<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[15404] CalendarServer/trunk</title>
</head>
<body>

<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.calendarserver.org//changeset/15404">15404</a></dd>
<dt>Author</dt> <dd>cdaboo@apple.com</dd>
<dt>Date</dt> <dd>2015-12-18 12:02:34 -0800 (Fri, 18 Dec 2015)</dd>
</dl>

<h3>Log Message</h3>
<pre>New tool to dump the default config to a plist file, preserving key order and comments from the Python source.</pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#CalendarServertrunkconfcaldavdstdconfigplist">CalendarServer/trunk/conf/caldavd-stdconfig.plist</a></li>
<li><a href="#CalendarServertrunktwistedcaldavstdconfigpy">CalendarServer/trunk/twistedcaldav/stdconfig.py</a></li>
</ul>

<h3>Added Paths</h3>
<ul>
<li><a href="#CalendarServertrunktwistedcaldavdumpconfigpy">CalendarServer/trunk/twistedcaldav/dumpconfig.py</a></li>
<li><a href="#CalendarServertrunktwistedcaldavtesttest_dumpconfigpy">CalendarServer/trunk/twistedcaldav/test/test_dumpconfig.py</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="CalendarServertrunkconfcaldavdstdconfigplist"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/conf/caldavd-stdconfig.plist (15403 => 15404)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/conf/caldavd-stdconfig.plist        2015-12-17 20:18:32 UTC (rev 15403)
+++ CalendarServer/trunk/conf/caldavd-stdconfig.plist        2015-12-18 20:02:34 UTC (rev 15404)
</span><span class="lines">@@ -19,180 +19,337 @@
</span><span class="cx"> &lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot; &quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
</span><span class="cx"> &lt;plist version=&quot;1.0&quot;&gt;
</span><span class="cx"> &lt;dict&gt;
</span><del>-        &lt;!-- Public network address information --&gt;
</del><ins>+        &lt;!-- Public network address information
+
+             This is the server's public network address, which is provided to clients
+             in URLs and the like.  It may or may not be the network address that the
+             server is listening to directly, though it is by default.  For example, it
+             may be the address of a load balancer or proxy which forwards connections
+             to the server. --&gt;
+
+        &lt;!-- Network host name. --&gt;
</ins><span class="cx">         &lt;key&gt;ServerHostName&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+        &lt;!-- HTTP port (0 to disable HTTP) --&gt;
</ins><span class="cx">         &lt;key&gt;HTTPPort&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;0&lt;/integer&gt;
</span><ins>+
+        &lt;!-- SSL port (0 to disable HTTPS) --&gt;
</ins><span class="cx">         &lt;key&gt;SSLPort&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;0&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Whether to listen on SSL port(s) --&gt;
</ins><span class="cx">         &lt;key&gt;EnableSSL&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- If True, all nonSSL requests redirected to an SSL Port --&gt;
</ins><span class="cx">         &lt;key&gt;RedirectHTTPToHTTPS&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD --&gt;
</ins><span class="cx">         &lt;key&gt;SSLMethod&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;SSLv23_METHOD&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;SSLCiphers&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;RC4-SHA:HIGH:!ADH&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Max-age value for Strict-Transport-Security header; set to 0 to disable
+             header. --&gt;
</ins><span class="cx">         &lt;key&gt;StrictTransportSecuritySeconds&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;604800&lt;/integer&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Network address configuration information --&gt;
</del><ins>+        &lt;!-- Network address configuration information.
+
+             This configures the actual network address that the server binds to. --&gt;
+
</ins><span class="cx">         &lt;key&gt;SocketFiles&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
+                &lt;!-- Socket file to listen for secure requests on --&gt;
+                &lt;key&gt;Secured&lt;/key&gt;
+                &lt;string&gt;secured.sock&lt;/string&gt;
+
+                &lt;!-- Socket file to listen for insecure requests on --&gt;
+                &lt;key&gt;Unsecured&lt;/key&gt;
+                &lt;string&gt;unsecured.sock&lt;/string&gt;
+
+                &lt;key&gt;Owner&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;Group&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><del>-                &lt;key&gt;Owner&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;Permissions&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;504&lt;/integer&gt;
</span><del>-                &lt;key&gt;Secured&lt;/key&gt;
-                &lt;string&gt;secured.sock&lt;/string&gt;
-                &lt;key&gt;Unsecured&lt;/key&gt;
-                &lt;string&gt;unsecured.sock&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;SocketRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/tmp/calendarserver&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- List of IP addresses to bind to [empty = all] --&gt;
</ins><span class="cx">         &lt;key&gt;BindAddresses&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- List of port numbers to bind to for HTTP [empty = same as &quot;Port&quot;] --&gt;
</ins><span class="cx">         &lt;key&gt;BindHTTPPorts&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- List of port numbers to bind to for SSL [empty = same as &quot;SSLPort&quot;] --&gt;
</ins><span class="cx">         &lt;key&gt;BindSSLPorts&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- File descriptors to inherit for HTTP requests [empty = don't inherit] --&gt;
</ins><span class="cx">         &lt;key&gt;InheritFDs&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- File descriptors to inherit for HTTPS requests [empty = don't inherit] --&gt;
</ins><span class="cx">         &lt;key&gt;InheritSSLFDs&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- Inherited file descriptor to call recvmsg() on to receive sockets (none =
+             don't inherit) --&gt;
</ins><span class="cx">         &lt;key&gt;MetaFD&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;0&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Use a 'meta' FD, i.e. an FD to transmit other FDs to slave processes. --&gt;
</ins><span class="cx">         &lt;key&gt;UseMetaFD&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Database configuration --&gt;
</del><ins>+        &lt;!-- True: database; False: files --&gt;
</ins><span class="cx">         &lt;key&gt;UseDatabase&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Timeout transactions that take longer than the specified number of
+             seconds. Zero means no timeouts. 5 minute default. --&gt;
</ins><span class="cx">         &lt;key&gt;TransactionTimeoutSeconds&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;300&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- When a transactions times out tell HTTP clients clients to retry after
+             this amount of time --&gt;
</ins><span class="cx">         &lt;key&gt;TransactionHTTPRetrySeconds&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;300&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- 2 possible values: empty, meaning 'spawn postgres yourself', or
+             'postgres', meaning 'connect to a postgres database as specified by the
+             'DSN' configuration key.  Will support more values in the future. --&gt;
</ins><span class="cx">         &lt;key&gt;DBType&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- The username to use when DBType is empty --&gt;
</ins><span class="cx">         &lt;key&gt;SpawnedDBUser&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;caldav&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Used to connect to an external database if DBType is non-empty --&gt;
</ins><span class="cx">         &lt;key&gt;DatabaseConnection&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Database connection endpoint --&gt;
+                &lt;key&gt;endpoint&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
+                &lt;!-- Name of database or Oracle SID --&gt;
</ins><span class="cx">                 &lt;key&gt;database&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><del>-                &lt;key&gt;endpoint&lt;/key&gt;
</del><ins>+
+                &lt;!-- User name to connect as --&gt;
+                &lt;key&gt;user&lt;/key&gt;
</ins><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                &lt;!-- Password to use --&gt;
</ins><span class="cx">                 &lt;key&gt;password&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><del>-                &lt;key&gt;user&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Internally used by database to tell slave processes to inherit a file
+             descriptor and use it as an AMP connection over a UNIX socket; see
+             twext.enterprise.adbapi2.ConnectionPoolConnection --&gt;
</ins><span class="cx">         &lt;key&gt;DBAMPFD&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;0&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Use a shared database connection pool in the master process, rather than
+             having each client make its connections directly. --&gt;
</ins><span class="cx">         &lt;key&gt;SharedConnectionPool&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Set to True to prevent the server or utility tools from running if the
+             database needs a schema upgrade. --&gt;
</ins><span class="cx">         &lt;key&gt;FailIfUpgradeNeeded&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Set to True to check the current database schema against the schema file
+             matching the database schema version. --&gt;
+        &lt;key&gt;CheckExistingSchema&lt;/key&gt;
+        &lt;false/&gt;
+
+        &lt;!-- When upgrading, only upgrade homes where the owner UID starts with the
+             specified prefix. The upgrade will only be partial and only apply to
+             upgrade pieces that affect entire homes. The upgrade will need to be run
+             again without this prefix set to complete the overall upgrade. --&gt;
</ins><span class="cx">         &lt;key&gt;UpgradeHomePrefix&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Work queue configuration information --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;WorkQueue&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Interval in seconds for job queue polling --&gt;
+                &lt;key&gt;queuePollInterval&lt;/key&gt;
+                &lt;real&gt;0.1&lt;/real&gt;
+
+                &lt;!-- Number of seconds before an assigned job is considered overdue --&gt;
+                &lt;key&gt;queueOverdueTimeout&lt;/key&gt;
+                &lt;integer&gt;300&lt;/integer&gt;
+
+                &lt;!-- Array of array that describe the threshold and new polling interval for
+                     job queue polling back off --&gt;
+                &lt;key&gt;queuePollingBackoff&lt;/key&gt;
+                &lt;array&gt;
+                        &lt;array&gt;
+                                &lt;integer&gt;60&lt;/integer&gt;
+                                &lt;integer&gt;60&lt;/integer&gt;
+                        &lt;/array&gt;
+                        &lt;array&gt;
+                                &lt;integer&gt;5&lt;/integer&gt;
+                                &lt;integer&gt;1&lt;/integer&gt;
+                        &lt;/array&gt;
+                &lt;/array&gt;
+
+                &lt;!-- Queue capacity (percentage) which causes job processing to halt --&gt;
+                &lt;key&gt;overloadLevel&lt;/key&gt;
+                &lt;integer&gt;95&lt;/integer&gt;
+
+                &lt;!-- Queue capacity (percentage) at which only high priority items are run --&gt;
+                &lt;key&gt;highPriorityLevel&lt;/key&gt;
+                &lt;integer&gt;80&lt;/integer&gt;
+
+                &lt;!-- Queue capacity (percentage) at which only high/medium priority items are
+                     run --&gt;
+                &lt;key&gt;mediumPriorityLevel&lt;/key&gt;
+                &lt;integer&gt;50&lt;/integer&gt;
+
+                &lt;!-- When a job fails, reschedule it this number of seconds in the future --&gt;
</ins><span class="cx">                 &lt;key&gt;failureRescheduleInterval&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;60&lt;/integer&gt;
</span><del>-                &lt;key&gt;highPriorityLevel&lt;/key&gt;
-                &lt;integer&gt;80&lt;/integer&gt;
</del><ins>+
+                &lt;!-- When a job can't run because of a lock, reschedule it this number of
+                     seconds in the future --&gt;
</ins><span class="cx">                 &lt;key&gt;lockRescheduleInterval&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;60&lt;/integer&gt;
</span><del>-                &lt;key&gt;mediumPriorityLevel&lt;/key&gt;
-                &lt;integer&gt;50&lt;/integer&gt;
-                &lt;key&gt;overloadLevel&lt;/key&gt;
-                &lt;integer&gt;95&lt;/integer&gt;
-                &lt;key&gt;queueOverdueTimeout&lt;/key&gt;
-                &lt;integer&gt;300&lt;/integer&gt;
-                &lt;key&gt;queuePollInterval&lt;/key&gt;
-                &lt;real&gt;0.1&lt;/real&gt;
</del><ins>+
+                &lt;!-- dict of work table name's, whose values are dicts containing &quot;priority&quot;
+                     and &quot;weight&quot; items to use for newly created work. --&gt;
+                &lt;key&gt;workParameters&lt;/key&gt;
+                &lt;dict&gt;
+                &lt;/dict&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Types of service provided --&gt;
</span><ins>+
+        &lt;!-- Enable CalDAV service --&gt;
</ins><span class="cx">         &lt;key&gt;EnableCalDAV&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Enable CardDAV service --&gt;
</ins><span class="cx">         &lt;key&gt;EnableCardDAV&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- When True override all other services and set the server into podding-only
+             mode --&gt;
</ins><span class="cx">         &lt;key&gt;MigrationOnly&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Data store --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;ServerRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/var/db/caldavd&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;DataRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Data&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;DatabaseRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Database&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;AttachmentsRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Attachments&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;DocumentRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Documents&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;ConfigRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Config&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;LogRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/var/log/caldavd&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;RunRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/var/run/caldavd&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;WebCalendarRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/collabd/webcal/public&lt;/string&gt;
</span><span class="cx"> 
</span><del>-        &lt;!--  Quotas --&gt;
</del><ins>+        &lt;!-- Quotas --&gt;
+
+        &lt;!-- Attachments --&gt;
+        &lt;!-- User attachment quota (in bytes - default 100MB) --&gt;
</ins><span class="cx">         &lt;key&gt;UserQuota&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;104857600&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum size for a single attachment (in bytes - default 10MB) --&gt;
</ins><span class="cx">         &lt;key&gt;MaximumAttachmentSize&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;10485760&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Resource data --&gt;
+        &lt;!-- Maximum number of calendars/address books allowed in a home --&gt;
</ins><span class="cx">         &lt;key&gt;MaxCollectionsPerHome&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;50&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum number of resources in a calendar/address book --&gt;
</ins><span class="cx">         &lt;key&gt;MaxResourcesPerCollection&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;10000&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum resource size (in bytes) --&gt;
</ins><span class="cx">         &lt;key&gt;MaxResourceSize&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;1048576&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum number of unique attendees --&gt;
</ins><span class="cx">         &lt;key&gt;MaxAttendeesPerInstance&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;100&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum number of instances the server will index --&gt;
</ins><span class="cx">         &lt;key&gt;MaxAllowedInstances&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;3000&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Set to URL path of wiki authentication service, e.g. &quot;/auth&quot;, in order to
+             use javascript authentication dialog.  Empty string indicates standard
+             browser authentication dialog should be used. --&gt;
</ins><span class="cx">         &lt;key&gt;WebCalendarAuthPath&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Define mappings of URLs to file system objects (directories or files) --&gt;
</ins><span class="cx">         &lt;key&gt;Aliases&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Directory service --&gt;
</del><ins>+        &lt;!-- Directory service
+
+             A directory service provides information about principals (e.g. users,
+             groups, locations and resources) to the server. --&gt;
+
</ins><span class="cx">         &lt;key&gt;DirectoryService&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;key&gt;type&lt;/key&gt;
+                &lt;string&gt;xml&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;params&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><span class="cx">                         &lt;key&gt;recordTypes&lt;/key&gt;
</span><span class="lines">@@ -200,24 +357,33 @@
</span><span class="cx">                                 &lt;string&gt;users&lt;/string&gt;
</span><span class="cx">                                 &lt;string&gt;groups&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;xmlFile&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;accounts.xml&lt;/string&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><del>-                &lt;key&gt;type&lt;/key&gt;
-                &lt;string&gt;xml&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;DirectoryRealmName&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Apply an additional filter for attendee lookups where names must start
+             with the search tokens rather than just contain them. --&gt;
</ins><span class="cx">         &lt;key&gt;DirectoryFilterStartsWith&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Locations and Resources service --&gt;
</del><ins>+        &lt;!-- Locations and Resources service
+
+             Supplements the directory service with information about locations and
+             resources. --&gt;
+
</ins><span class="cx">         &lt;key&gt;ResourceService&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;key&gt;type&lt;/key&gt;
+                &lt;string&gt;xml&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;params&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><span class="cx">                         &lt;key&gt;recordTypes&lt;/key&gt;
</span><span class="lines">@@ -226,141 +392,217 @@
</span><span class="cx">                                 &lt;string&gt;resources&lt;/string&gt;
