/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License, Version 1.0 only
 * (the "License").  You may not use this file except in compliance
 * with the License.
 *
 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
 * or http://forgerock.org/license/CDDLv1.0.html.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at legal-notices/CDDLv1_0.txt.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information:
 *      Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 *
 *
 *      Copyright 2006-2010 Sun Microsystems, Inc.
 *      Portions Copyright 2011-2015 ForgeRock AS
 */
package org.opends.server.types;

import java.io.BufferedWriter;
import java.io.IOException;
import java.util.*;

import org.forgerock.i18n.LocalizableMessage;
import org.forgerock.i18n.LocalizableMessageBuilder;
import org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.ldap.ByteSequence;
import org.forgerock.opendj.ldap.ByteSequenceReader;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.SearchScope;
import org.forgerock.opendj.ldap.schema.MatchingRule;
import org.forgerock.opendj.ldap.schema.ObjectClassType;
import org.opends.server.api.CompressedSchema;
import org.opends.server.api.ProtocolElement;
import org.opends.server.api.plugin.PluginResult;
import org.opends.server.core.DirectoryServer;
import org.opends.server.core.PluginConfigManager;
import org.opends.server.core.SubentryManager;
import org.opends.server.types.SubEntry.CollectiveConflictBehavior;
import org.opends.server.util.LDIFException;
import org.opends.server.util.LDIFWriter;

import static org.forgerock.opendj.ldap.ResultCode.*;
import static org.opends.messages.CoreMessages.*;
import static org.opends.messages.UtilityMessages.*;
import static org.opends.server.config.ConfigConstants.*;
import static org.opends.server.util.CollectionUtils.*;
import static org.opends.server.util.LDIFWriter.*;
import static org.opends.server.util.ServerConstants.*;
import static org.opends.server.util.StaticUtils.*;

/**
 * This class defines a data structure for a Directory Server entry.
 * It includes a DN and a set of attributes.
 * <BR><BR>
 * The entry also contains a volatile attachment object, which should
 * be used to associate the entry with a special type of object that
 * is based on its contents.  For example, if the entry holds access
 * control information, then the attachment might be an object that
 * contains a representation of that access control definition in a
 * more useful form.  This is only useful if the entry is to be
 * cached, since the attachment may be accessed if the entry is
 * retrieved from the cache, but if the entry is retrieved from the
 * backend repository it cannot be guaranteed to contain any
 * attachment (and in most cases will not).  This attachment is
 * volatile in that it is not always guaranteed to be present, it may
 * be removed or overwritten at any time, and it will be invalidated
 * and removed if the entry is altered in any way.
 */
@org.opends.server.types.PublicAPI(
     stability=org.opends.server.types.StabilityLevel.UNCOMMITTED,
     mayInstantiate=true,
     mayExtend=false,
     mayInvoke=true)
public class Entry
       implements ProtocolElement
{
  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();

  /** The set of operational attributes for this entry. */
  private Map<AttributeType,List<Attribute>> operationalAttributes;

  /** The set of user attributes for this entry. */
  private Map<AttributeType,List<Attribute>> userAttributes;

  /**
   * The set of suppressed real attributes for this entry. It contains real
   * attributes that have been overridden by virtual attributes.
   */
  private final Map<AttributeType, List<Attribute>> suppressedAttributes = new LinkedHashMap<>();

  /** The set of objectclasses for this entry. */
  private Map<ObjectClass,String> objectClasses;

  private Attribute objectClassAttribute;

  /** The DN for this entry. */
  private DN dn;

  /**
   * A generic attachment that may be used to associate this entry with some
   * other object.
   */
  private transient Object attachment;

  /** The schema used to govern this entry. */
  private final Schema schema;



  /**
   * Creates a new entry with the provided information.
   *
   * @param  dn                     The distinguished name for this
   *                                entry.
   * @param  objectClasses          The set of objectclasses for this
   *                                entry as a mapping between the
   *                                objectclass and the name to use to
   *                                reference it.
   * @param  userAttributes         The set of user attributes for
   *                                this entry as a mapping between
   *                                the attribute type and the list of
   *                                attributes with that type.
   * @param  operationalAttributes  The set of operational attributes
   *                                for this entry as a mapping
   *                                between the attribute type and the
   *                                list of attributes with that type.
   */
  public Entry(DN dn, Map<ObjectClass,String> objectClasses,
               Map<AttributeType,List<Attribute>> userAttributes,
               Map<AttributeType,List<Attribute>> operationalAttributes)
  {
    schema = DirectoryServer.getSchema();

    setDN(dn);

    this.objectClasses = newMapIfNull(objectClasses);
    this.userAttributes = newMapIfNull(userAttributes);
    this.operationalAttributes = newMapIfNull(operationalAttributes);
  }

  /**
   * Returns a new Map if the passed in Map is null.
   *
   * @param <K>
   *          the type of the key
   * @param <V>
   *          the type of the value
   * @param map
   *          the map to test
   * @return a new Map if the passed in Map is null.
   */
  private <K, V> Map<K, V> newMapIfNull(Map<K, V> map)
  {
    if (map != null)
    {
      return map;
    }
    return new HashMap<>();
  }



  /**
   * Retrieves the distinguished name for this entry.
   *
   * @return  The distinguished name for this entry.
   */
  public DN getName()
  {
    return dn;
  }



  /**
   * Specifies the distinguished name for this entry.
   *
   * @param  dn  The distinguished name for this entry.
   */
  public void setDN(DN dn)
  {
    if (dn == null)
    {
      this.dn = DN.rootDN();
    }
    else
    {
      this.dn = dn;
    }

    attachment = null;
  }



  /**
   * Retrieves the set of objectclasses defined for this entry.  The
   * caller should be allowed to modify the contents of this list, but
   * if it does then it should also invalidate the attachment.
   *
   * @return  The set of objectclasses defined for this entry.
   */
  public Map<ObjectClass,String> getObjectClasses()
  {
    return objectClasses;
  }



  /**
   * Indicates whether this entry has the specified objectclass.
   *
   * @param  objectClass  The objectclass for which to make the
   *                      determination.
   *
   * @return  <CODE>true</CODE> if this entry has the specified
   *          objectclass, or <CODE>false</CODE> if not.
   */
  public boolean hasObjectClass(ObjectClass objectClass)
  {
    return objectClasses.containsKey(objectClass);
  }



  /**
   * Retrieves the structural objectclass for this entry.
   *
   * @return  The structural objectclass for this entry, or
   *          <CODE>null</CODE> if there is none for some reason.  If
   *          there are multiple structural classes in the entry, then
   *          the first will be returned.
   */
  public ObjectClass getStructuralObjectClass()
  {
    ObjectClass structuralClass = null;

    for (ObjectClass oc : objectClasses.keySet())
    {
      if (oc.getObjectClassType() == ObjectClassType.STRUCTURAL)
      {
        if (structuralClass == null)
        {
          structuralClass = oc;
        }
        else if (oc.isDescendantOf(structuralClass))
        {
          structuralClass = oc;
        }
      }
    }

    return structuralClass;
  }



  /**
   * Adds the provided objectClass to this entry.
   *
   * @param  oc The objectClass to add to this entry.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to add the objectclass to this
   *                              entry.
   */
  public void addObjectClass(ObjectClass oc)
         throws DirectoryException
  {
    attachment = null;

    if (objectClasses.containsKey(oc))
    {
      LocalizableMessage message = ERR_ENTRY_ADD_DUPLICATE_OC.get(oc.getNameOrOID(), dn);
      throw new DirectoryException(OBJECTCLASS_VIOLATION, message);
    }

    objectClasses.put(oc, oc.getNameOrOID());
  }



  /**
   * Retrieves the entire set of attributes for this entry.  This will
   * include both user and operational attributes.  The caller must
   * not modify the contents of this list.  Also note that this method
   * is less efficient than calling either (or both)
   * <CODE>getUserAttributes</CODE> or
   * <CODE>getOperationalAttributes</CODE>, so it should only be used
   * when calls to those methods are not appropriate.
   *
   * @return  The entire set of attributes for this entry.
   */
  public List<Attribute> getAttributes()
  {
    // Estimate the size.
    int size = userAttributes.size() + operationalAttributes.size();

    final List<Attribute> attributes = new ArrayList<>(size);
    for (List<Attribute> attrs : userAttributes.values())
    {
      attributes.addAll(attrs);
    }
    for (List<Attribute> attrs : operationalAttributes.values())
    {
      attributes.addAll(attrs);
    }
    return attributes;
  }

