Entity Tag Virtual Attribute

Virtual Attributes of type entity-tag-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

etag

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

checksum-algorithm
Description

The algorithm which should be used for calculating the entity tag checksum value.

Default Value

adler-32

Allowed Values
adler-32

The Adler-32 checksum algorithm which is almost as reliable as a CRC-32 but can be computed much faster.

crc-32

The CRC-32 checksum algorithm.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

real-overrides-virtual

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

excluded-attribute
Description

The list of attributes which should be ignored when calculating the entity tag checksum value. Certain attributes like "ds-sync-hist" may vary between replicas due to different purging schedules and should not be included in the checksum.

Default Value

ds-sync-hist

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.EntityTagVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Entry DN Virtual Attribute

Virtual Attributes of type entry-dn-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

entryDN

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.EntryDNVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Entry UUID Virtual Attribute

Virtual Attributes of type entry-uuid-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

entryUUID

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

real-overrides-virtual

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.EntryUUIDVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Governing Structure Rule Virtual Attribute

Virtual Attributes of type governing-structure-rule-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

governingStructureRule

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.GoverningSturctureRuleVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Has Subordinates Virtual Attribute

Virtual Attributes of type has-subordinates-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

hasSubordinates

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.HasSubordinatesVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Is Member Of Virtual Attribute

Virtual Attributes of type is-member-of-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

isMemberOf

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.IsMemberOfVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Member Virtual Attribute

Virtual Attributes of type member-virtual-attribute have the following properties:

allow-retrieving-membership
Description

Indicates whether to handle requests that request all values for the virtual attribute. This operation can be very expensive in some cases and is not consistent with the primary function of virtual static groups, which is to make it possible to use static group idioms to determine whether a given user is a member. If this attribute is set to false, attempts to retrieve the entire set of values receive an empty set, and only attempts to determine whether the attribute has a specific value or set of values (which is the primary anticipated use for virtual static groups) are handled properly.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

None

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.MemberVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Num Subordinates Virtual Attribute

Virtual Attributes of type num-subordinates-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

numSubordinates

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.NumSubordinatesVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Password Expiration Time Virtual Attribute

Virtual Attributes of type password-expiration-time-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

ds-pwp-password-expiration-time

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.PasswordExpirationTimeVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Password Policy Subentry Virtual Attribute

Virtual Attributes of type password-policy-subentry-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

pwdPolicySubentry

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.PasswordPolicySubentryVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Structural Object Class Virtual Attribute

Virtual Attributes of type structural-object-class-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

structuralObjectClass

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.StructuralObjectClassVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Subschema Subentry Virtual Attribute

Virtual Attributes of type subschema-subentry-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

subschemaSubentry

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

virtual-overrides-real

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.SubschemaSubentryVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

User Defined Virtual Attribute

Virtual Attributes of type user-defined-virtual-attribute have the following properties:

attribute-type
Description

Specifies the attribute type for the attribute whose values are to be dynamically assigned by the virtual attribute.

Default Value

None

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

base-dn
Description

Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server.

Default Value

The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

conflict-behavior
Description

Specifies the behavior that the server is to exhibit for entries that already contain one or more real values for the associated attribute.

Default Value

real-overrides-virtual

Allowed Values
merge-real-and-virtual

Indicates that the virtual attribute provider is to preserve any real values contained in the entry and merge them with the set of generated virtual values so that both the real and virtual values are used.

real-overrides-virtual

Indicates that any real values contained in the entry are preserved and used, and virtual values are not generated.

virtual-overrides-real

Indicates that the virtual attribute provider suppresses any real values contained in the entry and generates virtual values and uses them.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the Virtual Attribute is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

filter
Description

Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute.

Default Value

(objectClass=*)

Allowed Values

Any valid search filter string.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

group-dn
Description

Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute.

Default Value

Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute.

Allowed Values

A valid DN.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the virtual attribute provider class that generates the attribute values.

Default Value

org.opends.server.extensions.UserDefinedVirtualAttributeProvider

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.VirtualAttributeProvider

Multi-valued

No

Required

Yes

Admin Action Required

The Virtual Attribute must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

scope
Description

Specifies the LDAP scope associated with base DNs for entries that are eligible to use this virtual attribute.

Default Value

whole-subtree

Allowed Values
base-object

Search the base object only.

single-level

Search the immediate children of the base object but do not include any of their descendants or the base object itself.

subordinate-subtree

Search the entire subtree below the base object but do not include the base object itself.

whole-subtree

Search the base object and the entire subtree below the base object.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

value
Description

Specifies the values to be included in the virtual attribute.

Default Value

None

Allowed Values

A String

Multi-valued

Yes

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No