</span><span class="cx">                                 &lt;string&gt;addresses&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;xmlFile&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;resources.xml&lt;/string&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><del>-                &lt;key&gt;type&lt;/key&gt;
-                &lt;string&gt;xml&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Augment service --&gt;
</del><ins>+        &lt;!-- Augment service
+
+             Augments for the directory service records to add calendar specific
+             attributes. --&gt;
+
</ins><span class="cx">         &lt;key&gt;AugmentService&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;type&lt;/key&gt;
+                &lt;string&gt;twistedcaldav.directory.augment.AugmentXMLDB&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;params&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><del>-                        &lt;key&gt;statSeconds&lt;/key&gt;
-                        &lt;integer&gt;15&lt;/integer&gt;
</del><span class="cx">                         &lt;key&gt;xmlFiles&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                                 &lt;string&gt;augments.xml&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;key&gt;statSeconds&lt;/key&gt;
+                        &lt;integer&gt;15&lt;/integer&gt;
</ins><span class="cx">                 &lt;/dict&gt;
</span><del>-                &lt;key&gt;type&lt;/key&gt;
-                &lt;string&gt;twistedcaldav.directory.augment.AugmentXMLDB&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Proxies --&gt;
</span><ins>+
+        &lt;!-- Allows for initialization of the proxy database from an XML file --&gt;
</ins><span class="cx">         &lt;key&gt;ProxyLoadFromFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Special principals --&gt;
</span><ins>+
+        &lt;!-- Principals with &quot;DAV:all&quot; access (relative URLs) --&gt;
</ins><span class="cx">         &lt;key&gt;AdminPrincipals&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- Principals with &quot;DAV:read&quot; access (relative URLs) --&gt;
</ins><span class="cx">         &lt;key&gt;ReadPrincipals&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
+        &lt;!-- Create &quot;proxy access&quot; principals --&gt;
</ins><span class="cx">         &lt;key&gt;EnableProxyPrincipals&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Permissions --&gt;
</span><ins>+
+        &lt;!-- Allow unauthenticated read access to / --&gt;
</ins><span class="cx">         &lt;key&gt;EnableAnonymousReadRoot&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Allow unauthenticated read access to hierarchy --&gt;
</ins><span class="cx">         &lt;key&gt;EnableAnonymousReadNav&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- Allow listing of principal collections --&gt;
</ins><span class="cx">         &lt;key&gt;EnablePrincipalListings&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Render calendar collections as a monolithic iCalendar object --&gt;
</ins><span class="cx">         &lt;key&gt;EnableMonolithicCalendars&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Client controls --&gt;
</span><ins>+
+        &lt;!-- List of regexes for clients to disallow --&gt;
</ins><span class="cx">         &lt;key&gt;RejectClients&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Authentication --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;Authentication&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Clear text; best avoided --&gt;
</ins><span class="cx">                 &lt;key&gt;Basic&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;key&gt;Enabled&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Advertised over non-SSL? --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowedOverWireUnencrypted&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><del>-                        &lt;key&gt;Enabled&lt;/key&gt;
-                        &lt;true/&gt;
</del><span class="cx">                 &lt;/dict&gt;
</span><ins>+
+                &lt;!-- Digest challenge/response --&gt;
</ins><span class="cx">                 &lt;key&gt;Digest&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;key&gt;Enabled&lt;/key&gt;
+                        &lt;true/&gt;
+
</ins><span class="cx">                         &lt;key&gt;Algorithm&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;md5&lt;/string&gt;
</span><ins>+
+                        &lt;key&gt;Qop&lt;/key&gt;
+                        &lt;string&gt;&lt;/string&gt;
+
+                        &lt;!-- Advertised over non-SSL? --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowedOverWireUnencrypted&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><del>-                        &lt;key&gt;Enabled&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;Qop&lt;/key&gt;
-                        &lt;string&gt;&lt;/string&gt;
</del><span class="cx">                 &lt;/dict&gt;
</span><ins>+
+                &lt;!-- Kerberos/SPNEGO --&gt;
</ins><span class="cx">                 &lt;key&gt;Kerberos&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><del>-                        &lt;key&gt;AllowedOverWireUnencrypted&lt;/key&gt;
-                        &lt;true/&gt;
</del><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;ServicePrincipal&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                        &lt;!-- Advertised over non-SSL? --&gt;
+                        &lt;key&gt;AllowedOverWireUnencrypted&lt;/key&gt;
+                        &lt;true/&gt;
</ins><span class="cx">                 &lt;/dict&gt;
</span><ins>+
+                &lt;!-- TLS Client Certificate --&gt;
</ins><span class="cx">                 &lt;key&gt;ClientCertificate&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;key&gt;Enabled&lt;/key&gt;
+                        &lt;false/&gt;
+
+                        &lt;!-- Advertised over non-SSL? --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowedOverWireUnencrypted&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;!-- Always require a client cert --&gt;
+                        &lt;key&gt;Required&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Array of acceptable client cert CA file names --&gt;
</ins><span class="cx">                         &lt;key&gt;CAFiles&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><del>-                        &lt;key&gt;Enabled&lt;/key&gt;
-                        &lt;false/&gt;
-                        &lt;key&gt;Required&lt;/key&gt;
-                        &lt;true/&gt;
</del><ins>+
+                        &lt;!-- Send the list of acceptable CAs to the client --&gt;
</ins><span class="cx">                         &lt;key&gt;SendCAsToClient&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Wiki&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;key&gt;Enabled&lt;/key&gt;
+                        &lt;false/&gt;
+
</ins><span class="cx">                         &lt;key&gt;Cookie&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;cc.collabd_session_guid&lt;/string&gt;
</span><del>-                        &lt;key&gt;Enabled&lt;/key&gt;
-                        &lt;false/&gt;
</del><ins>+
</ins><span class="cx">                         &lt;key&gt;EndpointDescriptor&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;unix:path=/var/run/collabd&lt;/string&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Logging --&gt;
</span><ins>+
+        &lt;!-- Apache-style access log --&gt;
</ins><span class="cx">         &lt;key&gt;AccessLogFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;access.log&lt;/string&gt;
</span><ins>+
+        &lt;!-- Server activity log --&gt;
</ins><span class="cx">         &lt;key&gt;ErrorLogFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;error.log&lt;/string&gt;
</span><ins>+
+        &lt;!-- Agent activity log --&gt;
</ins><span class="cx">         &lt;key&gt;AgentLogFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;agent.log&lt;/string&gt;
</span><ins>+
+        &lt;!-- Utility log - name will be dynamically changed to executable name --&gt;
</ins><span class="cx">         &lt;key&gt;UtilityLogFile&lt;/key&gt;
</span><del>-        &lt;string&gt;.log&lt;/string&gt;
</del><ins>+        &lt;string&gt;utility.log&lt;/string&gt;
+
+        &lt;!-- True = use log file, False = stdout --&gt;
</ins><span class="cx">         &lt;key&gt;ErrorLogEnabled&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Rotate error log after so many megabytes --&gt;
</ins><span class="cx">         &lt;key&gt;ErrorLogRotateMB&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;10&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Retain this many error log files --&gt;
</ins><span class="cx">         &lt;key&gt;ErrorLogMaxRotatedFiles&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;5&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Rotate error log when service starts --&gt;
+        &lt;key&gt;ErrorLogRotateOnStart&lt;/key&gt;
+        &lt;false/&gt;
+
</ins><span class="cx">         &lt;key&gt;PIDFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;caldavd.pid&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;RotateAccessLog&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;EnableExtendedAccessLog&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;EnableExtendedTimingAccessLog&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;DefaultLogLevel&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;LogLevels&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;LogID&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -368,194 +610,304 @@
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;HTTP&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;iTIP&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;iTIP-VFREEBUSY&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Implicit Errors&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;AutoScheduling&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;iSchedule&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;migration&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;AccountingPrincipals&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;AccountingLogRoot&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;accounting&lt;/string&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;Stats&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;EnableUnixStatsSocket&lt;/key&gt;
+                &lt;false/&gt;
+
+                &lt;key&gt;UnixStatsSocket&lt;/key&gt;
+                &lt;string&gt;caldavd-stats.sock&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;EnableTCPStatsSocket&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><del>-                &lt;key&gt;EnableUnixStatsSocket&lt;/key&gt;
-                &lt;false/&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;TCPStatsPort&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;8100&lt;/integer&gt;
</span><del>-                &lt;key&gt;UnixStatsSocket&lt;/key&gt;
-                &lt;string&gt;caldavd-stats.sock&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;LogDatabase&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;LabelsInSQL&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><del>-                &lt;key&gt;SQLStatements&lt;/key&gt;
-                &lt;false/&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;Statistics&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;StatisticsLogFile&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;sqlstats.log&lt;/string&gt;
</span><ins>+
+                &lt;key&gt;SQLStatements&lt;/key&gt;
+                &lt;false/&gt;
+
</ins><span class="cx">                 &lt;key&gt;TransactionWaitSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;0&lt;/integer&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- SSL/TLS --&gt;
</span><ins>+
+        &lt;!-- Public key --&gt;
</ins><span class="cx">         &lt;key&gt;SSLCertificate&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+        &lt;!-- Private key --&gt;
</ins><span class="cx">         &lt;key&gt;SSLPrivateKey&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+        &lt;!-- Certificate Authority Chain --&gt;
</ins><span class="cx">         &lt;key&gt;SSLAuthorityChain&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;SSLPassPhraseDialog&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/etc/apache2/getsslpassphrase&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;SSLCertAdmin&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Keychain identity to use in place of cert files --&gt;
+        &lt;key&gt;SSLKeychainIdentity&lt;/key&gt;
+        &lt;string&gt;&lt;/string&gt;
+
</ins><span class="cx">         &lt;!-- Process management --&gt;
</span><ins>+
+        &lt;!-- Username and Groupname to drop privileges to, if empty privileges will not
+             be dropped. --&gt;
</ins><span class="cx">         &lt;key&gt;UserName&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;GroupName&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+        &lt;!-- Multi-process --&gt;
</ins><span class="cx">         &lt;key&gt;ProcessType&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;Combined&lt;/string&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;MultiProcess&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;ProcessCount&lt;/key&gt;
+                &lt;integer&gt;0&lt;/integer&gt;
+
</ins><span class="cx">                 &lt;key&gt;MinProcessCount&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;2&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;PerCPU&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;1&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;PerGB&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;1&lt;/integer&gt;
</span><del>-                &lt;key&gt;ProcessCount&lt;/key&gt;
-                &lt;integer&gt;0&lt;/integer&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;StaggeredStartup&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;Interval&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;15&lt;/integer&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- How large a spawned process is allowed to get before it's stopped --&gt;
</ins><span class="cx">         &lt;key&gt;MemoryLimiter&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;Enabled&lt;/key&gt;
+                &lt;true/&gt;
+
+                &lt;!-- How often to check memory sizes (in seconds) --&gt;
+                &lt;key&gt;Seconds&lt;/key&gt;
+                &lt;integer&gt;60&lt;/integer&gt;
+
+                &lt;!-- Memory limit (RSS in bytes) --&gt;
</ins><span class="cx">                 &lt;key&gt;Bytes&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;2147483648&lt;/integer&gt;
</span><del>-                &lt;key&gt;Enabled&lt;/key&gt;
-                &lt;true/&gt;
</del><ins>+
+                &lt;!-- True: only take into account resident memory; False: include virtual
+                     memory --&gt;
</ins><span class="cx">                 &lt;key&gt;ResidentOnly&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><del>-                &lt;key&gt;Seconds&lt;/key&gt;
-                &lt;integer&gt;60&lt;/integer&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Service ACLs --&gt;
</span><span class="cx">         &lt;key&gt;EnableSACLs&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Make all data read-only --&gt;
</ins><span class="cx">         &lt;key&gt;EnableReadOnlyServer&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Standard (or draft) WebDAV extensions --&gt;
</span><ins>+
+        &lt;!-- POST ;add-member extension --&gt;
</ins><span class="cx">         &lt;key&gt;EnableAddMember&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- REPORT collection-sync --&gt;
</ins><span class="cx">         &lt;key&gt;EnableSyncReport&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- REPORT collection-sync on home collections --&gt;
</ins><span class="cx">         &lt;key&gt;EnableSyncReportHome&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Sync token includes config component --&gt;
</ins><span class="cx">         &lt;key&gt;EnableConfigSyncToken&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- /.well-known resource --&gt;
</ins><span class="cx">         &lt;key&gt;EnableWellKnown&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Extended calendar-query REPORT --&gt;
</ins><span class="cx">         &lt;key&gt;EnableCalendarQueryExtended&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Support Managed Attachments --&gt;
</ins><span class="cx">         &lt;key&gt;EnableManagedAttachments&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- server-info document --&gt;
+        &lt;key&gt;EnableServerInfo&lt;/key&gt;
+        &lt;false/&gt;
+
</ins><span class="cx">         &lt;!-- Generic CalDAV/CardDAV extensions --&gt;
</span><ins>+
+        &lt;!-- Allow clients to send/receive JSON jCal and jCard format data --&gt;
</ins><span class="cx">         &lt;key&gt;EnableJSONData&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Non-standard CalDAV extensions --&gt;
</span><ins>+
+        &lt;!-- Calendar Drop Box --&gt;
</ins><span class="cx">         &lt;key&gt;EnableDropBox&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- Private Events --&gt;
</ins><span class="cx">         &lt;key&gt;EnablePrivateEvents&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- Old Timezone service --&gt;
</ins><span class="cx">         &lt;key&gt;EnableTimezoneService&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- New standard timezone service --&gt;
</ins><span class="cx">         &lt;key&gt;TimezoneService&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><del>-                &lt;key&gt;BasePath&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
</del><ins>+                &lt;!-- Overall on/off switch --&gt;
</ins><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;!-- URI where service is hosted --&gt;
+                &lt;key&gt;URI&lt;/key&gt;
+                &lt;string&gt;/stdtimezones&lt;/string&gt;
+
+                &lt;!-- Can be &quot;primary&quot; or &quot;secondary&quot; --&gt;
</ins><span class="cx">                 &lt;key&gt;Mode&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;primary&lt;/string&gt;
</span><ins>+
+                &lt;!-- Path to directory containing a zoneinfo - if None use default package
+                     path secondary service MUST define its own writable path --&gt;
+                &lt;key&gt;BasePath&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
+                &lt;!-- Path to db cache info - if None use default package path secondary
+                     service MUST define its own writable path if not None --&gt;
+                &lt;key&gt;XMLInfoPath&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
+                &lt;!-- User friendly JSON output --&gt;
</ins><span class="cx">                 &lt;key&gt;PrettyPrintJSON&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;SecondaryService&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Only one of these should be used when a secondary service is used --&gt;
+                        &lt;!-- Domain/IP of secondary service to discover --&gt;
</ins><span class="cx">                         &lt;key&gt;Host&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                        &lt;!-- HTTP(s) URI to secondary service --&gt;
</ins><span class="cx">                         &lt;key&gt;URI&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;UpdateIntervalMinutes&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;1440&lt;/integer&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><del>-                &lt;key&gt;URI&lt;/key&gt;
-                &lt;string&gt;/stdtimezones&lt;/string&gt;
-                &lt;key&gt;XMLInfoPath&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Strip out VTIMEZONES that are known --&gt;
</ins><span class="cx">         &lt;key&gt;EnableTimezonesByReference&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Use timezone data from twistedcaldav.zoneinfo - don't copy to Data
+             directory --&gt;