  /**
   * Retrieves the entire set of user (i.e., non-operational)
   * attributes for this entry.  The caller should be allowed to
   * modify the contents of this list, but if it does then it should
   * also invalidate the attachment.
   *
   * @return  The entire set of user attributes for this entry.
   */
  public Map<AttributeType,List<Attribute>> getUserAttributes()
  {
    return userAttributes;
  }



  /**
   * Retrieves the entire set of operational attributes for this
   * entry.  The caller should be allowed to modify the contents of
   * this list, but if it does then it should also invalidate the
   * attachment.
   *
   * @return  The entire set of operational attributes for this entry.
   */
  public Map<AttributeType,List<Attribute>> getOperationalAttributes()
  {
    return operationalAttributes;
  }



  /**
   * Retrieves an attribute holding the objectclass information for
   * this entry.  The returned attribute must not be altered.
   *
   * @return  An attribute holding the objectclass information for
   *          this entry, or <CODE>null</CODE> if it does not have any
   *          objectclass information.
   */
  public Attribute getObjectClassAttribute()
  {
    if (objectClasses == null || objectClasses.isEmpty())
    {
      return null;
    }

    if(objectClassAttribute == null)
    {
      AttributeType ocType = DirectoryServer.getObjectClassAttributeType();
      AttributeBuilder builder = new AttributeBuilder(ocType, ATTR_OBJECTCLASS);
      builder.addAllStrings(objectClasses.values());
      objectClassAttribute = builder.toAttribute();
    }

    return objectClassAttribute;
  }



  /**
   * Indicates whether this entry contains the specified attribute.
   * Any subordinate attribute of the specified attribute will also be
   * used in the determination.
   *
   * @param attributeType
   *          The attribute type for which to make the determination.
   * @return <CODE>true</CODE> if this entry contains the specified
   *         attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasAttribute(AttributeType attributeType)
  {
    return hasAttribute(attributeType, null, true);
  }


  /**
   * Indicates whether this entry contains the specified attribute.
   *
   * @param  attributeType       The attribute type for which to
   *                             make the determination.
   * @param  includeSubordinates Whether to include any subordinate
   *                             attributes of the attribute type
   *                             being retrieved.
   *
   * @return  <CODE>true</CODE> if this entry contains the specified
   *          attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasAttribute(AttributeType attributeType,
                              boolean includeSubordinates)
  {
    return hasAttribute(attributeType, null, includeSubordinates);
  }



  /**
   * Indicates whether this entry contains the specified attribute
   * with all of the options in the provided set. Any subordinate
   * attribute of the specified attribute will also be used in the
   * determination.
   *
   * @param attributeType
   *          The attribute type for which to make the determination.
   * @param options
   *          The set of options to use in the determination.
   * @return <CODE>true</CODE> if this entry contains the specified
   *         attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasAttribute(AttributeType attributeType, Set<String> options)
  {
    return hasAttribute(attributeType, options, true);
  }



  /**
   * Indicates whether this entry contains the specified attribute
   * with all of the options in the provided set.
   *
   * @param attributeType
   *          The attribute type for which to make the determination.
   * @param options
   *          The set of options to use in the determination.
   * @param includeSubordinates
   *          Whether to include any subordinate attributes of the
   *          attribute type being retrieved.
   * @return <CODE>true</CODE> if this entry contains the specified
   *         attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasAttribute(
      AttributeType attributeType,
      Set<String> options,
      boolean includeSubordinates)
  {
    // Handle object class.
    if (attributeType.isObjectClass())
    {
      return !objectClasses.isEmpty() && (options == null || options.isEmpty());
    }

    if (!includeSubordinates)
    {
      // It's possible that there could be an attribute without any
      // values, which we should treat as not having the requested
      // attribute.
      Attribute attribute = getExactAttribute(attributeType, options);
      return attribute != null && !attribute.isEmpty();
    }

    // Check all matching attributes.
    List<Attribute> attributes = getAttributes(attributeType);
    if (attributes != null)
    {
      for (Attribute attribute : attributes)
      {
        // It's possible that there could be an attribute without any
        // values, which we should treat as not having the requested
        // attribute.
        if (!attribute.isEmpty() && attribute.hasAllOptions(options))
        {
          return true;
        }
      }
    }

    // Check sub-types.
    if (attributeType.mayHaveSubordinateTypes())
    {
      for (AttributeType subType : schema.getSubTypes(attributeType))
      {
        attributes = getAttributes(subType);
        if (attributes != null)
        {
          for (Attribute attribute : attributes)
          {
            // It's possible that there could be an attribute without any values,
            // which we should treat as not having the requested attribute.
            if (!attribute.isEmpty() && attribute.hasAllOptions(options))
            {
              return true;
            }
          }
        }
      }
    }

    return false;
  }

  /**
   * Returns the attributes Map corresponding to the operational status of the
   * supplied attribute type.
   *
   * @param attrType
   *          the attribute type
   * @return the user of operational attributes Map
   */
  private Map<AttributeType, List<Attribute>> getUserOrOperationalAttributes(
      AttributeType attrType)
  {
    if (attrType.isOperational())
    {
      return operationalAttributes;
    }
    return userAttributes;
  }

  /**
   * Return the List of attributes for the passed in attribute type.
   *
   * @param attrType
   *          the attribute type
   * @return the List of user or operational attributes
   */
  private List<Attribute> getAttributes(AttributeType attrType)
  {
    return getUserOrOperationalAttributes(attrType).get(attrType);
  }

  /**
   * Puts the supplied List of attributes for the passed in attribute type into
   * the map of attributes.
   *
   * @param attrType
   *          the attribute type
   * @param attributes
   *          the List of user or operational attributes to put
   */
  private void putAttributes(AttributeType attrType, List<Attribute> attributes)
  {
    getUserOrOperationalAttributes(attrType).put(attrType, attributes);
  }

  /**
   * Removes the List of attributes for the passed in attribute type from the
   * map of attributes.
   *
   * @param attrType
   *          the attribute type
   */
  private void removeAttributes(AttributeType attrType)
  {
    getUserOrOperationalAttributes(attrType).remove(attrType);
  }

  /**
   * Retrieves the requested attribute element(s) for the specified
   * attribute type. The list returned may include multiple elements
   * if the same attribute exists in the entry multiple times with
   * different sets of options. It may also include any subordinate
   * attributes of the attribute being retrieved.
   *
   * @param attributeType
   *          The attribute type to retrieve.
   * @return The requested attribute element(s) for the specified
   *         attribute type, or <CODE>null</CODE> if the specified
   *         attribute type is not present in this entry.
   */
  public List<Attribute> getAttribute(AttributeType attributeType)
  {
    return getAttribute(attributeType, true);
  }