</ins><span class="cx">         &lt;key&gt;UsePackageTimezones&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- POST batch uploads --&gt;
</ins><span class="cx">         &lt;key&gt;EnableBatchUpload&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Maximum number of resources in a batch POST --&gt;
</ins><span class="cx">         &lt;key&gt;MaxResourcesBatchUpload&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;100&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Maximum size of a batch POST (10 MB) --&gt;
</ins><span class="cx">         &lt;key&gt;MaxBytesBatchUpload&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;10485760&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;Sharing&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Overall on/off switch --&gt;
</ins><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;!-- External (non-principal) sharees allowed --&gt;
</ins><span class="cx">                 &lt;key&gt;AllowExternalUsers&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><span class="cx"> 
</span><span class="cx">                 &lt;key&gt;Calendars&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Calendar on/off switch --&gt;
</ins><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;IgnorePerUserProperties&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                                 &lt;string&gt;X-APPLE-STRUCTURED-LOCATION&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;CollectionProperties&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><del>-                                &lt;key&gt;Global&lt;/key&gt;
</del><ins>+                                &lt;key&gt;Shadowable&lt;/key&gt;
</ins><span class="cx">                                 &lt;array&gt;
</span><ins>+                                        &lt;string&gt;{urn:ietf:params:xml:ns:caldav}calendar-description&lt;/string&gt;
</ins><span class="cx">                                 &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;ProxyOverride&lt;/key&gt;
</span><span class="cx">                                 &lt;array&gt;
</span><span class="cx">                                         &lt;string&gt;{urn:ietf:params:xml:ns:caldav}calendar-description&lt;/string&gt;
</span><span class="lines">@@ -563,15 +915,18 @@
</span><span class="cx">                                         &lt;string&gt;{http://apple.com/ns/ical/}calendar-color&lt;/string&gt;
</span><span class="cx">                                         &lt;string&gt;{http://apple.com/ns/ical/}calendar-order&lt;/string&gt;
</span><span class="cx">                                 &lt;/array&gt;
</span><del>-                                &lt;key&gt;Shadowable&lt;/key&gt;
</del><ins>+
+                                &lt;key&gt;Global&lt;/key&gt;
</ins><span class="cx">                                 &lt;array&gt;
</span><del>-                                        &lt;string&gt;{urn:ietf:params:xml:ns:caldav}calendar-description&lt;/string&gt;
</del><span class="cx">                                 &lt;/array&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;Groups&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- Calendar sharing to groups on/off switch --&gt;
</ins><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;ReconciliationDelaySeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;5&lt;/integer&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><span class="lines">@@ -579,92 +934,135 @@
</span><span class="cx"> 
</span><span class="cx">                 &lt;key&gt;AddressBooks&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Address Book sharing on/off switch --&gt;
</ins><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;CollectionProperties&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><del>-                                &lt;key&gt;Global&lt;/key&gt;
</del><ins>+                                &lt;key&gt;Shadowable&lt;/key&gt;
</ins><span class="cx">                                 &lt;array&gt;
</span><ins>+                                        &lt;string&gt;{urn:ietf:params:xml:ns:carddav}addressbook-description&lt;/string&gt;
</ins><span class="cx">                                 &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;ProxyOverride&lt;/key&gt;
</span><span class="cx">                                 &lt;array&gt;
</span><span class="cx">                                 &lt;/array&gt;
</span><del>-                                &lt;key&gt;Shadowable&lt;/key&gt;
</del><ins>+
+                                &lt;key&gt;Global&lt;/key&gt;
</ins><span class="cx">                                 &lt;array&gt;
</span><del>-                                        &lt;string&gt;{urn:ietf:params:xml:ns:carddav}addressbook-description&lt;/string&gt;
</del><span class="cx">                                 &lt;/array&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;Groups&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- Address Book Group sharing on/off switch --&gt;
</ins><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Only allow calendars to be created with a single component type If this is
+             on, it will also trigger an upgrade behavior that will split existing
+             calendars into multiples based on component type. If on, it will also
+             cause new accounts to provision with separate calendars for events and
+             tasks. --&gt;
</ins><span class="cx">         &lt;key&gt;RestrictCalendarsToOneComponentType&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Set of supported iCalendar components --&gt;
</ins><span class="cx">         &lt;key&gt;SupportedComponents&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">                 &lt;string&gt;VEVENT&lt;/string&gt;
</span><span class="cx">                 &lt;string&gt;VTODO&lt;/string&gt;
</span><span class="cx">         &lt;/array&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Enable Trash Collection --&gt;
</ins><span class="cx">         &lt;key&gt;EnableTrashCollection&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- Expose Trash Collection as a resource --&gt;
</ins><span class="cx">         &lt;key&gt;ExposeTrashCollection&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Perform upgrades - currently only the database to filesystem migration -
+             but in the future, hopefully all relevant upgrades - in parallel in
+             subprocesses. --&gt;
</ins><span class="cx">         &lt;key&gt;ParallelUpgrades&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- During the upgrade phase of startup, rather than skipping homes found both
+             on the filesystem and in the database, merge the data from the filesystem
+             into the database homes. --&gt;
</ins><span class="cx">         &lt;key&gt;MergeUpgrades&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Support for default alarms generated by the server --&gt;
</ins><span class="cx">         &lt;key&gt;EnableDefaultAlarms&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Remove duplicate alarms on PUT --&gt;
</ins><span class="cx">         &lt;key&gt;RemoveDuplicateAlarms&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Remove duplicate private comments on PUT --&gt;
</ins><span class="cx">         &lt;key&gt;RemoveDuplicatePrivateComments&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;HostedStatus&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Decorate ATTENDEEs with the following parameter to indicate where the
+                     ATTENDEE is hosted, locally or externally.  It's configurable and
+                     extensible in case we want to add more values.  A value of empty string
+                     means no decoration. --&gt;
</ins><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Parameter&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;X-APPLE-HOSTED-STATUS&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Values&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;key&gt;local&lt;/key&gt;
+                        &lt;string&gt;&lt;/string&gt;
+
</ins><span class="cx">                         &lt;key&gt;external&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;EXTERNAL&lt;/string&gt;
</span><del>-                        &lt;key&gt;local&lt;/key&gt;
-                        &lt;string&gt;&lt;/string&gt;
</del><span class="cx">                 &lt;/dict&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;RevisionCleanup&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><del>-                &lt;key&gt;CleanupPeriodDays&lt;/key&gt;
-                &lt;real&gt;2.0&lt;/real&gt;
</del><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;!-- Number of days that a client sync report token is valid --&gt;
</ins><span class="cx">                 &lt;key&gt;SyncTokenLifetimeDays&lt;/key&gt;
</span><span class="cx">                 &lt;real&gt;14.0&lt;/real&gt;
</span><ins>+
+                &lt;!-- Number of days between revision cleanups --&gt;
+                &lt;key&gt;CleanupPeriodDays&lt;/key&gt;
+                &lt;real&gt;2.0&lt;/real&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;InboxCleanup&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><del>-                &lt;key&gt;CleanupPeriodDays&lt;/key&gt;
-                &lt;real&gt;2.0&lt;/real&gt;
</del><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;!-- Number of days before deleting a new inbox item --&gt;
+                &lt;key&gt;ItemLifetimeDays&lt;/key&gt;
+                &lt;real&gt;14.0&lt;/real&gt;
+
+                &lt;!-- Number of days to keep an inbox item past the time when its referenced
+                     event ends --&gt;
</ins><span class="cx">                 &lt;key&gt;ItemLifeBeyondEventEndDays&lt;/key&gt;
</span><span class="cx">                 &lt;real&gt;14.0&lt;/real&gt;
</span><del>-                &lt;key&gt;ItemLifetimeDays&lt;/key&gt;
-                &lt;real&gt;14.0&lt;/real&gt;
</del><ins>+
+                &lt;!-- Number of days between inbox cleanups --&gt;
+                &lt;key&gt;CleanupPeriodDays&lt;/key&gt;
+                &lt;real&gt;2.0&lt;/real&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- CardDAV Features --&gt;
</span><span class="lines">@@ -672,57 +1070,83 @@
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><del>-                &lt;key&gt;MaxQueryResults&lt;/key&gt;
-                &lt;integer&gt;1000&lt;/integer&gt;
-                &lt;key&gt;name&lt;/key&gt;
-                &lt;string&gt;directory&lt;/string&gt;
</del><ins>+
+                &lt;key&gt;type&lt;/key&gt;
+                &lt;string&gt;twistedcaldav.directory.opendirectorybacker.OpenDirectoryBackingService&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;params&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><del>-                        &lt;key&gt;addDSAttrXProperties&lt;/key&gt;
-                        &lt;false/&gt;
-                        &lt;key&gt;additionalAttributes&lt;/key&gt;
-                        &lt;array&gt;
-                        &lt;/array&gt;
-                        &lt;key&gt;allowedAttributes&lt;/key&gt;
-                        &lt;array&gt;
-                        &lt;/array&gt;
-                        &lt;key&gt;appleInternalServer&lt;/key&gt;
-                        &lt;false/&gt;
-                        &lt;key&gt;cacheQuery&lt;/key&gt;
-                        &lt;false/&gt;
-                        &lt;key&gt;cacheTimeout&lt;/key&gt;
-                        &lt;integer&gt;30&lt;/integer&gt;
-                        &lt;key&gt;dsLocalCacheTimeout&lt;/key&gt;
-                        &lt;integer&gt;30&lt;/integer&gt;
-                        &lt;key&gt;fakeETag&lt;/key&gt;
</del><ins>+                        &lt;key&gt;queryPeopleRecords&lt;/key&gt;
</ins><span class="cx">                         &lt;true/&gt;
</span><del>-                        &lt;key&gt;ignoreSystemRecords&lt;/key&gt;
</del><ins>+
+                        &lt;key&gt;peopleNode&lt;/key&gt;
+                        &lt;string&gt;/Search/Contacts&lt;/string&gt;
+
+                        &lt;key&gt;queryUserRecords&lt;/key&gt;
</ins><span class="cx">                         &lt;true/&gt;
</span><del>-                        &lt;key&gt;liveQuery&lt;/key&gt;
-                        &lt;true/&gt;
</del><ins>+
+                        &lt;key&gt;userNode&lt;/key&gt;
+                        &lt;string&gt;/Search/Contacts&lt;/string&gt;
+
</ins><span class="cx">                         &lt;key&gt;maxDSQueryRecords&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;0&lt;/integer&gt;
</span><del>-                        &lt;key&gt;peopleNode&lt;/key&gt;
-                        &lt;string&gt;/Search/Contacts&lt;/string&gt;
</del><ins>+
</ins><span class="cx">                         &lt;key&gt;queryDSLocal&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><del>-                        &lt;key&gt;queryPeopleRecords&lt;/key&gt;
</del><ins>+
+                        &lt;key&gt;ignoreSystemRecords&lt;/key&gt;
</ins><span class="cx">                         &lt;true/&gt;
</span><del>-                        &lt;key&gt;queryUserRecords&lt;/key&gt;
</del><ins>+
+                        &lt;key&gt;dsLocalCacheTimeout&lt;/key&gt;
+                        &lt;integer&gt;30&lt;/integer&gt;
+
+                        &lt;key&gt;liveQuery&lt;/key&gt;
</ins><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;key&gt;fakeETag&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;key&gt;cacheQuery&lt;/key&gt;
+                        &lt;false/&gt;
+
+                        &lt;key&gt;cacheTimeout&lt;/key&gt;
+                        &lt;integer&gt;30&lt;/integer&gt;
+
</ins><span class="cx">                         &lt;key&gt;standardizeSyntheticUIDs&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><del>-                        &lt;key&gt;userNode&lt;/key&gt;
-                        &lt;string&gt;/Search/Contacts&lt;/string&gt;
</del><ins>+
+                        &lt;key&gt;addDSAttrXProperties&lt;/key&gt;
+                        &lt;false/&gt;
+
+                        &lt;key&gt;appleInternalServer&lt;/key&gt;
+                        &lt;false/&gt;
+
+                        &lt;key&gt;additionalAttributes&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
+
+                        &lt;key&gt;allowedAttributes&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
</ins><span class="cx">                 &lt;/dict&gt;
</span><del>-                &lt;key&gt;type&lt;/key&gt;
-                &lt;string&gt;twistedcaldav.directory.opendirectorybacker.OpenDirectoryBackingService&lt;/string&gt;
</del><ins>+
+                &lt;key&gt;name&lt;/key&gt;
+                &lt;string&gt;directory&lt;/string&gt;
+
+                &lt;key&gt;MaxQueryResults&lt;/key&gt;
+                &lt;integer&gt;1000&lt;/integer&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><ins>+
+        &lt;!-- /directory resource exists --&gt;
</ins><span class="cx">         &lt;key&gt;EnableSearchAddressBook&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
+        &lt;!-- Anonymous users may access directory address book --&gt;
</ins><span class="cx">         &lt;key&gt;AnonymousDirectoryAddressBookAccess&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- /XXX CardDAV --&gt;
+
</ins><span class="cx">         &lt;!-- Web-based administration --&gt;
</span><span class="cx">         &lt;key&gt;EnableWebAdmin&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="lines">@@ -732,23 +1156,38 @@
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Scheduling related options --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;Scheduling&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;CalDAV&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Domain for mailto calendar user addresses on this server --&gt;
</ins><span class="cx">                         &lt;key&gt;EmailDomain&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                        &lt;!-- Domain for http calendar user addresses on this server --&gt;
</ins><span class="cx">                         &lt;key&gt;HTTPDomain&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                        &lt;!-- Regex patterns to match local calendar user addresses --&gt;
</ins><span class="cx">                         &lt;key&gt;AddressPatterns&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;!-- Whether to maintain compatibility with non-implicit mode --&gt;
</ins><span class="cx">                         &lt;key&gt;OldDraftCompatibility&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;!-- Whether to support older clients that do not use Schedule-Tag feature --&gt;
</ins><span class="cx">                         &lt;key&gt;ScheduleTagCompatibility&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;!-- Private comments from attendees to organizer --&gt;
</ins><span class="cx">                         &lt;key&gt;EnablePrivateComments&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;!-- Names of iCalendar properties that are preserved when an Attendee does
+                             an invite PUT --&gt;
</ins><span class="cx">                         &lt;key&gt;PerAttendeeProperties&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                                 &lt;string&gt;X-APPLE-NEEDS-REPLY&lt;/string&gt;
</span><span class="lines">@@ -757,177 +1196,346 @@
</span><span class="cx">                                 &lt;string&gt;X-APPLE-TRAVEL-RETURN-DURATION&lt;/string&gt;
</span><span class="cx">                                 &lt;string&gt;X-APPLE-TRAVEL-RETURN&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;!-- Names of X- iCalendar properties that are sent from ORGANIZER to
+                             ATTENDEE --&gt;
</ins><span class="cx">                         &lt;key&gt;OrganizerPublicProperties&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                                 &lt;string&gt;X-APPLE-DROPBOX&lt;/string&gt;
</span><span class="cx">                                 &lt;string&gt;X-APPLE-STRUCTURED-LOCATION&lt;/string&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;!-- Names of X- iCalendar parameters that are sent from ORGANIZER to
+                             ATTENDEE --&gt;
+                        &lt;key&gt;OrganizerPublicParameters&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
+
+                        &lt;!-- Names of X- iCalendar properties that are sent from ATTENDEE to
+                             ORGANIZER These are also implicitly added to OrganizerPublicProperties --&gt;
+                        &lt;key&gt;AttendeePublicProperties&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
+
+                        &lt;!-- Names of X- iCalendar parameters that are sent from ATTENDEE to
+                             ORGANIZER These are also implicitly added to OrganizerPublicParameters --&gt;
+                        &lt;key&gt;AttendeePublicParameters&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
</ins><span class="cx">                 &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;iSchedule&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- iSchedule protocol --&gt;
</ins><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
+                        &lt;!-- Reg-ex patterns to match iSchedule-able calendar user addresses --&gt;
</ins><span class="cx">                         &lt;key&gt;AddressPatterns&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;!-- iSchedule server configurations --&gt;
</ins><span class="cx">                         &lt;key&gt;RemoteServers&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;remoteservers.xml&lt;/string&gt;
</span><ins>+
+                        &lt;!-- Capabilities serial number --&gt;
</ins><span class="cx">                         &lt;key&gt;SerialNumber&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;1&lt;/integer&gt;
</span><ins>+
+                        &lt;!-- File where a fake Bind zone exists for creating fake DNS results --&gt;
</ins><span class="cx">                         &lt;key&gt;DNSDebug&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                        &lt;!-- DKIM options --&gt;
</ins><span class="cx">                         &lt;key&gt;DKIM&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- DKIM signing/verification enabled --&gt;
</ins><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- Domain for DKIM (defaults to ServerHostName) --&gt;
</ins><span class="cx">                                 &lt;key&gt;Domain&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- Selector for public key --&gt;
</ins><span class="cx">                                 &lt;key&gt;KeySelector&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;ischedule&lt;/string&gt;
</span><ins>+
+                                &lt;!-- Signature algorithm (one of rsa-sha1 or rsa-sha256) --&gt;
</ins><span class="cx">                                 &lt;key&gt;SignatureAlgorithm&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;rsa-sha256&lt;/string&gt;
</span><ins>+
+                                &lt;!-- This server's public key stored in DNS --&gt;
</ins><span class="cx">                                 &lt;key&gt;UseDNSKey&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- This server's public key stored in HTTP /.well-known --&gt;
</ins><span class="cx">                                 &lt;key&gt;UseHTTPKey&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- This server's public key manually exchanged with others --&gt;
</ins><span class="cx">                                 &lt;key&gt;UsePrivateExchangeKey&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- Expiration time for signature verification --&gt;
</ins><span class="cx">                                 &lt;key&gt;ExpireSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;3600&lt;/integer&gt;
</span><ins>+
+                                &lt;!-- File where private key is stored --&gt;
</ins><span class="cx">                                 &lt;key&gt;PrivateKeyFile&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- File where public key is stored --&gt;
</ins><span class="cx">                                 &lt;key&gt;PublicKeyFile&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- Directory where private exchange public keys are stored --&gt;
</ins><span class="cx">                                 &lt;key&gt;PrivateExchanges&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- Turn on protocol level debugging to return detailed information to the
+                                     requestor --&gt;
</ins><span class="cx">                                 &lt;key&gt;ProtocolDebug&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;iMIP&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Server-to-iMIP protocol --&gt;
</ins><span class="cx">                         &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;Sending&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><del>-                                &lt;key&gt;Address&lt;/key&gt;
</del><ins>+                                &lt;!-- SMTP server to relay messages through --&gt;
+                                &lt;key&gt;Server&lt;/key&gt;
</ins><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><del>-                                &lt;key&gt;Password&lt;/key&gt;
-                                &lt;string&gt;&lt;/string&gt;
</del><ins>+
+                                &lt;!-- SMTP server port to relay messages through --&gt;
</ins><span class="cx">                                 &lt;key&gt;Port&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;587&lt;/integer&gt;
</span><del>-                                &lt;key&gt;Server&lt;/key&gt;
</del><ins>+
+                                &lt;!-- 'From' address for server --&gt;
+                                &lt;key&gt;Address&lt;/key&gt;
</ins><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><del>-                                &lt;key&gt;SuppressionDays&lt;/key&gt;
-                                &lt;integer&gt;7&lt;/integer&gt;
</del><ins>+
</ins><span class="cx">                                 &lt;key&gt;UseSSL&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- For account sending mail --&gt;
</ins><span class="cx">                                 &lt;key&gt;Username&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- For account sending mail --&gt;
+                                &lt;key&gt;Password&lt;/key&gt;
+                                &lt;string&gt;&lt;/string&gt;
+
+                                &lt;!-- Messages for events older than this may days are not sent --&gt;
+                                &lt;key&gt;SuppressionDays&lt;/key&gt;
+                                &lt;integer&gt;7&lt;/integer&gt;
</ins><span class="cx">                         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;Receiving&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><del>-                                &lt;key&gt;Password&lt;/key&gt;
</del><ins>+                                &lt;!-- Server to retrieve email messages from --&gt;
+                                &lt;key&gt;Server&lt;/key&gt;
</ins><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><del>-                                &lt;key&gt;PollingSeconds&lt;/key&gt;
-                                &lt;integer&gt;30&lt;/integer&gt;
</del><ins>+
+                                &lt;!-- Server port to retrieve email messages from --&gt;
</ins><span class="cx">                                 &lt;key&gt;Port&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;0&lt;/integer&gt;
</span><del>-                                &lt;key&gt;Server&lt;/key&gt;
-                                &lt;string&gt;&lt;/string&gt;
</del><ins>+
+                                &lt;key&gt;UseSSL&lt;/key&gt;
+                                &lt;true/&gt;
+
+                                &lt;!-- Type of message access server: 'pop' or 'imap' --&gt;
</ins><span class="cx">                                 &lt;key&gt;Type&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><del>-                                &lt;key&gt;UseSSL&lt;/key&gt;
-                                &lt;true/&gt;
</del><ins>+
+                                &lt;!-- How often to fetch mail --&gt;
+                                &lt;key&gt;PollingSeconds&lt;/key&gt;
+                                &lt;integer&gt;30&lt;/integer&gt;
+
+                                &lt;!-- For account receiving mail --&gt;
</ins><span class="cx">                                 &lt;key&gt;Username&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;&lt;/string&gt;
</span><ins>+
+                                &lt;!-- For account receiving mail --&gt;
+                                &lt;key&gt;Password&lt;/key&gt;
+                                &lt;string&gt;&lt;/string&gt;
</ins><span class="cx">                         &lt;/dict&gt;
</span><ins>+
+                        &lt;!-- Regex patterns to match iMIP-able calendar user addresses --&gt;
</ins><span class="cx">                         &lt;key&gt;AddressPatterns&lt;/key&gt;
</span><span class="cx">                         &lt;array&gt;
</span><span class="cx">                         &lt;/array&gt;
</span><ins>+
+                        &lt;!-- Directory containing HTML templates for email invitations (invite.html,
+                             cancel.html) --&gt;
</ins><span class="cx">                         &lt;key&gt;MailTemplatesDirectory&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/email_templates&lt;/string&gt;
</span><ins>+
+                        &lt;!-- Directory containing language-specific subdirectories containing date-
+                             specific icons for email invitations --&gt;
</ins><span class="cx">                         &lt;key&gt;MailIconsDirectory&lt;/key&gt;
</span><span class="cx">                         &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/date_icons&lt;/string&gt;
</span><ins>+
+                        &lt;!-- How many days invitations are valid --&gt;
</ins><span class="cx">                         &lt;key&gt;InvitationDaysToLive&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;90&lt;/integer&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Options&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><ins>+                        &lt;!-- Allow groups to be Organizers --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowGroupAsOrganizer&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
+                        &lt;!-- Allow locations to be Organizers --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowLocationAsOrganizer&lt;/key&gt;
</span><span class="cx">                         &lt;false/&gt;
</span><ins>+
+                        &lt;!-- Allow resources to be Organizers --&gt;
+                        &lt;key&gt;AllowResourceAsOrganizer&lt;/key&gt;
+                        &lt;false/&gt;
+
+                        &lt;!-- Allow locations to have events without an Organizer --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowLocationWithoutOrganizer&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><del>-                        &lt;key&gt;AllowResourceAsOrganizer&lt;/key&gt;
-                        &lt;false/&gt;
</del><ins>+
+                        &lt;!-- Allow resources to have events without an Organizer --&gt;
</ins><span class="cx">                         &lt;key&gt;AllowResourceWithoutOrganizer&lt;/key&gt;
</span><span class="cx">                         &lt;true/&gt;
</span><ins>+
+                        &lt;!-- Track who the last modifier of an unscheduled location event is --&gt;
+                        &lt;key&gt;TrackUnscheduledLocationData&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Track who the last modifier of an unscheduled resource event is --&gt;
+                        &lt;key&gt;TrackUnscheduledResourceData&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Maximum number of attendees to request freebusy for --&gt;
+                        &lt;key&gt;LimitFreeBusyAttendees&lt;/key&gt;
+                        &lt;integer&gt;30&lt;/integer&gt;
+
+                        &lt;!-- Number of attendees to do batched refreshes: 0 - no batching --&gt;
</ins><span class="cx">                         &lt;key&gt;AttendeeRefreshBatch&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;5&lt;/integer&gt;
</span><ins>+
+                        &lt;!-- Number of attendees above which attendee refreshes are suppressed: 0 -
+                             no limit --&gt;
</ins><span class="cx">                         &lt;key&gt;AttendeeRefreshCountLimit&lt;/key&gt;
</span><span class="cx">                         &lt;integer&gt;50&lt;/integer&gt;
</span><ins>+
+                        &lt;!-- Time for implicit UID lock timeout --&gt;
+                        &lt;key&gt;UIDLockTimeoutSeconds&lt;/key&gt;
+                        &lt;integer&gt;60&lt;/integer&gt;
+
+                        &lt;!-- Expiration time for UID lock, --&gt;
+                        &lt;key&gt;UIDLockExpirySeconds&lt;/key&gt;
+                        &lt;integer&gt;300&lt;/integer&gt;
+
+                        &lt;!-- Host names matched in http(s) CUAs --&gt;
+                        &lt;key&gt;PrincipalHostAliases&lt;/key&gt;
+                        &lt;array&gt;
+                        &lt;/array&gt;
+
+                        &lt;!-- Add a time stamp when an Attendee changes their PARTSTAT --&gt;
+                        &lt;key&gt;TimestampAttendeePartStatChanges&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Delegates can get extra info in a freebusy request --&gt;
+                        &lt;key&gt;DelegeteRichFreeBusy&lt;/key&gt;
+                        &lt;true/&gt;
+
+                        &lt;!-- Any user can get extra info for rooms/resources in a freebusy request --&gt;
+                        &lt;key&gt;RoomResourceRichFreeBusy&lt;/key&gt;
+                        &lt;true/&gt;
+
</ins><span class="cx">                         &lt;key&gt;AutoSchedule&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- Auto-scheduling will never occur if set to False --&gt;
</ins><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- Override augments setting and always auto-schedule --&gt;
+                                &lt;key&gt;Always&lt;/key&gt;
+                                &lt;false/&gt;
+
+                                &lt;!-- Allow auto-schedule for users --&gt;
</ins><span class="cx">                                 &lt;key&gt;AllowUsers&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><del>-                                &lt;key&gt;Always&lt;/key&gt;
-                                &lt;false/&gt;
</del><ins>+
+                                &lt;!-- Default mode for auto-schedule processing, one of: &quot;none&quot;            -
+                                     no auto-scheduling &quot;accept-always&quot;   - always accept, ignore busy time
+                                     &quot;decline-always&quot;  - always decline, ignore free time &quot;accept-if-free&quot;
+                                     - accept if free, do nothing if busy &quot;decline-if-busy&quot; - decline if
+                                     busy, do nothing if free &quot;automatic&quot;       - accept if free, decline if
+                                     busy --&gt;
</ins><span class="cx">                                 &lt;key&gt;DefaultMode&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;automatic&lt;/string&gt;
</span><ins>+
+                                &lt;!-- How far into the future to check for booking conflicts --&gt;
</ins><span class="cx">                                 &lt;key&gt;FutureFreeBusyDays&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;1095&lt;/integer&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><del>-                        &lt;key&gt;DelegeteRichFreeBusy&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;LimitFreeBusyAttendees&lt;/key&gt;
-                        &lt;integer&gt;30&lt;/integer&gt;
-                        &lt;key&gt;PrincipalHostAliases&lt;/key&gt;
-                        &lt;array&gt;
-                        &lt;/array&gt;
-                        &lt;key&gt;RoomResourceRichFreeBusy&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;Splitting&lt;/key&gt;
-                        &lt;dict&gt;
-                                &lt;key&gt;Enabled&lt;/key&gt;
-                                &lt;false/&gt;
-                                &lt;key&gt;Delay&lt;/key&gt;
-                                &lt;integer&gt;60&lt;/integer&gt;
-                                &lt;key&gt;PastDays&lt;/key&gt;
-                                &lt;integer&gt;14&lt;/integer&gt;
-                                &lt;key&gt;Size&lt;/key&gt;
-                                &lt;integer&gt;102400&lt;/integer&gt;
-                        &lt;/dict&gt;
-                        &lt;key&gt;TimestampAttendeePartStatChanges&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;TrackUnscheduledLocationData&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;TrackUnscheduledResourceData&lt;/key&gt;
-                        &lt;true/&gt;
-                        &lt;key&gt;UIDLockExpirySeconds&lt;/key&gt;
-                        &lt;integer&gt;300&lt;/integer&gt;
-                        &lt;key&gt;UIDLockTimeoutSeconds&lt;/key&gt;
-                        &lt;integer&gt;60&lt;/integer&gt;
</del><ins>+
</ins><span class="cx">                         &lt;key&gt;WorkQueues&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- Work queues for scheduling enabled --&gt;
</ins><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;true/&gt;
</span><ins>+
+                                &lt;!-- Number of seconds delay for a queued scheduling request/cancel --&gt;
+                                &lt;key&gt;RequestDelaySeconds&lt;/key&gt;
+                                &lt;integer&gt;5&lt;/integer&gt;
+
+                                &lt;!-- Number of seconds delay for a queued scheduling reply --&gt;
+                                &lt;key&gt;ReplyDelaySeconds&lt;/key&gt;
+                                &lt;integer&gt;1&lt;/integer&gt;
+
+                                &lt;!-- Time delay for sending an auto reply iTIP message --&gt;
+                                &lt;key&gt;AutoReplyDelaySeconds&lt;/key&gt;
+                                &lt;integer&gt;5&lt;/integer&gt;
+
+                                &lt;!-- Time after an iTIP REPLY for first batched attendee refresh --&gt;
</ins><span class="cx">                                 &lt;key&gt;AttendeeRefreshBatchDelaySeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;5&lt;/integer&gt;
</span><ins>+
+                                &lt;!-- Time between attendee batch refreshes --&gt;
</ins><span class="cx">                                 &lt;key&gt;AttendeeRefreshBatchIntervalSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;5&lt;/integer&gt;
</span><del>-                                &lt;key&gt;AutoReplyDelaySeconds&lt;/key&gt;
-                                &lt;integer&gt;5&lt;/integer&gt;
</del><ins>+
+                                &lt;!-- Delay in seconds before a work item is executed again after a temp
+                                     failure --&gt;
+                                &lt;key&gt;TemporaryFailureDelay&lt;/key&gt;
+                                &lt;integer&gt;60&lt;/integer&gt;
+
+                                &lt;!-- Max number of temp failure retries before treating as a permanent
+                                     failure --&gt;
</ins><span class="cx">                                 &lt;key&gt;MaxTemporaryFailures&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;10&lt;/integer&gt;
</span><del>-                                &lt;key&gt;ReplyDelaySeconds&lt;/key&gt;
-                                &lt;integer&gt;1&lt;/integer&gt;
-                                &lt;key&gt;RequestDelaySeconds&lt;/key&gt;
-                                &lt;integer&gt;5&lt;/integer&gt;
-                                &lt;key&gt;TemporaryFailureDelay&lt;/key&gt;
</del><ins>+                        &lt;/dict&gt;
+
+                        &lt;key&gt;Splitting&lt;/key&gt;
+                        &lt;dict&gt;
+                                &lt;!-- False for now whilst we experiment with this --&gt;
+                                &lt;key&gt;Enabled&lt;/key&gt;
+                                &lt;false/&gt;
+
+                                &lt;!-- Consider splitting when greater than 100KB --&gt;
+                                &lt;key&gt;Size&lt;/key&gt;
+                                &lt;integer&gt;102400&lt;/integer&gt;
+
+                                &lt;!-- Number of days in the past where the split will occur --&gt;
+                                &lt;key&gt;PastDays&lt;/key&gt;
+                                &lt;integer&gt;14&lt;/integer&gt;
+
+                                &lt;!-- How many seconds to delay the split work item --&gt;
+                                &lt;key&gt;Delay&lt;/key&gt;
</ins><span class="cx">                                 &lt;integer&gt;60&lt;/integer&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><span class="cx">                 &lt;/dict&gt;
</span><span class="lines">@@ -935,86 +1543,137 @@
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;FreeBusyURL&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><del>-                &lt;key&gt;AnonymousAccess&lt;/key&gt;
-                &lt;false/&gt;
</del><ins>+                &lt;!-- Per-user free-busy-url protocol --&gt;
</ins><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
+                &lt;!-- Number of days into the future to generate f-b data if no explicit time-
+                     range is specified --&gt;
</ins><span class="cx">                 &lt;key&gt;TimePeriod&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;14&lt;/integer&gt;
</span><ins>+
+                &lt;!-- Allow anonymous read access to free-busy URL --&gt;
+                &lt;key&gt;AnonymousAccess&lt;/key&gt;