  /**
   * Retrieves the requested attribute element(s) for the specified
   * attribute type.  The list returned may include multiple elements
   * if the same attribute exists in the entry multiple times with
   * different sets of options.
   *
   * @param  attributeType       The attribute type to retrieve.
   * @param  includeSubordinates Whether to include any subordinate
   *                             attributes of the attribute type
   *                             being retrieved.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if the specified
   *          attribute type is not present in this entry.
   */
  public List<Attribute> getAttribute(AttributeType attributeType,
                                      boolean includeSubordinates)
  {
    if (includeSubordinates && attributeType.mayHaveSubordinateTypes())
    {
      List<Attribute> attributes = new LinkedList<>();
      addAllIfNotNull(attributes, userAttributes.get(attributeType));
      addAllIfNotNull(attributes, operationalAttributes.get(attributeType));

      for (AttributeType at : schema.getSubTypes(attributeType))
      {
        addAllIfNotNull(attributes, userAttributes.get(at));
        addAllIfNotNull(attributes, operationalAttributes.get(at));
      }

      if (!attributes.isEmpty())
      {
        return attributes;
      }
      return null;
    }

    List<Attribute> attributes = userAttributes.get(attributeType);
    if (attributes != null)
    {
      return attributes;
    }
    attributes = operationalAttributes.get(attributeType);
    if (attributes != null)
    {
      return attributes;
    }
    if (attributeType.isObjectClass() && !objectClasses.isEmpty())
    {
      return newArrayList(getObjectClassAttribute());
    }
    return null;
  }

  /**
   * Add to the destination all the elements from a non null source .
   *
   * @param dest
   *          the destination where to add
   * @param source
   *          the source with the elements to be added
   */
  private void addAllIfNotNull(List<Attribute> dest, List<Attribute> source)
  {
    if (source != null)
    {
      dest.addAll(source);
    }
  }



  /**
   * Retrieves the requested attribute element(s) for the attribute
   * with the specified name or OID.  The list returned may include
   * multiple elements if the same attribute exists in the entry
   * multiple times with different sets of options. It may also
   * include any subordinate attributes of the attribute being
   * retrieved.
   * <BR><BR>
   * Note that this method should only be used in cases in which the
   * Directory Server schema has no reference of an attribute type
   * with the specified name.  It is not as accurate or efficient as
   * the version of this method that takes an
   * <CODE>AttributeType</CODE> argument.
   *
   * @param  lowerName  The name or OID of the attribute to return,
   *                    formatted in all lowercase characters.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if the specified
   *          attribute type is not present in this entry.
   */
  public List<Attribute> getAttribute(String lowerName)
  {
    for (AttributeType attr : userAttributes.keySet())
    {
      if (attr.hasNameOrOID(lowerName))
      {
        return getAttribute(attr, true);
      }
    }

    for (AttributeType attr : operationalAttributes.keySet())
    {
      if (attr.hasNameOrOID(lowerName))
      {
        return getAttribute(attr, true);
      }
    }

    if (lowerName.equals(OBJECTCLASS_ATTRIBUTE_TYPE_NAME)
        && !objectClasses.isEmpty())
    {
      return newLinkedList(getObjectClassAttribute());
    }
    return null;
  }

  /**
   * Retrieves the requested attribute element(s) for the specified
   * attribute type.  The list returned may include multiple elements
   * if the same attribute exists in the entry multiple times with
   * different sets of options. It may also include any subordinate
   * attributes of the attribute being retrieved.
   *
   * @param  attributeType       The attribute type to retrieve.
   * @param  options             The set of attribute options to
   *                             include in matching elements.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if the specified
   *          attribute type is not present in this entry with the
   *          provided set of options.
   */
  public List<Attribute> getAttribute(AttributeType attributeType,
                                      Set<String> options)
  {
    return getAttribute(attributeType, true, options);
  }

  /**
   * Retrieves the requested attribute element(s) for the specified
   * attribute type.  The list returned may include multiple elements
   * if the same attribute exists in the entry multiple times with
   * different sets of options.
   *
   * @param  attributeType       The attribute type to retrieve.
   * @param  includeSubordinates Whether to include any subordinate
   *                             attributes of the attribute type
   *                             being retrieved.
   * @param  options             The set of attribute options to
   *                             include in matching elements.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if the specified
   *          attribute type is not present in this entry with the
   *          provided set of options.
   */
  public List<Attribute> getAttribute(AttributeType attributeType,
                                      boolean includeSubordinates,
                                      Set<String> options)
  {
    List<Attribute> attributes = new LinkedList<>();
    if (includeSubordinates && attributeType.mayHaveSubordinateTypes())
    {
      addAllIfNotNull(attributes, userAttributes.get(attributeType));
      addAllIfNotNull(attributes, operationalAttributes.get(attributeType));

      for (AttributeType at : schema.getSubTypes(attributeType))
      {
        addAllIfNotNull(attributes, userAttributes.get(at));
        addAllIfNotNull(attributes, operationalAttributes.get(at));
      }
    }
    else
    {
      List<Attribute> attrs = userAttributes.get(attributeType);
      if (attrs == null)
      {
        attrs = operationalAttributes.get(attributeType);
        if (attrs == null)
        {
          if (attributeType.isObjectClass()
              && !objectClasses.isEmpty()
              && (options == null || options.isEmpty()))
          {
            attributes.add(getObjectClassAttribute());
            return attributes;
          }
          return null;
        }
      }
      attributes.addAll(attrs);
    }

    onlyKeepAttributesWithAllOptions(attributes, options);

    if (!attributes.isEmpty())
    {
      return attributes;
    }
    return null;
  }



  /**
   * Retrieves the requested attribute element(s) for the attribute
   * with the specified name or OID and set of options.  The list
   * returned may include multiple elements if the same attribute
   * exists in the entry multiple times with different sets of
   * matching options.
   * <BR><BR>
   * Note that this method should only be used in cases in which the
   * Directory Server schema has no reference of an attribute type
   * with the specified name.  It is not as accurate or efficient as
   * the version of this method that takes an
   * <CODE>AttributeType</CODE> argument.
   *
   * @param  lowerName  The name or OID of the attribute to return,
   *                    formatted in all lowercase characters.
   * @param  options    The set of attribute options to include in
   *                    matching elements.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if the specified
   *          attribute type is not present in this entry.
   */
  public List<Attribute> getAttribute(String lowerName,
                                      Set<String> options)
  {
    for (AttributeType attr : userAttributes.keySet())
    {
      if (attr.hasNameOrOID(lowerName))
      {
        return getAttribute(attr, options);
      }
    }

    for (AttributeType attr : operationalAttributes.keySet())
    {
      if (attr.hasNameOrOID(lowerName))
      {
        return getAttribute(attr, options);
      }
    }

    if (lowerName.equals(OBJECTCLASS_ATTRIBUTE_TYPE_NAME) &&
        (options == null || options.isEmpty()))
    {
      return newLinkedList(getObjectClassAttribute());
    }
    return null;
  }


  /**
   * Returns a parser for the named attribute contained in this entry.
   * <p>
   * The attribute description will be decoded using the schema associated
   * with this entry (usually the default schema).
   *
   * @param attributeDescription
   *            The name of the attribute to be parsed.
   * @return A parser for the named attribute.
   * @throws LocalizedIllegalArgumentException
   *             If {@code attributeDescription} could not be decoded using
   *             the schema associated with this entry.
   * @throws NullPointerException
   *             If {@code attributeDescription} was {@code null}.
   */
  public AttributeParser parseAttribute(String attributeDescription)
      throws LocalizedIllegalArgumentException, NullPointerException
  {
    final List<Attribute> attribute = getAttribute(attributeDescription);
    boolean notEmpty = attribute != null && !attribute.isEmpty();
    return AttributeParser.parseAttribute(notEmpty ? attribute.get(0) : null);
  }