+                &lt;false/&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Notifications --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;Notifications&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;Enabled&lt;/key&gt;
+                &lt;false/&gt;
+
</ins><span class="cx">                 &lt;key&gt;CoalesceSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;3&lt;/integer&gt;
</span><del>-                &lt;key&gt;Enabled&lt;/key&gt;
-                &lt;false/&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;Services&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><span class="cx">                         &lt;key&gt;APNS&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;SubscriptionURL&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;apns&lt;/string&gt;
</span><ins>+
+                                &lt;!-- How often the client should re-register (2 days) --&gt;
</ins><span class="cx">                                 &lt;key&gt;SubscriptionRefreshIntervalSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;172800&lt;/integer&gt;
</span><ins>+
+                                &lt;!-- How often a purge is done (12 hours) --&gt;
</ins><span class="cx">                                 &lt;key&gt;SubscriptionPurgeIntervalSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;43200&lt;/integer&gt;
</span><ins>+
+                                &lt;!-- How old a subscription must be before it's purged (14 days) --&gt;
</ins><span class="cx">                                 &lt;key&gt;SubscriptionPurgeSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;1209600&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;ProviderHost&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;gateway.push.apple.com&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;ProviderPort&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;2195&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;FeedbackHost&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;feedback.push.apple.com&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;FeedbackPort&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;2196&lt;/integer&gt;
</span><ins>+
+                                &lt;!-- 8 hours --&gt;
</ins><span class="cx">                                 &lt;key&gt;FeedbackUpdateSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;28800&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;Environment&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;PRODUCTION&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;EnableStaggering&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;StaggerSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;3&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;CalDAV&lt;/key&gt;
</span><span class="cx">                                 &lt;dict&gt;
</span><ins>+                                        &lt;key&gt;Enabled&lt;/key&gt;
+                                        &lt;false/&gt;
+
+                                        &lt;key&gt;CertificatePath&lt;/key&gt;
+                                        &lt;string&gt;Certificates/apns:com.apple.calendar.cert.pem&lt;/string&gt;
+
+                                        &lt;key&gt;PrivateKeyPath&lt;/key&gt;
+                                        &lt;string&gt;Certificates/apns:com.apple.calendar.key.pem&lt;/string&gt;
+
</ins><span class="cx">                                         &lt;key&gt;AuthorityChainPath&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;Certificates/apns:com.apple.calendar.chain.pem&lt;/string&gt;
</span><del>-                                        &lt;key&gt;CertificatePath&lt;/key&gt;
-                                        &lt;string&gt;Certificates/apns:com.apple.calendar.cert.pem&lt;/string&gt;
</del><ins>+
</ins><span class="cx">                                         &lt;key&gt;Passphrase&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;&lt;/string&gt;
</span><del>-                                        &lt;key&gt;PrivateKeyPath&lt;/key&gt;
-                                        &lt;string&gt;Certificates/apns:com.apple.calendar.key.pem&lt;/string&gt;
</del><ins>+
+                                        &lt;key&gt;KeychainIdentity&lt;/key&gt;
+                                        &lt;string&gt;apns:com.apple.calendar&lt;/string&gt;
+
</ins><span class="cx">                                         &lt;key&gt;Topic&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;&lt;/string&gt;
</span><span class="cx">                                 &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;CardDAV&lt;/key&gt;
</span><span class="cx">                                 &lt;dict&gt;
</span><ins>+                                        &lt;key&gt;Enabled&lt;/key&gt;
+                                        &lt;false/&gt;
+
+                                        &lt;key&gt;CertificatePath&lt;/key&gt;
+                                        &lt;string&gt;Certificates/apns:com.apple.contact.cert.pem&lt;/string&gt;
+
+                                        &lt;key&gt;PrivateKeyPath&lt;/key&gt;
+                                        &lt;string&gt;Certificates/apns:com.apple.contact.key.pem&lt;/string&gt;
+
</ins><span class="cx">                                         &lt;key&gt;AuthorityChainPath&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;Certificates/apns:com.apple.contact.chain.pem&lt;/string&gt;
</span><del>-                                        &lt;key&gt;CertificatePath&lt;/key&gt;
-                                        &lt;string&gt;Certificates/apns:com.apple.contact.cert.pem&lt;/string&gt;
</del><ins>+
</ins><span class="cx">                                         &lt;key&gt;Passphrase&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;&lt;/string&gt;
</span><del>-                                        &lt;key&gt;PrivateKeyPath&lt;/key&gt;
-                                        &lt;string&gt;Certificates/apns:com.apple.contact.key.pem&lt;/string&gt;
</del><ins>+
+                                        &lt;key&gt;KeychainIdentity&lt;/key&gt;
+                                        &lt;string&gt;apns:com.apple.contact&lt;/string&gt;
+
</ins><span class="cx">                                         &lt;key&gt;Topic&lt;/key&gt;
</span><span class="cx">                                         &lt;string&gt;&lt;/string&gt;
</span><span class="cx">                                 &lt;/dict&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><ins>+
</ins><span class="cx">                         &lt;key&gt;AMP&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><span class="cx">                                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;Port&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;62311&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;EnableStaggering&lt;/key&gt;
</span><span class="cx">                                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                                 &lt;key&gt;StaggerSeconds&lt;/key&gt;
</span><span class="cx">                                 &lt;integer&gt;3&lt;/integer&gt;
</span><span class="cx">                         &lt;/dict&gt;
</span><span class="lines">@@ -1023,47 +1682,74 @@
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;DirectoryProxy&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;SocketPath&lt;/key&gt;
+                &lt;string&gt;directory-proxy.sock&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;InProcessCachingSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;60&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;InSidecarCachingSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;120&lt;/integer&gt;
</span><del>-                &lt;key&gt;SocketPath&lt;/key&gt;
-                &lt;string&gt;directory-proxy.sock&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Support multiple hosts within a domain --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;Servers&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;!-- Multiple servers enabled or not --&gt;
</ins><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><del>-                &lt;key&gt;ConduitName&lt;/key&gt;
-                &lt;string&gt;conduit&lt;/string&gt;
</del><ins>+
+                &lt;!-- File path for server information --&gt;
</ins><span class="cx">                 &lt;key&gt;ConfigFile&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;localservers.xml&lt;/string&gt;
</span><ins>+
+                &lt;!-- Pool size for connections between servers --&gt;
+                &lt;key&gt;MaxClients&lt;/key&gt;
+                &lt;integer&gt;5&lt;/integer&gt;
+
+                &lt;!-- Name for top-level inbox resource --&gt;
</ins><span class="cx">                 &lt;key&gt;InboxName&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;podding&lt;/string&gt;
</span><del>-                &lt;key&gt;MaxClients&lt;/key&gt;
-                &lt;integer&gt;5&lt;/integer&gt;
</del><ins>+
+                &lt;!-- Name for top-level cross-pod resource --&gt;
+                &lt;key&gt;ConduitName&lt;/key&gt;
+                &lt;string&gt;conduit&lt;/string&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Performance tuning --&gt;
</span><ins>+
+        &lt;!-- Set the maximum number of outstanding requests to this server. --&gt;
</ins><span class="cx">         &lt;key&gt;MaxRequests&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;3&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;MaxAccepts&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;1&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- The maximum number of outstanding database connections per database
+             connection pool. When SharedConnectionPool (see above) is set to True,
+             this is the total number of outgoing database connections allowed to the
+             entire server; when SharedConnectionPool is False - this is the default -
+             this is the number of database connections used per worker process. --&gt;
</ins><span class="cx">         &lt;key&gt;MaxDBConnectionsPerPool&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;10&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;ListenBacklog&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;2024&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Max. time between request lines --&gt;
</ins><span class="cx">         &lt;key&gt;IncomingDataTimeOut&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;60&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Max. time between pipelined requests --&gt;
</ins><span class="cx">         &lt;key&gt;PipelineIdleTimeOut&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;15&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Max. time for response processing --&gt;
</ins><span class="cx">         &lt;key&gt;IdleConnectionTimeOut&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;360&lt;/integer&gt;
</span><ins>+
+        &lt;!-- Max. time for client close --&gt;
</ins><span class="cx">         &lt;key&gt;CloseConnectionTimeOut&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;15&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="lines">@@ -1072,59 +1758,81 @@
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;MaxMultigetWithDataHrefs&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;5000&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;MaxQueryWithDataResults&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;1000&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- How many results to return for principal-property-search REPORT requests --&gt;
</ins><span class="cx">         &lt;key&gt;MaxPrincipalSearchReportResults&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;500&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Client fixes per user-agent match --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;ClientFixes&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;ForceAttendeeTRANSP&lt;/key&gt;
</span><span class="cx">                 &lt;array&gt;
</span><del>-                        &lt;string&gt;iOS/8\.0(\..*)?&lt;/string&gt;
-                        &lt;string&gt;iOS/8\.1(\..*)?&lt;/string&gt;
-                        &lt;string&gt;iOS/8\.2(\..*)?&lt;/string&gt;
</del><ins>+                        &lt;string&gt;iOS/8\\.0(\\..*)?&lt;/string&gt;
+                        &lt;string&gt;iOS/8\\.1(\\..*)?&lt;/string&gt;
+                        &lt;string&gt;iOS/8\\.2(\\..*)?&lt;/string&gt;
</ins><span class="cx">                 &lt;/array&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;!-- Localization --&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;Localization&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><ins>+                &lt;key&gt;TranslationsDirectory&lt;/key&gt;
+                &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/translations&lt;/string&gt;
+
+                &lt;key&gt;LocalesDirectory&lt;/key&gt;
+                &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/locales&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;Language&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><del>-                &lt;key&gt;LocalesDirectory&lt;/key&gt;
-                &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/locales&lt;/string&gt;
-                &lt;key&gt;TranslationsDirectory&lt;/key&gt;
-                &lt;string&gt;/Applications/Server.app/Contents/ServerRoot/usr/share/caldavd/share/translations&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><del>-        &lt;!-- Implementation details --&gt;
</del><ins>+        &lt;!-- Implementation details
+
+             The following are specific to how the server is built, and useful for
+             development, but shouldn't be needed by users. --&gt;
+
+        &lt;!-- Twisted --&gt;
</ins><span class="cx">         &lt;key&gt;Twisted&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;reactor&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;select&lt;/string&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><ins>+
+        &lt;!-- Umask --&gt;
</ins><span class="cx">         &lt;key&gt;umask&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;18&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- A TCP port used for communication between the child and master processes
+             (bound to 127.0.0.1). Specify 0 to let OS assign a port. --&gt;
</ins><span class="cx">         &lt;key&gt;ControlPort&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;0&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- A unix socket used for communication between the child and master
+             processes. If blank, then an AF_INET socket is used instead. --&gt;
</ins><span class="cx">         &lt;key&gt;ControlSocket&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;caldavd.sock&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Support for Content-Encoding compression options as specified in RFC2616
+             Section 3.5 Defaults off, because it weakens TLS (CRIME attack). --&gt;
</ins><span class="cx">         &lt;key&gt;ResponseCompression&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- The retry-after value (in seconds) to return with a 503 error --&gt;
</ins><span class="cx">         &lt;key&gt;HTTPRetryAfter&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;180&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Profiling options --&gt;
</ins><span class="cx">         &lt;key&gt;Profiling&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;BaseDirectory&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;/tmp/stats&lt;/string&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="lines">@@ -1133,88 +1841,136 @@
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;MaxClients&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;5&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Pools&lt;/key&gt;
</span><span class="cx">                 &lt;dict&gt;
</span><span class="cx">                         &lt;key&gt;Default&lt;/key&gt;
</span><span class="cx">                         &lt;dict&gt;
</span><ins>+                                &lt;!-- A unix socket used for communication with memcached. If MemcacheSocket
+                                     is empty string, an AF_INET socket is used. --&gt;
+                                &lt;key&gt;MemcacheSocket&lt;/key&gt;
+                                &lt;string&gt;memcache.sock&lt;/string&gt;
+
+                                &lt;key&gt;ClientEnabled&lt;/key&gt;
+                                &lt;true/&gt;
+
+                                &lt;key&gt;ServerEnabled&lt;/key&gt;
+                                &lt;true/&gt;
+
</ins><span class="cx">                                 &lt;key&gt;BindAddress&lt;/key&gt;
</span><span class="cx">                                 &lt;string&gt;127.0.0.1&lt;/string&gt;
</span><del>-                                &lt;key&gt;ClientEnabled&lt;/key&gt;
-                                &lt;true/&gt;
</del><ins>+
+                                &lt;key&gt;Port&lt;/key&gt;
+                                &lt;integer&gt;11311&lt;/integer&gt;
+
+                                &lt;!-- Possible types: &quot;OpenDirectoryBacker&quot;, &quot;ImplicitUIDLock&quot;,
+                                     &quot;RefreshUIDLock&quot;, &quot;DIGESTCREDENTIALS&quot;, &quot;resourceInfoDB&quot;, &quot;pubsubnodes&quot;,
+                                     &quot;FBCache&quot;, &quot;ScheduleAddressMapper&quot;, &quot;SQL.props&quot;, &quot;SQL.calhome&quot;,
+                                     &quot;SQL.adbkhome&quot;, --&gt;
</ins><span class="cx">                                 &lt;key&gt;HandleCacheTypes&lt;/key&gt;
</span><span class="cx">                                 &lt;array&gt;
</span><span class="cx">                                         &lt;string&gt;Default&lt;/string&gt;
</span><span class="cx">                                 &lt;/array&gt;
</span><del>-                                &lt;key&gt;MemcacheSocket&lt;/key&gt;
-                                &lt;string&gt;memcache.sock&lt;/string&gt;
-                                &lt;key&gt;Port&lt;/key&gt;
-                                &lt;integer&gt;11311&lt;/integer&gt;
-                                &lt;key&gt;ServerEnabled&lt;/key&gt;
-                                &lt;true/&gt;
</del><span class="cx">                         &lt;/dict&gt;
</span><ins>+
+                        &lt;!-- &quot;Shared&quot;: { &quot;ClientEnabled&quot;: True, &quot;ServerEnabled&quot;: True, &quot;BindAddress&quot;:
+                             &quot;127.0.0.1&quot;, &quot;Port&quot;: 11211, &quot;HandleCacheTypes&quot;: [ &quot;ProxyDB&quot;,
+                             &quot;DelegatesDB&quot;, &quot;PrincipalToken&quot;, ] }, --&gt;
</ins><span class="cx">                 &lt;/dict&gt;
</span><ins>+
+                &lt;!-- Find in PATH --&gt;
</ins><span class="cx">                 &lt;key&gt;memcached&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;memcached&lt;/string&gt;
</span><ins>+
+                &lt;!-- Megabytes --&gt;
</ins><span class="cx">                 &lt;key&gt;MaxMemory&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;0&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;Options&lt;/key&gt;
</span><span class="cx">                 &lt;array&gt;
</span><span class="cx">                 &lt;/array&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;ProxyDBKeyNormalization&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;Postgres&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><del>-                &lt;key&gt;BuffersToConnectionsRatio&lt;/key&gt;
-                &lt;real&gt;1.5&lt;/real&gt;
</del><ins>+                &lt;key&gt;DatabaseName&lt;/key&gt;
+                &lt;string&gt;caldav&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;ClusterName&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;cluster&lt;/string&gt;
</span><del>-                &lt;key&gt;Ctl&lt;/key&gt;
-                &lt;string&gt;pg_ctl&lt;/string&gt;
-                &lt;key&gt;DatabaseName&lt;/key&gt;
-                &lt;string&gt;caldav&lt;/string&gt;
-                &lt;key&gt;ExtraConnections&lt;/key&gt;
-                &lt;integer&gt;3&lt;/integer&gt;
-                &lt;key&gt;Init&lt;/key&gt;
-                &lt;string&gt;initdb&lt;/string&gt;
-                &lt;key&gt;ListenAddresses&lt;/key&gt;
-                &lt;array&gt;
-                &lt;/array&gt;
</del><ins>+
</ins><span class="cx">                 &lt;key&gt;LogFile&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;postgres.log&lt;/string&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;LogRotation&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
+                &lt;key&gt;SocketDirectory&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
+                &lt;key&gt;SocketName&lt;/key&gt;
+                &lt;string&gt;&lt;/string&gt;
+
+                &lt;key&gt;ListenAddresses&lt;/key&gt;
+                &lt;array&gt;
+                &lt;/array&gt;
+
+                &lt;!-- BuffersToConnectionsRatio * MaxConnections Note: don't set this, it will
+                     be computed dynamically See _updateMultiProcess( ) below for details --&gt;
+                &lt;key&gt;SharedBuffers&lt;/key&gt;
+                &lt;integer&gt;0&lt;/integer&gt;
+
+                &lt;!-- Dynamically computed based on ProcessCount, etc. Note: don't set this, it
+                     will be computed dynamically See _updateMultiProcess( ) below for details --&gt;
</ins><span class="cx">                 &lt;key&gt;MaxConnections&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;0&lt;/integer&gt;
</span><ins>+
+                &lt;!-- how many extra connections to leave for utilities --&gt;
+                &lt;key&gt;ExtraConnections&lt;/key&gt;
+                &lt;integer&gt;3&lt;/integer&gt;
+
+                &lt;key&gt;BuffersToConnectionsRatio&lt;/key&gt;
+                &lt;real&gt;1.5&lt;/real&gt;
+
</ins><span class="cx">                 &lt;key&gt;Options&lt;/key&gt;
</span><span class="cx">                 &lt;array&gt;
</span><span class="cx">                         &lt;string&gt;-c standard_conforming_strings=on&lt;/string&gt;
</span><span class="cx">                 &lt;/array&gt;
</span><del>-                &lt;key&gt;SharedBuffers&lt;/key&gt;
-                &lt;integer&gt;0&lt;/integer&gt;
-                &lt;key&gt;SocketDirectory&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
-                &lt;key&gt;SocketName&lt;/key&gt;
-                &lt;string&gt;&lt;/string&gt;
</del><ins>+
+                &lt;!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+                     pg_ctl tool to spawn it with? --&gt;
+                &lt;key&gt;Ctl&lt;/key&gt;
+                &lt;string&gt;pg_ctl&lt;/string&gt;
+
+                &lt;!-- If the DBType is '', and we're spawning postgres ourselves, where is the
+                     initdb tool to create its database cluster with? --&gt;
+                &lt;key&gt;Init&lt;/key&gt;
+                &lt;string&gt;initdb&lt;/string&gt;
</ins><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;QueryCaching&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;key&gt;MemcachedPool&lt;/key&gt;
+                &lt;string&gt;Default&lt;/string&gt;
+
</ins><span class="cx">                 &lt;key&gt;ExpireSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;3600&lt;/integer&gt;
</span><del>-                &lt;key&gt;MemcachedPool&lt;/key&gt;
-                &lt;string&gt;Default&lt;/string&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;GroupCaching&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;UpdateSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;300&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;UseDirectoryBasedDelegates&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="lines">@@ -1223,36 +1979,51 @@
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;key&gt;ReconciliationDelaySeconds&lt;/key&gt;
+                &lt;integer&gt;5&lt;/integer&gt;
+
+                &lt;!-- 1 hour --&gt;
</ins><span class="cx">                 &lt;key&gt;AutoUpdateSecondsFromNow&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;3600&lt;/integer&gt;
</span><del>-                &lt;key&gt;ReconciliationDelaySeconds&lt;/key&gt;
-                &lt;integer&gt;5&lt;/integer&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;AutomaticPurging&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;true/&gt;
</span><ins>+
+                &lt;!-- 7 days --&gt;
+                &lt;key&gt;PollingIntervalSeconds&lt;/key&gt;
+                &lt;integer&gt;604800&lt;/integer&gt;
+
+                &lt;!-- No staggering --&gt;
</ins><span class="cx">                 &lt;key&gt;CheckStaggerSeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;0&lt;/integer&gt;
</span><del>-                &lt;key&gt;GroupPurgeIntervalSeconds&lt;/key&gt;
</del><ins>+
+                &lt;!-- 7 days --&gt;
+                &lt;key&gt;PurgeIntervalSeconds&lt;/key&gt;
</ins><span class="cx">                 &lt;integer&gt;604800&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;HomePurgeDelaySeconds&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;60&lt;/integer&gt;
</span><del>-                &lt;key&gt;PollingIntervalSeconds&lt;/key&gt;
</del><ins>+
+                &lt;!-- 7 days --&gt;
+                &lt;key&gt;GroupPurgeIntervalSeconds&lt;/key&gt;
</ins><span class="cx">                 &lt;integer&gt;604800&lt;/integer&gt;
</span><del>-                &lt;key&gt;PurgeIntervalSeconds&lt;/key&gt;
-                &lt;integer&gt;604800&lt;/integer&gt;
</del><span class="cx">         &lt;/dict&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;Manhole&lt;/key&gt;
</span><span class="cx">         &lt;dict&gt;
</span><span class="cx">                 &lt;key&gt;Enabled&lt;/key&gt;
</span><span class="cx">                 &lt;false/&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;StartingPortNumber&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;5000&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;DPSPortNumber&lt;/key&gt;
</span><span class="cx">                 &lt;integer&gt;4999&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">                 &lt;key&gt;PasswordFilePath&lt;/key&gt;
</span><span class="cx">                 &lt;string&gt;&lt;/string&gt;
</span><span class="cx">         &lt;/dict&gt;
</span><span class="lines">@@ -1262,55 +2033,86 @@
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;EnableResponseCache&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
+        &lt;!-- Minutes --&gt;
</ins><span class="cx">         &lt;key&gt;ResponseCacheTimeout&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;30&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;EnableFreeBusyCache&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyCacheDaysBack&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;7&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyCacheDaysForward&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;84&lt;/integer&gt;
</span><span class="cx"> 
</span><span class="cx">         &lt;key&gt;FreeBusyIndexLowerLimitDays&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;365&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyIndexExpandAheadDays&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;365&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyIndexExpandMaxDays&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;1825&lt;/integer&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyIndexDelayedExpand&lt;/key&gt;
</span><span class="cx">         &lt;false/&gt;
</span><ins>+
</ins><span class="cx">         &lt;key&gt;FreeBusyIndexSmartUpdate&lt;/key&gt;
</span><span class="cx">         &lt;true/&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- The RootResource uses a twext property store. Specify the class here --&gt;
</ins><span class="cx">         &lt;key&gt;RootResourcePropStoreClass&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;txweb2.dav.xattrprops.xattrPropertyStore&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Used in the command line utilities to specify which service class to use
+             to carry out work. --&gt;
</ins><span class="cx">         &lt;key&gt;UtilityServiceClass&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Inbox items created more than MigratedInboxDaysCutoff days in the past are
+             removed during migration --&gt;
</ins><span class="cx">         &lt;key&gt;MigratedInboxDaysCutoff&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;60&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- The default timezone for the server; on OS X you can leave this empty and
+             the system's timezone will be used.  If empty and not on OS X it will
+             default to America/Los_Angeles. --&gt;
</ins><span class="cx">         &lt;key&gt;DefaultTimezone&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- After this many seconds of no admin requests, shutdown the agent.  Zero
+             means no automatic shutdown. --&gt;
</ins><span class="cx">         &lt;key&gt;AgentInactivityTimeoutSeconds&lt;/key&gt;
</span><span class="cx">         &lt;integer&gt;300&lt;/integer&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Program to execute if the service cannot start; for example in OS X we
+             want to call serveradmin to disable the service so launchd does not keep
+             respawning it.  Empty string to disable this feature. --&gt;
</ins><span class="cx">         &lt;key&gt;ServiceDisablingProgram&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Program to execute to post an alert to the administrator; for example in
+             OS X we want to call calendarserver_alert &amp;lt;alert-type&amp;gt; &amp;lt;args&amp;gt; --&gt;
</ins><span class="cx">         &lt;key&gt;AlertPostingProgram&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- These three keys are relative to ConfigRoot: --&gt;
+
+        &lt;!-- Config to read first and merge --&gt;
</ins><span class="cx">         &lt;key&gt;ImportConfig&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Other plists to parse after this one; note that an Include can change the
+             ServerRoot and/or ConfigRoot, thereby affecting the locations of the
+             following Includes in the list. (Useful for service directory relocation) --&gt;
</ins><span class="cx">         &lt;key&gt;Includes&lt;/key&gt;
</span><span class="cx">         &lt;array&gt;
</span><span class="cx">         &lt;/array&gt;
</span><span class="cx"> 
</span><ins>+        &lt;!-- Which config file calendarserver_config should  write to for changes;
+             empty string means the main config file --&gt;
</ins><span class="cx">         &lt;key&gt;WritableConfigFile&lt;/key&gt;
</span><span class="cx">         &lt;string&gt;&lt;/string&gt;
</span><span class="cx"> &lt;/dict&gt;
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavdumpconfigpy"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/dumpconfig.py (0 => 15404)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/dumpconfig.py                                (rev 0)
+++ CalendarServer/trunk/twistedcaldav/dumpconfig.py        2015-12-18 20:02:34 UTC (rev 15404)
</span><span class="lines">@@ -0,0 +1,284 @@
</span><ins>+##
+# Copyright (c) 2015 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from cStringIO import StringIO
+from collections import OrderedDict
+from json.encoder import encode_basestring
+from plistlib import PlistWriter, _escapeAndEncode
+import json
+import os
+import re
+import textwrap
+
+def parseConfigItem(item):
+    &quot;&quot;&quot;
+    Read the definition of a &quot;DEFAULT_*&quot; value from the stdconfig.py file so that we get
+    the literal Python source as a L{str} that we then then process into JSON.
+
+    @param item: the &quot;DEFAULT_*&quot; item to read
+    @type item: L{str}
+
+    @return: the &quot;DEFAULT_*&quot; value
+    @rtype: L{str}
+    &quot;&quot;&quot;
+    with open(os.path.join(os.path.dirname(__file__), &quot;stdconfig.py&quot;)) as f:
+        # Read up to the first line containing DEFAULT_*
+        while f.readline() != &quot;{} = {{\n&quot;.format(item):
+            continue
+
+        # Build list of all lines up to the end of the DEFAULT_* definition and
+        # make it look like a JSON object
+        lines = ['{']
+        line = f.readline()
+        while line != &quot;}\n&quot;:
+            lines.append(line[:-1])
+            line = f.readline()
+        lines.append('}')
+
+    return &quot;\n&quot;.join(lines)
+
+
+
+def processConfig(configlines, with_comments=False, verbose=False, substitutions=None):
+    &quot;&quot;&quot;
+    Process the &quot;raw&quot; config lines from stdconfig.py into a JSON object
+    (a Python L{dict}) that is ordered and contains commentary based on
+    the Python comments.
+
+    @param configlines: config data lines
+    @type configlines: L{list} of L{str}
+    @param with_comments: whether to include comments or not
+    @type with_comments: L{bool}
+    @param verbose: print out intermediate state
+    @type verbose: L{bool}
+
+    @return: the serialized JSON object
+    @rtype: L{OrderedDict}
+    &quot;&quot;&quot;
+
+    # Comments will either be &quot;block&quot; (as in section dividers) or &quot;inline&quot;
+    # (as in appended to the end of the line). We treat these slightly
+    # differently wrt to whitespace and where they appear.
+    lines = []
+    ctr = 0
+    block_comment = []
+    inline_comment = []
+
+    # Regular expression to match an inline comment and a
+    # value containing a numeric expression that needs to be
+    # evaluated (e.g. &quot;60 * 60&quot;)
+    comments = re.compile(&quot;([ ]*.*?,?)[ ]*#[ ]*(.*)[ ]*$&quot;)
+    value = re.compile(&quot;([^:]+:[ ]+)([0-9 \*]+)(.*)&quot;)
+
+    for line in configlines.splitlines():
+
+        if line.strip() and line.strip()[0] == &quot;#&quot;:
+            # Line with just a comment is a block comment unless the
+            # previous comment was inline (in which case it is a multi-line
+            # inline). Aggregate block and inline comments into one overall
+            # comment.
+            comment = line.strip()[1:].strip()
+            if len(comment) == 0 and len(block_comment) == 0 and len(inline_comment) == 0:
+                pass
+            elif inline_comment:
+                inline_comment.append(comment if comment else &quot;\n&quot;)
+            else:
+                block_comment.append(comment if comment else &quot;\n&quot;)
+            continue
+        elif block_comment:
+            # Generate a block comment JSON member
+            if with_comments:
+                comment_type = &quot;comment_&quot; if line.strip() and block_comment[-1] != &quot;\n&quot; else &quot;section_&quot;
+                while block_comment[-1] == &quot;\n&quot;:
+                    block_comment.pop()
+                lines.append(&quot;\&quot;{}{}\&quot;: {},&quot;.format(comment_type, ctr, encode_basestring(&quot; &quot;.join(block_comment))))
+            ctr += 1
+            block_comment = []
+        elif inline_comment:
+            # Generate an inline comment JSON member
+            if with_comments:
+                lines.insert(-1, &quot;\&quot;comment_{}\&quot;: {},&quot;.format(ctr, encode_basestring(&quot; &quot;.join(inline_comment))))
+            ctr += 1
+            inline_comment = []
+
+        # Check if the current line contains an inline comment, if so extract
+        # the comment and add to the current inline comments list
+        m = comments.match(line)
+        if m:
+            inline_comment.append(m.group(2))
+            append = m.group(1)
+        else:
+            append = line
+
+        # Do some simple value conversions
+        append = append.rstrip().replace(&quot; None&quot;, ' &quot;&quot;').replace(&quot; True&quot;, &quot; true&quot;).replace(&quot; False&quot;, &quot; false&quot;).replace(&quot;\\&quot;, &quot;\\\\&quot;)
+
+        # Look for special substitutions
+        if substitutions:
+            for subskey in substitutions.keys():
+                pos = append.find(subskey)
+                if pos &gt;= 0:
+                    actual = append[pos + len(subskey) + 2:]
+                    comma = &quot;&quot;
+                    if actual[-1] == &quot;,&quot;:
+                        actual = actual[:-1]
+                        comma = &quot;,&quot;
+                    actual = actual[:-2]
+                    append = &quot;{}{}{}&quot;.format(
+                        append[:pos],
+                        json.dumps(substitutions[subskey][actual]),
+                        comma,
+                    )
+                    break
+
+
+        # Look for numeric expressions in the value and eval() those to get a value
+        # that is compatible with JSON
+        m = value.match(append)
+        if m:
+            expression = eval(m.group(2))
+            append = &quot;{}{}{}&quot;.format(m.group(1), expression, m.group(3))
+
+        # Remove trailing commas for the last items in an array
+        # or object as JSON does not like that
+        if append.strip() and append.strip()[0] in (&quot;]&quot;, &quot;}&quot;):
+            if lines[-1][-1] == &quot;,&quot;:
+                lines[-1] = lines[-1][:-1]
+
+        # Line is ready to use
+        lines.append(append)
+
+    newj = &quot;\n&quot;.join(lines)
+    if verbose:
+        print(newj)
+
+    # Created an ordered JSON object
+    j = json.loads(newj, object_pairs_hook=OrderedDict)
+    return j
+
+
+
+class OrderedPlistWriter(PlistWriter):
+    &quot;&quot;&quot;
+    L{PlistWriter} that maintains the order of dict items. It also handles special keys
+    &quot;section_&quot; and &quot;comment_&quot; which are used to insert XML comments in the plist output.
+    Some additional blank lines are also added for readability of the plist.
+    &quot;&quot;&quot;
+
+    def writeDict(self, d):
+        &quot;&quot;&quot;
+        Basically a copy of L{PlistWriter.writeDict} that does not sort the dict keys
+        if the dict type is L{OrderedDict}.
+        &quot;&quot;&quot;
+        self.beginElement(&quot;dict&quot;)
+        items = d.items()
+        if not isinstance(d, OrderedDict):
+            items.sort()
+        newline = False
+        for key, value in items:
+            if not isinstance(key, (str, unicode)):
+                raise TypeError(&quot;keys must be strings&quot;)
+            if newline:
+                self.writeln(&quot;&quot;)
+            if key.startswith(&quot;section_&quot;):
+                self.writeComment(value)
+                newline = True
+            elif key.startswith(&quot;comment_&quot;):
+                self.writeComment(value)
+                newline = False
+            else:
+                self.simpleElement(&quot;key&quot;, key)
+                self.writeValue(value)
+                newline = True
+        self.endElement(&quot;dict&quot;)
+
+
+    def writeComment(self, comment):
+
+        indent = self.indentLevel * self.indent
+
+        paragraphs = comment.splitlines()
+        for ctr, paragraph in enumerate(comment.splitlines()):
+            line = _escapeAndEncode(paragraph).strip()
+            initial_indent = (&quot;{}&lt;!-- &quot; if ctr == 0 else &quot;{}     &quot;).format(indent)
+            subsequent_indent = &quot;{}     &quot;.format(indent)
+
+            line = textwrap.fill(
+                line,
+                width=80,
+                initial_indent=initial_indent,
+                subsequent_indent=subsequent_indent,
+            )
+
+            if ctr == len(paragraphs) - 1:
+                self.file.write(&quot;{} --&gt;\n&quot;.format(line))
+            else:
+                self.file.write(&quot;{}\n\n&quot;.format(line))
+
+
+
+def writeOrderedPlist(rootObject, pathOrFile):
+    &quot;&quot;&quot;
+    A copy of L{plistlib.writePlist} that uses an L{OrderedPlistWriter} to
+    write the plist.