  /**
   * Indicates whether this entry contains the specified user
   * attribute.
   *
   * @param attributeType
   *          The attribute type for which to make the determination.
   * @return <CODE>true</CODE> if this entry contains the specified
   *         user attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasUserAttribute(AttributeType attributeType)
  {
    return hasAttribute(userAttributes, attributeType);
  }



  /**
   * Retrieves the requested user attribute element(s) for the
   * specified attribute type.  The list returned may include multiple
   * elements if the same attribute exists in the entry multiple times
   * with different sets of options.
   *
   * @param  attributeType  The attribute type to retrieve.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if there is no such
   *          user attribute.
   */
  public List<Attribute> getUserAttribute(AttributeType attributeType)
  {
    return getAttribute(attributeType, userAttributes);
  }

  /**
   * Returns the List of attributes for a given attribute type.
   *
   * @param attributeType
   *          the attribute type to be looked for
   * @param attrs
   *          the attributes Map where to find the attributes
   * @return the List of attributes
   */
  private List<Attribute> getAttribute(AttributeType attributeType,
      Map<AttributeType, List<Attribute>> attrs)
  {
    if (attributeType.mayHaveSubordinateTypes())
    {
      List<Attribute> attributes = new LinkedList<>();
      addAllIfNotNull(attributes, attrs.get(attributeType));
      for (AttributeType at : schema.getSubTypes(attributeType))
      {
        addAllIfNotNull(attributes, attrs.get(at));
      }

      if (!attributes.isEmpty())
      {
        return attributes;
      }
      return null;
    }
    return attrs.get(attributeType);
  }



  /**
   * Retrieves the requested user attribute element(s) for the
   * specified attribute type.  The list returned may include multiple
   * elements if the same attribute exists in the entry multiple times
   * with different sets of options.
   *
   * @param  attributeType  The attribute type to retrieve.
   * @param  options        The set of attribute options to include in
   *                        matching elements.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if there is no such
   *          user attribute with the specified set of options.
   */
  public List<Attribute> getUserAttribute(AttributeType attributeType,
                                          Set<String> options)
  {
    return getAttribute(attributeType, options, userAttributes);
  }

  /**
   * Returns the List of attributes for a given attribute type having all the
   * required options.
   *
   * @param attributeType
   *          the attribute type to be looked for
   * @param options
   *          the options that must all be present
   * @param attrs
   *          the attributes Map where to find the attributes
   * @return the filtered List of attributes
   */
  private List<Attribute> getAttribute(AttributeType attributeType,
      Set<String> options, Map<AttributeType, List<Attribute>> attrs)
  {
    List<Attribute> attributes = new LinkedList<>();
    addAllIfNotNull(attributes, attrs.get(attributeType));

    if (attributeType.mayHaveSubordinateTypes())
    {
      for (AttributeType at : schema.getSubTypes(attributeType))
      {
        addAllIfNotNull(attributes, attrs.get(at));
      }
    }

    onlyKeepAttributesWithAllOptions(attributes, options);

    if (!attributes.isEmpty())
    {
      return attributes;
    }
    return null;
  }

  /**
   * Removes all the attributes that do not have all the supplied options.
   *
   * @param attributes
   *          the attributes to filter.
   * @param options
   *          the options to look for
   */
  private void onlyKeepAttributesWithAllOptions(List<Attribute> attributes,
      Set<String> options)
  {
    Iterator<Attribute> iterator = attributes.iterator();
    while (iterator.hasNext())
    {
      Attribute a = iterator.next();
      if (!a.hasAllOptions(options))
      {
        iterator.remove();
      }
    }
  }

  /**
   * Indicates whether this entry contains the specified operational
   * attribute.
   *
   * @param  attributeType  The attribute type for which to make the
   *                        determination.
   *
   * @return  <CODE>true</CODE> if this entry contains the specified
   *          operational attribute, or <CODE>false</CODE> if not.
   */
  public boolean hasOperationalAttribute(AttributeType attributeType)
  {
    return hasAttribute(operationalAttributes, attributeType);
  }

  private boolean hasAttribute(Map<AttributeType, List<Attribute>> attributes, AttributeType attributeType)
  {
    if (attributes.containsKey(attributeType))
    {
      return true;
    }

    if (attributeType.mayHaveSubordinateTypes())
    {
      for (AttributeType at : schema.getSubTypes(attributeType))
      {
        if (attributes.containsKey(at))
        {
          return true;
        }
      }
    }

    return false;
  }



  /**
   * Retrieves the requested operational attribute element(s) for the
   * specified attribute type.  The list returned may include multiple
   * elements if the same attribute exists in the entry multiple times
   * with different sets of options.
   *
   * @param  attributeType  The attribute type to retrieve.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if there is no such
   *          operational attribute.
   */
  public List<Attribute> getOperationalAttribute(AttributeType attributeType)
  {
    return getAttribute(attributeType, operationalAttributes);
  }




  /**
   * Retrieves the requested operational attribute element(s) for the
   * specified attribute type.  The list returned may include multiple
   * elements if the same attribute exists in the entry multiple times
   * with different sets of options.
   *
   * @param  attributeType  The attribute type to retrieve.
   * @param  options        The set of attribute options to include in
   *                        matching elements.
   *
   * @return  The requested attribute element(s) for the specified
   *          attribute type, or <CODE>null</CODE> if there is no such
   *          operational attribute with the specified set of options.
   */
  public List<Attribute> getOperationalAttribute(
                              AttributeType attributeType,
                              Set<String> options)
  {
    return getAttribute(attributeType, options, operationalAttributes);
  }



  /**
   * Puts the provided attribute in this entry.  If an attribute
   * already exists with the provided type, it will be overwritten.
   * Otherwise, a new attribute will be added.  Note that no
   * validation will be performed.
   *
   * @param  attributeType  The attribute type for the set of
   *                        attributes to add.
   * @param  attributeList  The set of attributes to add for the given
   *                        type.
   */
  public void putAttribute(AttributeType attributeType,
                           List<Attribute> attributeList)
  {
    attachment = null;


    // See if there is already a set of attributes with the specified
    // type.  If so, then overwrite it.
    List<Attribute> attrList = userAttributes.get(attributeType);
    if (attrList != null)
    {
      userAttributes.put(attributeType, attributeList);
      return;
    }

    attrList = operationalAttributes.get(attributeType);
    if (attrList != null)
    {
      operationalAttributes.put(attributeType, attributeList);
      return;
    }

    putAttributes(attributeType, attributeList);
  }



  /**
   * Ensures that this entry contains the provided attribute and its
   * values. If an attribute with the provided type already exists,
   * then its attribute values will be merged.
   * <p>
   * This method handles object class additions but will not perform
   * any object class validation. In particular, it will create
   * default object classes when an object class is unknown.
   * <p>
   * This method implements LDAP modification add semantics, with the
   * exception that it allows empty attributes to be added.
   *
   * @param attribute
   *          The attribute to add or merge with this entry.
   * @param duplicateValues
   *          A list to which any duplicate values will be added.
   */
  public void addAttribute(Attribute attribute, List<ByteString> duplicateValues)
  {
    setAttribute(attribute, duplicateValues, false /* merge */);
  }



  /**
   * Puts the provided attribute into this entry. If an attribute with
   * the provided type and options already exists, then it will be
   * replaced. If the provided attribute is empty then any existing
   * attribute will be completely removed.
   * <p>
   * This method handles object class replacements but will not
   * perform any object class validation. In particular, it will
   * create default object classes when an object class is unknown.
   * <p>
   * This method implements LDAP modification replace semantics.
   *
   * @param attribute
   *          The attribute to replace in this entry.
   */
  public void replaceAttribute(Attribute attribute)
  {
    // There can never be duplicate values for a replace.
    setAttribute(attribute, null, true /* replace */);
  }