+    &quot;&quot;&quot;
+
+    &quot;&quot;&quot;Write 'rootObject' to a .plist file. 'pathOrFile' may either be a
+    file name or a (writable) file object.
+    &quot;&quot;&quot;
+    didOpen = 0
+    if isinstance(pathOrFile, (str, unicode)):
+        pathOrFile = open(pathOrFile, &quot;w&quot;)
+        didOpen = 1
+    writer = OrderedPlistWriter(pathOrFile)
+    writer.writeln(&quot;&lt;plist version=\&quot;1.0\&quot;&gt;&quot;)
+    writer.writeValue(rootObject)
+    writer.writeln(&quot;&lt;/plist&gt;&quot;)
+    if didOpen:
+        pathOrFile.close()
+
+
+
+def writeOrderedPlistToString(rootObject):
+    &quot;&quot;&quot;
+    A copy of L{plistlib.writePlistToString} that uses an L{writeOrderedPlist} to
+    write the plist.
+    &quot;&quot;&quot;
+
+    &quot;&quot;&quot;Return 'rootObject' as a plist-formatted string.
+    &quot;&quot;&quot;
+    f = StringIO()
+    writeOrderedPlist(rootObject, f)
+    return f.getvalue()
+
+if __name__ == '__main__':
+
+    # Generate a set of serialized JSON objects for the *_PARAMS config items
+    maps = {
+        &quot;DEFAULT_SERVICE_PARAMS&quot;: &quot;&quot;,
+        &quot;DEFAULT_RESOURCE_PARAMS&quot;: &quot;&quot;,
+        &quot;DEFAULT_AUGMENT_PARAMS&quot;: &quot;&quot;,
+        &quot;DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS&quot;: &quot;&quot;,
+    }
+
+    for item in maps.keys():
+        lines = parseConfigItem(item)
+        maps[item] = processConfig(lines, with_comments=True, verbose=False)
+
+    # Generate the plist for the default config, substituting for the *_PARAMS items
+    lines = parseConfigItem(&quot;DEFAULT_CONFIG&quot;)
+    j = processConfig(lines, with_comments=True, verbose=False, substitutions=maps)
+    print(writeOrderedPlistToString(j))
</ins></span></pre></div>
<a id="CalendarServertrunktwistedcaldavstdconfigpy"></a>
<div class="modfile"><h4>Modified: CalendarServer/trunk/twistedcaldav/stdconfig.py (15403 => 15404)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/stdconfig.py        2015-12-17 20:18:32 UTC (rev 15403)
+++ CalendarServer/trunk/twistedcaldav/stdconfig.py        2015-12-18 20:02:34 UTC (rev 15404)
</span><span class="lines">@@ -57,15 +57,15 @@
</span><span class="cx"> 
</span><span class="cx"> DEFAULT_SERVICE_PARAMS = {
</span><span class="cx">     &quot;xml&quot;: {
</span><del>-        &quot;recordTypes&quot;: (&quot;users&quot;, &quot;groups&quot;),
</del><ins>+        &quot;recordTypes&quot;: [&quot;users&quot;, &quot;groups&quot;],
</ins><span class="cx">         &quot;xmlFile&quot;: &quot;accounts.xml&quot;,
</span><span class="cx">     },
</span><span class="cx">     &quot;opendirectory&quot;: {
</span><del>-        &quot;recordTypes&quot;: (&quot;users&quot;, &quot;groups&quot;),
</del><ins>+        &quot;recordTypes&quot;: [&quot;users&quot;, &quot;groups&quot;],
</ins><span class="cx">         &quot;node&quot;: &quot;/Search&quot;,
</span><span class="cx">     },
</span><span class="cx">     &quot;ldap&quot;: {
</span><del>-        &quot;recordTypes&quot;: (&quot;users&quot;, &quot;groups&quot;),
</del><ins>+        &quot;recordTypes&quot;: [&quot;users&quot;, &quot;groups&quot;],
</ins><span class="cx">         &quot;uri&quot;: &quot;ldap://localhost/&quot;,
</span><span class="cx">         &quot;credentials&quot;: {
</span><span class="cx">             &quot;dn&quot;: None,
</span><span class="lines">@@ -80,17 +80,17 @@
</span><span class="cx">             &quot;addresses&quot;: &quot;cn=addresses&quot;,
</span><span class="cx">         },
</span><span class="cx">         &quot;mapping&quot;: {
</span><del>-            &quot;uid&quot;: [&quot;apple-generateduid&quot;, ],
-            &quot;guid&quot;: [&quot;apple-generateduid&quot;, ],
-            &quot;shortNames&quot;: [&quot;uid&quot;, ],
-            &quot;fullNames&quot;: [&quot;cn&quot;, ],
-            &quot;emailAddresses&quot;: [&quot;mail&quot;, ],
-            &quot;memberDNs&quot;: [&quot;uniqueMember&quot;, ],
</del><ins>+            &quot;uid&quot;: [&quot;apple-generateduid&quot;],
+            &quot;guid&quot;: [&quot;apple-generateduid&quot;],
+            &quot;shortNames&quot;: [&quot;uid&quot;],
+            &quot;fullNames&quot;: [&quot;cn&quot;],
+            &quot;emailAddresses&quot;: [&quot;mail&quot;],
+            &quot;memberDNs&quot;: [&quot;uniqueMember&quot;],
</ins><span class="cx">             &quot;hasCalendars&quot;: [],
</span><span class="cx">             &quot;autoScheduleMode&quot;: [],
</span><span class="cx">             &quot;autoAcceptGroup&quot;: [],
</span><del>-            &quot;readWriteProxy&quot;: [&quot;icsContact&quot;, ],
-            &quot;readOnlyProxy&quot;: [&quot;icsSecondaryOwners&quot;, ],
</del><ins>+            &quot;readWriteProxy&quot;: [&quot;icsContact&quot;],
+            &quot;readOnlyProxy&quot;: [&quot;icsSecondaryOwners&quot;],
</ins><span class="cx">             &quot;serviceNodeUID&quot;: [],
</span><span class="cx">         },
</span><span class="cx">         &quot;extraFilters&quot;: {
</span><span class="lines">@@ -106,18 +106,18 @@
</span><span class="cx"> 
</span><span class="cx"> DEFAULT_RESOURCE_PARAMS = {
</span><span class="cx">     &quot;xml&quot;: {
</span><del>-        &quot;recordTypes&quot;: (&quot;locations&quot;, &quot;resources&quot;, &quot;addresses&quot;),
</del><ins>+        &quot;recordTypes&quot;: [&quot;locations&quot;, &quot;resources&quot;, &quot;addresses&quot;],
</ins><span class="cx">         &quot;xmlFile&quot;: &quot;resources.xml&quot;,
</span><span class="cx">     },
</span><span class="cx">     &quot;opendirectory&quot;: {
</span><del>-        &quot;recordTypes&quot;: (&quot;locations&quot;, &quot;resources&quot;, &quot;addresses&quot;),
</del><ins>+        &quot;recordTypes&quot;: [&quot;locations&quot;, &quot;resources&quot;, &quot;addresses&quot;],
</ins><span class="cx">         &quot;node&quot;: &quot;/Search&quot;,
</span><span class="cx">     },
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> DEFAULT_AUGMENT_PARAMS = {
</span><span class="cx">     &quot;twistedcaldav.directory.augment.AugmentXMLDB&quot;: {
</span><del>-        &quot;xmlFiles&quot;: [&quot;augments.xml&quot;, ],
</del><ins>+        &quot;xmlFiles&quot;: [&quot;augments.xml&quot;],
</ins><span class="cx">         &quot;statSeconds&quot;: 15,
</span><span class="cx">     },
</span><span class="cx">     &quot;twistedcaldav.directory.augment.AugmentSqliteDB&quot;: {
</span><span class="lines">@@ -132,7 +132,7 @@
</span><span class="cx"> }
</span><span class="cx"> 
</span><span class="cx"> 
</span><del>-directoryAddressBookBackingServiceDefaultParams = {
</del><ins>+DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS = {
</ins><span class="cx">     &quot;twistedcaldav.directory.xmlfile.XMLDirectoryService&quot;: {
</span><span class="cx">         &quot;xmlFile&quot;: &quot;/etc/carddavd/accounts.xml&quot;,
</span><span class="cx">     },
</span><span class="lines">@@ -157,9 +157,8 @@
</span><span class="cx">     },
</span><span class="cx"> }
</span><span class="cx"> 
</span><ins>+# Note: Don't use None values below; that confuses the command-line parser.
</ins><span class="cx"> DEFAULT_CONFIG = {
</span><del>-    # Note: Don't use None values below; that confuses the command-line parser.
-
</del><span class="cx">     #
</span><span class="cx">     # Public network address information
</span><span class="cx">     #
</span><span class="lines">@@ -169,6 +168,7 @@
</span><span class="cx">     #    default.  For example, it may be the address of a load balancer or
</span><span class="cx">     #    proxy which forwards connections to the server.
</span><span class="cx">     #
</span><ins>+
</ins><span class="cx">     &quot;ServerHostName&quot;: &quot;&quot;, # Network host name.
</span><span class="cx">     &quot;HTTPPort&quot;: 0, # HTTP port (0 to disable HTTP)
</span><span class="cx">     &quot;SSLPort&quot;: 0, # SSL port (0 to disable HTTPS)
</span><span class="lines">@@ -177,12 +177,11 @@
</span><span class="cx">     &quot;SSLMethod&quot;: &quot;SSLv23_METHOD&quot;, # SSLv2_METHOD, SSLv3_METHOD, SSLv23_METHOD, TLSv1_METHOD
</span><span class="cx">     &quot;SSLCiphers&quot;: &quot;RC4-SHA:HIGH:!ADH&quot;,
</span><span class="cx"> 
</span><del>-    # Max-age value for Strict-Transport-Security header; set to 0 to
-    # disable header.
</del><ins>+    # Max-age value for Strict-Transport-Security header; set to 0 to disable header.
</ins><span class="cx">     &quot;StrictTransportSecuritySeconds&quot;: 7 * 24 * 60 * 60,
</span><span class="cx"> 
</span><span class="cx">     #
</span><del>-    # Network address configuration information
</del><ins>+    # Network address configuration information.
</ins><span class="cx">     #
</span><span class="cx">     #    This configures the actual network address that the server binds to.
</span><span class="cx">     #
</span><span class="lines">@@ -200,17 +199,12 @@
</span><span class="cx">     &quot;BindAddresses&quot;: [], # List of IP addresses to bind to [empty = all]
</span><span class="cx">     &quot;BindHTTPPorts&quot;: [], # List of port numbers to bind to for HTTP
</span><span class="cx">                          # [empty = same as &quot;Port&quot;]
</span><del>-    &quot;BindSSLPorts&quot;: [], # List of port numbers to bind to for SSL
-                        # [empty = same as &quot;SSLPort&quot;]
-    &quot;InheritFDs&quot;: [], # File descriptors to inherit for HTTP requests
-                      # (empty = don't inherit)
-    &quot;InheritSSLFDs&quot;: [], # File descriptors to inherit for HTTPS requests
-                         # (empty = don't inherit)
-    &quot;MetaFD&quot;: 0, # Inherited file descriptor to call recvmsg() on to
-                 # receive sockets (none = don't inherit)
</del><ins>+    &quot;BindSSLPorts&quot;: [], # List of port numbers to bind to for SSL [empty = same as &quot;SSLPort&quot;]
+    &quot;InheritFDs&quot;: [], # File descriptors to inherit for HTTP requests [empty = don't inherit]
+    &quot;InheritSSLFDs&quot;: [], # File descriptors to inherit for HTTPS requests [empty = don't inherit]
+    &quot;MetaFD&quot;: 0, # Inherited file descriptor to call recvmsg() on to receive sockets (none = don't inherit)
</ins><span class="cx"> 
</span><del>-    &quot;UseMetaFD&quot;: True, # Use a 'meta' FD, i.e. an FD to transmit other FDs
-                       # to slave processes.
</del><ins>+    &quot;UseMetaFD&quot;: True, # Use a 'meta' FD, i.e. an FD to transmit other FDs to slave processes.
</ins><span class="cx"> 
</span><span class="cx">     &quot;UseDatabase&quot;: True, # True: database; False: files
</span><span class="cx"> 
</span><span class="lines">@@ -261,11 +255,13 @@
</span><span class="cx">     #
</span><span class="cx">     # Work queue configuration information
</span><span class="cx">     #
</span><ins>+
</ins><span class="cx">     &quot;WorkQueue&quot;: {
</span><span class="cx">         &quot;queuePollInterval&quot;: 0.1,   # Interval in seconds for job queue polling
</span><span class="cx">         &quot;queueOverdueTimeout&quot;: 300, # Number of seconds before an assigned job is considered overdue
</span><span class="cx">         &quot;queuePollingBackoff&quot;: [     # Array of array that describe the threshold and new polling interval
</span><del>-            [60, 60], [5, 1]         # for job queue polling back off
</del><ins>+                                     # for job queue polling back off
+            [60, 60], [5, 1]
</ins><span class="cx">         ],
</span><span class="cx"> 
</span><span class="cx">         &quot;overloadLevel&quot;: 95,        # Queue capacity (percentage) which causes job processing to halt
</span><span class="lines">@@ -426,7 +422,7 @@
</span><span class="cx">     &quot;AccessLogFile&quot;  : &quot;access.log&quot;, # Apache-style access log
</span><span class="cx">     &quot;ErrorLogFile&quot;   : &quot;error.log&quot;, # Server activity log
</span><span class="cx">     &quot;AgentLogFile&quot;   : &quot;agent.log&quot;, # Agent activity log
</span><del>-    &quot;UtilityLogFile&quot;   : &quot;{}.log&quot;.format(basename(sys.argv[0])), # Command line utility log
</del><ins>+    &quot;UtilityLogFile&quot; : &quot;utility.log&quot;, # Utility log - name will be dynamically changed to executable name
</ins><span class="cx">     &quot;ErrorLogEnabled&quot;   : True, # True = use log file, False = stdout
</span><span class="cx">     &quot;ErrorLogRotateMB&quot;  : 10, # Rotate error log after so many megabytes
</span><span class="cx">     &quot;ErrorLogMaxRotatedFiles&quot;  : 5, # Retain this many error log files
</span><span class="lines">@@ -480,11 +476,11 @@
</span><span class="cx">     # Process management
</span><span class="cx">     #
</span><span class="cx"> 
</span><del>-    # Username and Groupname to drop privileges to, if empty privileges will
-    # not be dropped.
-
</del><ins>+    # Username and Groupname to drop privileges to, if empty privileges will not be dropped.
</ins><span class="cx">     &quot;UserName&quot;: &quot;&quot;,
</span><span class="cx">     &quot;GroupName&quot;: &quot;&quot;,
</span><ins>+
+    # Multi-process
</ins><span class="cx">     &quot;ProcessType&quot;: &quot;Combined&quot;,
</span><span class="cx">     &quot;MultiProcess&quot;: {
</span><span class="cx">         &quot;ProcessCount&quot;: 0,
</span><span class="lines">@@ -502,14 +498,10 @@
</span><span class="cx">         &quot;Enabled&quot; : True,
</span><span class="cx">         &quot;Seconds&quot; : 60, # How often to check memory sizes (in seconds)
</span><span class="cx">         &quot;Bytes&quot;   : 2 * 1024 * 1024 * 1024, # Memory limit (RSS in bytes)
</span><del>-        &quot;ResidentOnly&quot; : True,  # True: only take into account resident memory;
-                                # False: include virtual memory
</del><ins>+        &quot;ResidentOnly&quot; : True,  # True: only take into account resident memory; False: include virtual memory
</ins><span class="cx">     },
</span><span class="cx"> 
</span><del>-    #
-    # Service ACLs
-    #
-    &quot;EnableSACLs&quot;: False,
</del><ins>+    &quot;EnableSACLs&quot;: False, # Service ACLs
</ins><span class="cx"> 
</span><span class="cx">     &quot;EnableReadOnlyServer&quot;: False, # Make all data read-only
</span><span class="cx"> 
</span><span class="lines">@@ -616,17 +608,16 @@
</span><span class="cx">                                                   # If on, it will also cause new accounts to provision with separate
</span><span class="cx">                                                   # calendars for events and tasks.