  /**
   * Increments an attribute in this entry by the amount specified in
   * the provided attribute.
   *
   * @param attribute
   *          The attribute identifying the attribute to be increment
   *          and the amount it is to be incremented by. The attribute
   *          must contain a single value.
   * @throws DirectoryException
   *           If a problem occurs while attempting to increment the
   *           provided attribute. This may occur if the provided
   *           attribute was not single valued or if it could not be
   *           parsed as an integer of if the existing attribute
   *           values could not be parsed as integers.
   */
  public void incrementAttribute(
      Attribute attribute) throws DirectoryException
  {
    // Get the attribute that is to be incremented.
    AttributeType attributeType = attribute.getAttributeType();
    Attribute a = getExactAttribute(attributeType, attribute.getOptions());
    if (a == null)
    {
      LocalizableMessage message = ERR_ENTRY_INCREMENT_NO_SUCH_ATTRIBUTE.get(
            attribute.getName());
      throw new DirectoryException(ResultCode.NO_SUCH_ATTRIBUTE, message);
    }

    // Decode the increment.
    Iterator<ByteString> i = attribute.iterator();
    if (!i.hasNext())
    {
      LocalizableMessage message = ERR_ENTRY_INCREMENT_INVALID_VALUE_COUNT.get(
          attribute.getName());
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
    }

    String incrementValue = i.next().toString();
    long increment;
    try
    {
      increment = Long.parseLong(incrementValue);
    }
    catch (NumberFormatException e)
    {
      LocalizableMessage message = ERR_ENTRY_INCREMENT_CANNOT_PARSE_AS_INT.get(
          attribute.getName());
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
    }

    if (i.hasNext())
    {
      LocalizableMessage message = ERR_ENTRY_INCREMENT_INVALID_VALUE_COUNT.get(
          attribute.getName());
      throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
    }

    // Increment each attribute value by the specified amount.
    AttributeBuilder builder = new AttributeBuilder(a, true);

    for (ByteString v : a)
    {
      long currentValue;
      try
      {
        currentValue = Long.parseLong(v.toString());
      }
      catch (NumberFormatException e)
      {
        LocalizableMessage message = ERR_ENTRY_INCREMENT_CANNOT_PARSE_AS_INT.get(
            attribute.getName());
        throw new DirectoryException(
            ResultCode.CONSTRAINT_VIOLATION, message);
      }

      long newValue = currentValue + increment;
      builder.add(String.valueOf(newValue));
    }

    replaceAttribute(builder.toAttribute());
  }



  /**
   * Removes all instances of the specified attribute type from this
   * entry, including any instances with options. If the provided
   * attribute type is the objectclass type, then all objectclass
   * values will be removed (but must be replaced for the entry to be
   * valid). If the specified attribute type is not present in this
   * entry, then this method will have no effect.
   *
   * @param attributeType
   *          The attribute type for the attribute to remove from this
   *          entry.
   * @return <CODE>true</CODE> if the attribute was found and
   *         removed, or <CODE>false</CODE> if it was not present in
   *         the entry.
   */
  public boolean removeAttribute(AttributeType attributeType)
  {
    attachment = null;

    if (attributeType.isObjectClass())
    {
      objectClasses.clear();
      return true;
    }
    return userAttributes.remove(attributeType) != null
        || operationalAttributes.remove(attributeType) != null;
  }



  /**
   * Ensures that this entry does not contain the provided attribute
   * values. If the provided attribute is empty, then all values of
   * the associated attribute type will be removed. Otherwise, only
   * the specified values will be removed.
   * <p>
   * This method handles object class deletions.
   * <p>
   * This method implements LDAP modification delete semantics.
   *
   * @param attribute
   *          The attribute containing the information to use to
   *          perform the removal.
   * @param missingValues
   *          A list to which any values contained in the provided
   *          attribute but not present in the entry will be added.
   * @return <CODE>true</CODE> if the attribute type was present and
   *         the specified values that were present were removed, or
   *         <CODE>false</CODE> if the attribute type was not
   *         present in the entry. If the attribute type was present
   *         but only contained some of the values in the provided
   *         attribute, then this method will return <CODE>true</CODE>
   *         but will add those values to the provided list.
   */
  public boolean removeAttribute(Attribute attribute,
      List<ByteString> missingValues)
  {
    attachment = null;

    if (attribute.getAttributeType().isObjectClass())
    {
      if (attribute.isEmpty())
      {
        objectClasses.clear();
        return true;
      }

      boolean allSuccessful = true;

      MatchingRule rule =
          attribute.getAttributeType().getEqualityMatchingRule();
      for (ByteString v : attribute)
      {
        String ocName = toLowerName(rule, v);

        boolean matchFound = false;
        for (ObjectClass oc : objectClasses.keySet())
        {
          if (oc.hasNameOrOID(ocName))
          {
            matchFound = true;
            objectClasses.remove(oc);
            break;
          }
        }

        if (!matchFound)
        {
          allSuccessful = false;
          missingValues.add(v);
        }
      }

      return allSuccessful;
    }

    AttributeType attributeType = attribute.getAttributeType();
    List<Attribute> attributes = getAttributes(attributeType);
    if (attributes == null)
    {
      // There are no attributes with the same attribute type.
      for (ByteString v : attribute)
      {
        missingValues.add(v);
      }
      return false;
    }

    // There are already attributes with the same attribute type.
    Set<String> options = attribute.getOptions();
    for (int i = 0; i < attributes.size(); i++)
    {
      Attribute a = attributes.get(i);
      if (a.optionsEqual(options))
      {
        if (attribute.isEmpty())
        {
          // Remove the entire attribute.
          attributes.remove(i);
        }
        else
        {
          // Remove Specified values.
          AttributeBuilder builder = new AttributeBuilder(a);
          for (ByteString v : attribute)
          {
            if (!builder.remove(v))
            {
              missingValues.add(v);
            }
          }

          // Remove / replace the attribute as necessary.
          if (!builder.isEmpty())
          {
            attributes.set(i, builder.toAttribute());
          }
          else
          {
            attributes.remove(i);
          }
        }

        // If the attribute list is now empty remove it.
        if (attributes.isEmpty())
        {
          removeAttributes(attributeType);
        }

        return true;
      }
    }

    // No matching attribute found.
    return false;
  }

  private String toLowerName(MatchingRule rule, ByteString value)
  {
    try
    {
      return normalize(rule, value).toString();
    }
    catch (Exception e)
    {
      logger.traceException(e);
      return toLowerCase(value.toString());
    }
  }


  /**
   * Indicates whether this entry contains the specified attribute
   * value.
   *
   * @param  attributeType  The attribute type for the attribute.
   * @param  options        The set of options for the attribute.
   * @param  value          The value for the attribute.
   *
   * @return  <CODE>true</CODE> if this entry contains the specified
   *          attribute value, or <CODE>false</CODE> if it does not.
   */
  public boolean hasValue(AttributeType attributeType,
                          Set<String> options, ByteString value)
  {
    List<Attribute> attrList = getAttribute(attributeType, true);
    if (attrList == null || attrList.isEmpty())
    {
      return false;
    }

    for (Attribute a : attrList)
    {
      if (a.optionsEqual(options) && a.contains(value))
      {
        return true;
      }
    }
    return false;
  }