</span><span class="cx"> 
</span><del>-    &quot;SupportedComponents&quot; : [                      # Set of supported iCalendar components
</del><ins>+    &quot;SupportedComponents&quot; : [                     # Set of supported iCalendar components
</ins><span class="cx">         &quot;VEVENT&quot;,
</span><span class="cx">         &quot;VTODO&quot;,
</span><del>-        # &quot;VPOLL&quot;,
</del><span class="cx">     ],
</span><span class="cx"> 
</span><span class="cx">     &quot;EnableTrashCollection&quot;: False,  # Enable Trash Collection
</span><span class="cx">     &quot;ExposeTrashCollection&quot;: False,  # Expose Trash Collection as a resource
</span><span class="cx"> 
</span><span class="cx">     &quot;ParallelUpgrades&quot;: False, # Perform upgrades - currently only the
</span><del>-                               # database -&gt; filesystem migration - but in
</del><ins>+                               # database to filesystem migration - but in
</ins><span class="cx">                                # the future, hopefully all relevant
</span><span class="cx">                                # upgrades - in parallel in subprocesses.
</span><span class="cx"> 
</span><span class="lines">@@ -670,7 +661,7 @@
</span><span class="cx">     &quot;DirectoryAddressBook&quot;: {
</span><span class="cx">         &quot;Enabled&quot;: True,
</span><span class="cx">         &quot;type&quot;: &quot;twistedcaldav.directory.opendirectorybacker.OpenDirectoryBackingService&quot;,
</span><del>-        &quot;params&quot;: directoryAddressBookBackingServiceDefaultParams[&quot;twistedcaldav.directory.opendirectorybacker.OpenDirectoryBackingService&quot;],
</del><ins>+        &quot;params&quot;: DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS[&quot;twistedcaldav.directory.opendirectorybacker.OpenDirectoryBackingService&quot;],
</ins><span class="cx">         &quot;name&quot;: &quot;directory&quot;,
</span><span class="cx">         &quot;MaxQueryResults&quot;: 1000,
</span><span class="cx">     },
</span><span class="lines">@@ -679,14 +670,10 @@
</span><span class="cx"> 
</span><span class="cx">     # /XXX CardDAV
</span><span class="cx"> 
</span><del>-    #
</del><span class="cx">     # Web-based administration
</span><del>-    #
</del><span class="cx">     &quot;EnableWebAdmin&quot;          : True,
</span><span class="cx"> 
</span><del>-    #
</del><span class="cx">     # JSON control API - only for testing
</span><del>-    #
</del><span class="cx">     &quot;EnableControlAPI&quot;        : False,
</span><span class="cx"> 
</span><span class="cx">     #
</span><span class="lines">@@ -974,8 +961,7 @@
</span><span class="cx">     # processes. If blank, then an AF_INET socket is used instead.
</span><span class="cx">     &quot;ControlSocket&quot;: &quot;caldavd.sock&quot;,
</span><span class="cx"> 
</span><del>-    # Support for Content-Encoding compression options as specified in
-    # RFC2616 Section 3.5
</del><ins>+    # Support for Content-Encoding compression options as specified in RFC2616 Section 3.5
</ins><span class="cx">     # Defaults off, because it weakens TLS (CRIME attack).
</span><span class="cx">     &quot;ResponseCompression&quot;: False,
</span><span class="cx"> 
</span><span class="lines">@@ -999,8 +985,7 @@
</span><span class="cx">                 &quot;ServerEnabled&quot;: True,
</span><span class="cx">                 &quot;BindAddress&quot;: &quot;127.0.0.1&quot;,
</span><span class="cx">                 &quot;Port&quot;: 11311,
</span><del>-                &quot;HandleCacheTypes&quot;: [
-                    &quot;Default&quot;,
</del><ins>+                &quot;HandleCacheTypes&quot;: [ # Possible types:
</ins><span class="cx">                     # &quot;OpenDirectoryBacker&quot;,
</span><span class="cx">                     # &quot;ImplicitUIDLock&quot;,
</span><span class="cx">                     # &quot;RefreshUIDLock&quot;,
</span><span class="lines">@@ -1012,6 +997,7 @@
</span><span class="cx">                     # &quot;SQL.props&quot;,
</span><span class="cx">                     # &quot;SQL.calhome&quot;,
</span><span class="cx">                     # &quot;SQL.adbkhome&quot;,
</span><ins>+                    &quot;Default&quot;,
</ins><span class="cx">                 ]
</span><span class="cx">             },
</span><span class="cx">             # &quot;Shared&quot;: {
</span><span class="lines">@@ -1051,9 +1037,9 @@
</span><span class="cx">         &quot;Options&quot;: [
</span><span class="cx">             &quot;-c standard_conforming_strings=on&quot;,
</span><span class="cx">         ],
</span><del>-        &quot;Ctl&quot;: &quot;pg_ctl&quot;, # Iff the DBType is '', and we're spawning postgres
</del><ins>+        &quot;Ctl&quot;: &quot;pg_ctl&quot;, # If the DBType is '', and we're spawning postgres
</ins><span class="cx">                          # ourselves, where is the pg_ctl tool to spawn it with?
</span><del>-        &quot;Init&quot;: &quot;initdb&quot;, # Iff the DBType is '', and we're spawning postgres
</del><ins>+        &quot;Init&quot;: &quot;initdb&quot;, # If the DBType is '', and we're spawning postgres
</ins><span class="cx">                           # ourselves, where is the initdb tool to create its
</span><span class="cx">                           # database cluster with?
</span><span class="cx">     },
</span><span class="lines">@@ -1110,12 +1096,10 @@
</span><span class="cx">     # The RootResource uses a twext property store. Specify the class here
</span><span class="cx">     &quot;RootResourcePropStoreClass&quot;: &quot;txweb2.dav.xattrprops.xattrPropertyStore&quot;,
</span><span class="cx"> 
</span><del>-    # Used in the command line utilities to specify which service class to
-    # use to carry out work.
</del><ins>+    # Used in the command line utilities to specify which service class to use to carry out work.
</ins><span class="cx">     &quot;UtilityServiceClass&quot;: &quot;&quot;,
</span><span class="cx"> 
</span><del>-    # Inbox items created more than MigratedInboxDaysCutoff days in the past are removed
-    # during migration
</del><ins>+    # Inbox items created more than MigratedInboxDaysCutoff days in the past are removed during migration
</ins><span class="cx">     &quot;MigratedInboxDaysCutoff&quot;: 60,
</span><span class="cx"> 
</span><span class="cx">     # The default timezone for the server; on OS X you can leave this empty and the
</span><span class="lines">@@ -1496,19 +1480,19 @@
</span><span class="cx">             newParams = items[&quot;DirectoryAddressBook&quot;].get(&quot;params&quot;, {})
</span><span class="cx">             mergeData(oldParams, newParams)
</span><span class="cx">         else:
</span><del>-            if dsType in directoryAddressBookBackingServiceDefaultParams:
-                configDict.DirectoryAddressBook.params = copy.deepcopy(directoryAddressBookBackingServiceDefaultParams[dsType])
</del><ins>+            if dsType in DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS:
+                configDict.DirectoryAddressBook.params = copy.deepcopy(DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS[dsType])
</ins><span class="cx">             else:
</span><span class="cx">                 configDict.DirectoryAddressBook.params = {}
</span><span class="cx"> 
</span><span class="cx">     for param in items.get(&quot;DirectoryAddressBook&quot;, {}).get(&quot;params&quot;, {}):
</span><del>-        if param not in directoryAddressBookBackingServiceDefaultParams[dsType]:
</del><ins>+        if param not in DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS[dsType]:
</ins><span class="cx">             raise ConfigurationError(&quot;Parameter %s is not supported by service %s&quot; % (param, dsType))
</span><span class="cx"> 
</span><span class="cx">     mergeData(configDict, items)
</span><span class="cx"> 
</span><span class="cx">     for param in tuple(configDict.DirectoryAddressBook.params):
</span><del>-        if param not in directoryAddressBookBackingServiceDefaultParams[configDict.DirectoryAddressBook.type]:
</del><ins>+        if param not in DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS[configDict.DirectoryAddressBook.type]:
</ins><span class="cx">             del configDict.DirectoryAddressBook.params[param]
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="lines">@@ -1642,6 +1626,11 @@
</span><span class="cx"> 
</span><span class="cx"> 
</span><span class="cx"> 
</span><ins>+def _updateUtilityLog(configDict, reloading=False):
+    configDict[&quot;UtilityLogFile&quot;] = &quot;{}.log&quot;.format(basename(sys.argv[0])), # Command line utility log
+
+
+
</ins><span class="cx"> def _updateLogLevels(configDict, reloading=False):
</span><span class="cx">     log.levels().clearLogLevels()
</span><span class="cx"> 
</span><span class="lines">@@ -1787,12 +1776,12 @@
</span><span class="cx">     _updateACLs,
</span><span class="cx">     _updateRejectClients,
</span><span class="cx">     _updateClientFixes,
</span><ins>+    _updateUtilityLog,
</ins><span class="cx">     _updateLogLevels,
</span><span class="cx">     _updateNotifications,
</span><span class="cx">     _updateICalendar,
</span><span class="cx">     _updateScheduling,
</span><span class="cx">     _updateSharing,
</span><del>-    # _updateServers,
</del><span class="cx">     _updateCompliance,
</span><span class="cx"> )
</span><span class="cx"> 
</span></span></pre></div>
<a id="CalendarServertrunktwistedcaldavtesttest_dumpconfigpy"></a>
<div class="addfile"><h4>Added: CalendarServer/trunk/twistedcaldav/test/test_dumpconfig.py (0 => 15404)</h4>
<pre class="diff"><span>
<span class="info">--- CalendarServer/trunk/twistedcaldav/test/test_dumpconfig.py                                (rev 0)
+++ CalendarServer/trunk/twistedcaldav/test/test_dumpconfig.py        2015-12-18 20:02:34 UTC (rev 15404)
</span><span class="lines">@@ -0,0 +1,135 @@
</span><ins>+##
+# Copyright (c) 2015 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the &quot;License&quot;);
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an &quot;AS IS&quot; BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+from unittest.case import TestCase
+from twistedcaldav.dumpconfig import parseConfigItem, processConfig, \
+    writeOrderedPlistToString
+from collections import OrderedDict
+
+class TestDumpConfig (TestCase):
+
+    def test_parseConfigItem(self):
+        &quot;&quot;&quot;
+        Make sure L{parseConfigItem} can parse the DEFAULT_* items
+        &quot;&quot;&quot;
+
+        items = {
+            &quot;DEFAULT_SERVICE_PARAMS&quot;,
+            &quot;DEFAULT_RESOURCE_PARAMS&quot;,
+            &quot;DEFAULT_AUGMENT_PARAMS&quot;,
+            &quot;DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS&quot;,
+            &quot;DEFAULT_CONFIG&quot;,
+        }
+
+        for item in items:
+            lines = parseConfigItem(item)
+            self.assertNotEqual(len(lines), 0, msg=&quot;Failed {}&quot;.format(item))
+
+
+    def test_writeOrderedPlistToString(self):
+        &quot;&quot;&quot;
+        Make sure L{writeOrderedPlistToString} preserves key order
+        &quot;&quot;&quot;
+
+        data = OrderedDict()
+        data[&quot;KeyB&quot;] = &quot;1&quot;
+        data[&quot;KeyA&quot;] = &quot;2&quot;
+        data[&quot;KeyC&quot;] = &quot;3&quot;
+        data[&quot;KeyE&quot;] = &quot;4&quot;
+        data[&quot;KeyD&quot;] = &quot;5&quot;
+
+        plist = writeOrderedPlistToString(data)
+        self.assertEqual(plist, &quot;&quot;&quot;&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot; &quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
+&lt;plist version=&quot;1.0&quot;&gt;
+&lt;dict&gt;
+\t&lt;key&gt;KeyB&lt;/key&gt;
+\t&lt;string&gt;1&lt;/string&gt;
+
+\t&lt;key&gt;KeyA&lt;/key&gt;
+\t&lt;string&gt;2&lt;/string&gt;
+
+\t&lt;key&gt;KeyC&lt;/key&gt;
+\t&lt;string&gt;3&lt;/string&gt;
+
+\t&lt;key&gt;KeyE&lt;/key&gt;
+\t&lt;string&gt;4&lt;/string&gt;
+
+\t&lt;key&gt;KeyD&lt;/key&gt;
+\t&lt;string&gt;5&lt;/string&gt;
+&lt;/dict&gt;
+&lt;/plist&gt;
+&quot;&quot;&quot;)
+
+
+    def test_plistWithComments(self):
+        &quot;&quot;&quot;
+        Make sure L{writeOrderedPlistToString} preserves key order
+        &quot;&quot;&quot;
+
+        data = OrderedDict()
+        data[&quot;comment_1&quot;] = &quot;All about KeyB&quot;
+        data[&quot;KeyB&quot;] = &quot;1&quot;
+        data[&quot;section_2&quot;] = &quot;Details on KeyA &amp; KeyC&quot;
+        data[&quot;comment_3&quot;] = &quot;All about KeyA&quot;
+        data[&quot;KeyA&quot;] = &quot;2&quot;
+        data[&quot;comment_4&quot;] = &quot;All about KeyC&quot;
+        data[&quot;KeyC&quot;] = &quot;3&quot;
+
+        plist = writeOrderedPlistToString(data)
+        self.assertEqual(plist, &quot;&quot;&quot;&lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
+&lt;!DOCTYPE plist PUBLIC &quot;-//Apple//DTD PLIST 1.0//EN&quot; &quot;http://www.apple.com/DTDs/PropertyList-1.0.dtd&quot;&gt;
+&lt;plist version=&quot;1.0&quot;&gt;
+&lt;dict&gt;
+\t&lt;!-- All about KeyB --&gt;
+\t&lt;key&gt;KeyB&lt;/key&gt;
+\t&lt;string&gt;1&lt;/string&gt;
+
+\t&lt;!-- Details on KeyA &amp;amp; KeyC --&gt;
+
+\t&lt;!-- All about KeyA --&gt;
+\t&lt;key&gt;KeyA&lt;/key&gt;
+\t&lt;string&gt;2&lt;/string&gt;
+
+\t&lt;!-- All about KeyC --&gt;
+\t&lt;key&gt;KeyC&lt;/key&gt;
+\t&lt;string&gt;3&lt;/string&gt;
+&lt;/dict&gt;
+&lt;/plist&gt;
+&quot;&quot;&quot;)
+
+
+    def test_fullPlistDump(self):
+        &quot;&quot;&quot;
+        Make sure a full dump of DEFAULT_CONFIG works
+        &quot;&quot;&quot;
+
+        maps = {
+            &quot;DEFAULT_SERVICE_PARAMS&quot;: &quot;&quot;,
+            &quot;DEFAULT_RESOURCE_PARAMS&quot;: &quot;&quot;,
+            &quot;DEFAULT_AUGMENT_PARAMS&quot;: &quot;&quot;,
+            &quot;DEFAULT_DIRECTORY_ADDRESSBOOK_PARAMS&quot;: &quot;&quot;,
+        }
+
+        for item in maps.keys():
+            lines = parseConfigItem(item)
+            maps[item] = processConfig(lines, with_comments=True, verbose=False)
+
+        # Generate the plist for the default config, substituting for the *_PARAMS items
+        lines = parseConfigItem(&quot;DEFAULT_CONFIG&quot;)
+        j = processConfig(lines, with_comments=True, verbose=False, substitutions=maps)
+        result = writeOrderedPlistToString(j)
+        self.assertIn('&lt;plist version=&quot;1.0&quot;&gt;', result)
</ins></span></pre>
</div>
</div>

</body>
</html>