  /**
   * Applies the provided modification to this entry.  No schema
   * checking will be performed.
   *
   * @param  mod  The modification to apply to this entry.
   * @param  relaxConstraints indicates if the modification
   *                          constraints are relaxed to match
   *                          the ones of a set (add existing
   *                          value and delete absent value do not fail)
   *
   * @throws  DirectoryException  If a problem occurs while
   *                              attempting to apply the
   *                              modification. Note
   *                              that even if a problem occurs, then
   *                              the entry may have been altered in some way.
   */
  public void applyModification(Modification mod, boolean relaxConstraints)
         throws DirectoryException
  {
    Attribute     a = mod.getAttribute();
    AttributeType t = a.getAttributeType();

    if (t.isObjectClass())
    {
      applyModificationToObjectclass(mod, relaxConstraints);
    }
    else
    {
      applyModificationToNonObjectclass(mod, relaxConstraints);
    }
  }

  private void applyModificationToObjectclass(Modification mod, boolean relaxConstraints) throws DirectoryException
  {
    Attribute a = mod.getAttribute();

    Map<ObjectClass, String> ocs = new LinkedHashMap<>();
    for (ByteString v : a)
    {
      String ocName = v.toString();
      String lowerName = toLowerCase(ocName);
      ObjectClass oc = DirectoryServer.getObjectClass(lowerName, true);
      ocs.put(oc, ocName);
    }

    switch (mod.getModificationType().asEnum())
    {
    case ADD:
      for (ObjectClass oc : ocs.keySet())
      {
        if (objectClasses.containsKey(oc))
        {
          if (!relaxConstraints)
          {
            LocalizableMessage message = ERR_ENTRY_DUPLICATE_VALUES.get(a.getName());
            throw new DirectoryException(ATTRIBUTE_OR_VALUE_EXISTS, message);
          }
        }
        else
        {
          objectClasses.put(oc, ocs.get(oc));
        }
      }
      objectClassAttribute = null;
      break;

    case DELETE:
      for (ObjectClass oc : ocs.keySet())
      {
        if (objectClasses.remove(oc) == null && !relaxConstraints)
        {
          LocalizableMessage message = ERR_ENTRY_NO_SUCH_VALUE.get(a.getName());
          throw new DirectoryException(NO_SUCH_ATTRIBUTE, message);
        }
      }
      objectClassAttribute = null;
      break;

    case REPLACE:
      objectClasses = ocs;
      objectClassAttribute = null;
      break;

    case INCREMENT:
      LocalizableMessage message = ERR_ENTRY_OC_INCREMENT_NOT_SUPPORTED.get();
      throw new DirectoryException(CONSTRAINT_VIOLATION, message);

    default:
      message = ERR_ENTRY_UNKNOWN_MODIFICATION_TYPE.get(mod.getModificationType());
      throw new DirectoryException(UNWILLING_TO_PERFORM, message);
    }
  }

  private void applyModificationToNonObjectclass(Modification mod, boolean relaxConstraints) throws DirectoryException
  {
    Attribute a = mod.getAttribute();
    switch (mod.getModificationType().asEnum())
    {
    case ADD:
      List<ByteString> duplicateValues = new LinkedList<>();
      addAttribute(a, duplicateValues);
      if (!duplicateValues.isEmpty() && !relaxConstraints)
      {
        LocalizableMessage message = ERR_ENTRY_DUPLICATE_VALUES.get(a.getName());
        throw new DirectoryException(ATTRIBUTE_OR_VALUE_EXISTS, message);
      }
      break;

    case DELETE:
      List<ByteString> missingValues = new LinkedList<>();
      removeAttribute(a, missingValues);
      if (!missingValues.isEmpty() && !relaxConstraints)
      {
        LocalizableMessage message = ERR_ENTRY_NO_SUCH_VALUE.get(a.getName());
        throw new DirectoryException(NO_SUCH_ATTRIBUTE, message);
      }
      break;

    case REPLACE:
      replaceAttribute(a);
      break;

    case INCREMENT:
      incrementAttribute(a);
      break;

    default:
      LocalizableMessage message = ERR_ENTRY_UNKNOWN_MODIFICATION_TYPE.get(mod.getModificationType());
      throw new DirectoryException(UNWILLING_TO_PERFORM, message);
    }
  }

  /**
   * Applies the provided modification to this entry.  No schema
   * checking will be performed.
   *
   * @param  mod  The modification to apply to this entry.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to apply the modification.  Note
   *                              that even if a problem occurs, then
   *                              the entry may have been altered in some way.
   */
  public void applyModification(Modification mod) throws DirectoryException
  {
    applyModification(mod, false);
  }

  /**
   * Applies all of the provided modifications to this entry.
   *
   * @param  mods  The modifications to apply to this entry.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to apply the modifications.  Note
   *                              that even if a problem occurs, then
   *                              the entry may have been altered in some way.
   */
  public void applyModifications(List<Modification> mods)
         throws DirectoryException
  {
    for (Modification m : mods)
    {
      applyModification(m);
    }
  }



  /**
   * Indicates whether this entry conforms to the server's schema
   * requirements.  The checks performed by this method include:
   *
   * <UL>
   *   <LI>Make sure that all required attributes are present, either
   *       in the list of user or operational attributes.</LI>
   *   <LI>Make sure that all user attributes are allowed by at least
   *       one of the objectclasses.  The operational attributes will
   *       not be checked in this manner.</LI>
   *   <LI>Make sure that all single-valued attributes contained in
   *       the entry have only a single value.</LI>
   *   <LI>Make sure that the entry contains a single structural
   *       objectclass.</LI>
   *   <LI>Make sure that the entry complies with any defined name
   *       forms, DIT content rules, and DIT structure rules.</LI>
   * </UL>
   *
   * @param  parentEntry             The entry that is the immediate
   *                                 parent of this entry, which may
   *                                 be checked for DIT structure rule
   *                                 conformance.  This may be
   *                                 {@code null} if there is no
   *                                 parent or if it is unavailable
   *                                to the caller.
   * @param  parentProvided          Indicates whether the caller
   *                                 attempted to provide the parent.
   *                                 If not, then the parent entry
   *                                 will be loaded on demand if it is
   *                                 required.
   * @param  validateNameForms       Indicates whether to validate the
   *                                 entry against name form
   *                                 definitions.  This should only be
   *                                 {@code true} for add and modify
   *                                 DN operations, as well as for
   *                                 for imports.
   * @param  validateStructureRules  Indicates whether to validate the
   *                                 entry against DIT structure rule
   *                                 definitions.  This should only
   *                                 be {@code true} for add and
   *                                 modify DN operations.
   * @param  invalidReason           The buffer to which an
   *                                 explanation will be appended if
   *                                 this entry does not conform to
   *                                 the server's schema
   *                                 configuration.
   *
   * @return  {@code true} if this entry conforms to the server's
   *          schema requirements, or {@code false} if it does not.
   */
  public boolean conformsToSchema(Entry parentEntry,
                                  boolean parentProvided,
                                  boolean validateNameForms,
                                  boolean validateStructureRules,
                                  LocalizableMessageBuilder invalidReason)
  {
    // Get the structural objectclass for the entry.  If there isn't
    // one, or if there's more than one, then see if that's OK.
    AcceptRejectWarn structuralPolicy =
         DirectoryServer.getSingleStructuralObjectClassPolicy();
    ObjectClass structuralClass = null;
    boolean multipleOCErrorLogged = false;
    for (ObjectClass oc : objectClasses.keySet())
    {
      if (oc.getObjectClassType() == ObjectClassType.STRUCTURAL)
      {
        if (structuralClass == null || oc.isDescendantOf(structuralClass))
        {
          structuralClass = oc;
        }
        else if (! structuralClass.isDescendantOf(oc))
        {
          LocalizableMessage message =
                  ERR_ENTRY_SCHEMA_MULTIPLE_STRUCTURAL_CLASSES.get(
                    dn,
                    structuralClass.getNameOrOID(),
                    oc.getNameOrOID());

          if (structuralPolicy == AcceptRejectWarn.REJECT)
          {
            invalidReason.append(message);
            return false;
          }
          else if (structuralPolicy == AcceptRejectWarn.WARN
              && !multipleOCErrorLogged)
          {
            logger.error(message);
            multipleOCErrorLogged = true;
          }
        }
      }
    }

    NameForm         nameForm         = null;
    DITContentRule   ditContentRule   = null;
    DITStructureRule ditStructureRule = null;
    if (structuralClass == null)
    {
      LocalizableMessage message = ERR_ENTRY_SCHEMA_NO_STRUCTURAL_CLASS.get(dn);
      if (structuralPolicy == AcceptRejectWarn.REJECT)
      {
        invalidReason.append(message);
        return false;
      }
      else if (structuralPolicy == AcceptRejectWarn.WARN)
      {
        logger.error(message);
      }

      if (! checkAttributesAndObjectClasses(null,
              structuralPolicy, invalidReason))
      {
          return false;
      }

    }
    else
    {
      ditContentRule = DirectoryServer.getDITContentRule(structuralClass);
      if (ditContentRule != null && ditContentRule.isObsolete())
      {
        ditContentRule = null;
      }

      if (! checkAttributesAndObjectClasses(ditContentRule,
                 structuralPolicy, invalidReason))
      {
        return false;
      }

      if (validateNameForms)
      {
        /**
         * There may be multiple nameforms registered with this
         * structural objectclass.However, we need to select only one
         * of the nameforms and its corresponding DITstructure rule.
         * We will iterate over all the nameforms and see if atleast
         * one is acceptable before rejecting the entry.
         * DITStructureRules corresponding to other non-acceptable
         * nameforms are not applied.
         */
        List<NameForm> listForms = DirectoryServer.getNameForm(structuralClass);
        if(listForms != null)
        {
          boolean matchFound = false;
          boolean obsolete = true;
          for(int index=0; index <listForms.size(); index++)
          {
            NameForm nf = listForms.get(index);
            if(!nf.isObsolete())
            {
              obsolete = false;
              matchFound = checkNameForm(nf, structuralPolicy, invalidReason);

              if(matchFound)
              {
                nameForm = nf;
                break;
              }

              if(index != listForms.size()-1)
              {
                invalidReason.append(",");
              }
            }
          }
          if(! obsolete && !matchFound)
          {
            // We couldn't match this entry against any of the nameforms.
            return false;
          }
        }


        if (validateStructureRules && nameForm != null)
        {
          ditStructureRule = DirectoryServer.getDITStructureRule(nameForm);
          if (ditStructureRule != null && ditStructureRule.isObsolete())
          {
            ditStructureRule = null;
          }
        }
      }
    }


    // If there is a DIT content rule for this entry, then make sure
    // that the entry is in compliance with it.
    if (ditContentRule != null
       && !checkDITContentRule(ditContentRule, structuralPolicy, invalidReason))
    {
      return false;
    }

    return checkDITStructureRule(ditStructureRule, structuralClass,
        parentEntry, parentProvided, validateStructureRules, structuralPolicy,
        invalidReason);
  }



  /**
   * Checks the attributes and object classes contained in this entry
   * to determine whether they conform to the server schema
   * requirements.
   *
   * @param  ditContentRule    The DIT content rule for this entry, if
   *                           any.
   * @param  structuralPolicy  The policy that should be used for
   *                           structural object class compliance.
   * @param  invalidReason     A buffer into which an invalid reason
   *                           may be added.
   *
   * @return {@code true} if this entry passes all of the checks, or
   *         {@code false} if there are any failures.
   */
  private boolean checkAttributesAndObjectClasses(
                       DITContentRule ditContentRule,
                       AcceptRejectWarn structuralPolicy,
                       LocalizableMessageBuilder invalidReason)
  {
    // Make sure that we recognize all of the objectclasses, that all
    // auxiliary classes are allowed by the DIT content rule, and that
    // all attributes required by the object classes are present.
    for (ObjectClass o : objectClasses.keySet())
    {
      if (DirectoryServer.getObjectClass(o.getOID()) == null)
      {
        LocalizableMessage message = ERR_ENTRY_SCHEMA_UNKNOWN_OC.get(dn, o.getNameOrOID());
        invalidReason.append(message);
        return false;
      }

      if (o.getObjectClassType() == ObjectClassType.AUXILIARY
          && ditContentRule != null && !ditContentRule.getAuxiliaryClasses().contains(o))
      {
        LocalizableMessage message =
                ERR_ENTRY_SCHEMA_DISALLOWED_AUXILIARY_CLASS.get(
                  dn,
                  o.getNameOrOID(),
                  ditContentRule.getNameOrOID());
        if (structuralPolicy == AcceptRejectWarn.REJECT)
        {
          invalidReason.append(message);
          return false;
        }
        else if (structuralPolicy == AcceptRejectWarn.WARN)
        {
          logger.error(message);
        }
      }

      for (AttributeType t : o.getRequiredAttributes())
      {
        if (!userAttributes.containsKey(t)
            && !operationalAttributes.containsKey(t)
            && !t.isObjectClass())
        {
          LocalizableMessage message =
                  ERR_ENTRY_SCHEMA_MISSING_REQUIRED_ATTR_FOR_OC.get(
                    dn,
                    t.getNameOrOID(),
                    o.getNameOrOID());
          invalidReason.append(message);
          return false;
        }
      }
    }


    // Make sure all the user attributes are allowed, have at least
    // one value, and if they are single-valued that they have exactly
    // one value.
    for (AttributeType t : userAttributes.keySet())
    {
      boolean found = false;
      for (ObjectClass o : objectClasses.keySet())
      {
        if (o.isRequiredOrOptional(t))
        {
          found = true;
          break;
        }
      }

      if (!found && ditContentRule != null
          && ditContentRule.isRequiredOrOptional(t))
      {
        found = true;
      }

      if (! found)
      {
        LocalizableMessage message =
                ERR_ENTRY_SCHEMA_DISALLOWED_USER_ATTR_FOR_OC.get( dn, t.getNameOrOID());
        invalidReason.append(message);
        return false;
      }

      List<Attribute> attrList = userAttributes.get(t);
      if (attrList != null)
      {
        for (Attribute a : attrList)
        {
          if (a.isEmpty())
          {
            invalidReason.append(ERR_ENTRY_SCHEMA_ATTR_NO_VALUES.get(dn, t.getNameOrOID()));
            return false;
          }
          else if (t.isSingleValue() && a.size() != 1)
          {
            invalidReason.append(ERR_ENTRY_SCHEMA_ATTR_SINGLE_VALUED.get(dn, t.getNameOrOID()));
            return false;
          }
        }
      }
    }


    // Iterate through all of the operational attributes and make sure
    // that all of the single-valued attributes only have one value.
    for (AttributeType t : operationalAttributes.keySet())
    {
      if (t.isSingleValue())
      {
        List<Attribute> attrList = operationalAttributes.get(t);
        if (attrList != null)
        {
          for (Attribute a : attrList)
          {
            if (a.size() > 1)
            {
              invalidReason.append(ERR_ENTRY_SCHEMA_ATTR_SINGLE_VALUED.get(dn, t.getNameOrOID()));
              return false;
            }
          }
        }
      }
    }


    // If we've gotten here, then things are OK.
    return true;
  }



  /**
   * Performs any processing needed for name form validation.
   *
   * @param  nameForm          The name form to validate against this
   *                           entry.
   * @param  structuralPolicy  The policy that should be used for
   *                           structural object class compliance.
   * @param  invalidReason     A buffer into which an invalid reason
   *                           may be added.
   *
   * @return {@code true} if this entry passes all of the checks, or
   *         {@code false} if there are any failures.
   */
  private boolean checkNameForm(NameForm nameForm,
                       AcceptRejectWarn structuralPolicy,
                       LocalizableMessageBuilder invalidReason)
  {
    RDN rdn = dn.rdn();
    if (rdn != null)
    {
        // Make sure that all the required attributes are present.
        for (AttributeType t : nameForm.getRequiredAttributes())
        {
          if (! rdn.hasAttributeType(t))
          {
            LocalizableMessage message =
                    ERR_ENTRY_SCHEMA_RDN_MISSING_REQUIRED_ATTR.get(
                      dn,
                      t.getNameOrOID(),
                      nameForm.getNameOrOID());

            if (structuralPolicy == AcceptRejectWarn.REJECT)
            {
              invalidReason.append(message);
              return false;
            }
            else if (structuralPolicy == AcceptRejectWarn.WARN)
            {
              logger.error(message);
            }
          }
        }

          // Make sure that all attributes in the RDN are allowed.
          int numAVAs = rdn.getNumValues();
          for (int i = 0; i < numAVAs; i++)
          {
            AttributeType t = rdn.getAttributeType(i);
            if (! nameForm.isRequiredOrOptional(t))
            {
              LocalizableMessage message =
                      ERR_ENTRY_SCHEMA_RDN_DISALLOWED_ATTR.get(
                        dn,
                        t.getNameOrOID(),
                        nameForm.getNameOrOID());

              if (structuralPolicy == AcceptRejectWarn.REJECT)
              {
                invalidReason.append(message);
                return false;
              }
              else if (structuralPolicy == AcceptRejectWarn.WARN)
              {
                logger.error(message);
              }
            }
          }
    }

    // If we've gotten here, then things are OK.
    return true;
  }



  /**
   * Performs any processing needed for DIT content rule validation.
   *
   * @param  ditContentRule    The DIT content rule to validate
   *                           against this entry.
   * @param  structuralPolicy  The policy that should be used for
   *                           structural object class compliance.
   * @param  invalidReason     A buffer into which an invalid reason
   *                           may be added.
   *
   * @return {@code true} if this entry passes all of the checks, or
   *         {@code false} if there are any failures.
   */
  private boolean checkDITContentRule(DITContentRule ditContentRule,
                       AcceptRejectWarn structuralPolicy,
                       LocalizableMessageBuilder invalidReason)
  {
    // Make sure that all of the required attributes are present.
    for (AttributeType t : ditContentRule.getRequiredAttributes())
    {
      if (!userAttributes.containsKey(t)
          && !operationalAttributes.containsKey(t)
          && !t.isObjectClass())
      {
        LocalizableMessage message =
                ERR_ENTRY_SCHEMA_MISSING_REQUIRED_ATTR_FOR_DCR.get(
                  dn,
                  t.getNameOrOID(),
                  ditContentRule.getNameOrOID());

        if (structuralPolicy == AcceptRejectWarn.REJECT)
        {
          invalidReason.append(message);
          return false;
        }
        else if (structuralPolicy == AcceptRejectWarn.WARN)
        {
          logger.error(message);
        }
      }
    }

    // Make sure that none of the prohibited attributes are present.
    for (AttributeType t : ditContentRule.getProhibitedAttributes())
    {
      if (userAttributes.containsKey(t) ||
          operationalAttributes.containsKey(t))
      {
        LocalizableMessage message =
                ERR_ENTRY_SCHEMA_PROHIBITED_ATTR_FOR_DCR.get(
                  dn,
                  t.getNameOrOID(),
                  ditContentRule.getNameOrOID());

        if (structuralPolicy == AcceptRejectWarn.REJECT)
        {
          invalidReason.append(message);
          return false;
        }
        else if (structuralPolicy == AcceptRejectWarn.WARN)
        {
          logger.error(message);
        }
      }
    }

    // If we've gotten here, then things are OK.
    return true;
  }



  /**
   * Performs any processing needed for DIT structure rule validation.
   *
   * @param  ditStructureRule        The DIT structure rule for this
   *                                 entry.
   * @param  structuralClass         The structural object class for
   *                                 this entry.
   * @param  parentEntry             The parent entry, if available
   *                                 and applicable.
   * @param  parentProvided          Indicates whether the parent
   *                                 entry was provided.
   * @param  validateStructureRules  Indicates whether to check to see
   *                                 if this entry violates a DIT
   *                                 structure rule for its parent.
   * @param  structuralPolicy        The policy that should be used
   *                                 for structural object class
   *                                 compliance.
   * @param  invalidReason           A buffer into which an invalid
   *                                 reason may be added.
   *
   * @return {@code true} if this entry passes all of the checks, or
   *         {@code false} if there are any failures.
   */
  private boolean checkDITStructureRule(
                       DITStructureRule ditStructureRule,
                       ObjectClass structuralClass,
                       Entry parentEntry, boolean parentProvided,
                       boolean validateStructureRules,
                       AcceptRejectWarn structuralPolicy,
                       LocalizableMessageBuilder invalidReason)
  {
    // If there is a DIT structure rule for this entry, then make sure
    // that the entry is in compliance with it.
    if (ditStructureRule != null && ditStructureRule.hasSuperiorRules())
    {
      if (parentProvided)
      {
        if (parentEntry != null)
        {
          boolean dsrValid =
               validateDITStructureRule(ditStructureRule,
                                        structuralClass, parentEntry,
                                        structuralPolicy,
                                        invalidReason);
          if (! dsrValid)
          {
            return false;
          }
        }
      }
      else
      {
        // Get the DN of the parent entry if possible.
        DN parentDN = dn.getParentDNInSuffix();
        if (parentDN != null)
        {
          try
          {
            parentEntry = DirectoryServer.getEntry(parentDN);
            if (parentEntry == null)
            {
              LocalizableMessage message = ERR_ENTRY_SCHEMA_DSR_NO_PARENT_ENTRY.get(dn, parentDN);

              if (structuralPolicy == AcceptRejectWarn.REJECT)
              {
                invalidReason.append(message);
                return false;
              }
              else if (structuralPolicy == AcceptRejectWarn.WARN)
              {
                logger.error(message);
              }
            }
            else
            {
              boolean dsrValid =
                   validateDITStructureRule(ditStructureRule,
                                            structuralClass,
                                            parentEntry,
                                            structuralPolicy,
                                            invalidReason);
              if (! dsrValid)
              {
                return false;
              }
            }
          }
          catch (Exception e)
          {
            logger.traceException(e);

            LocalizableMessage message =
                 ERR_ENTRY_SCHEMA_COULD_NOT_CHECK_DSR.get(
                         dn,
                         ditStructureRule.getNameOrRuleID(),
                         getExceptionMessage(e));

            if (structuralPolicy == AcceptRejectWarn.REJECT)
            {
              invalidReason.append(message);
              return false;
            }
            else if (structuralPolicy == AcceptRejectWarn.WARN)
            {
              logger.error(message);
            }
          }
        }
      }
    }
    else if (validateStructureRules)
    {
      // There is no DIT structure rule for this entry, but there may
      // be one for the parent entry.  If there is such a rule for the
      // parent entry, then this entry will not be valid.
      boolean parentExists = false;
      ObjectClass parentStructuralClass = null;
      if (parentEntry != null)
      {
        parentExists = true;
        parentStructuralClass = parentEntry.getStructuralObjectClass();
      }
      else if (! parentProvided)
      {
        DN parentDN = getName().getParentDNInSuffix();
        if (parentDN != null)
        {
          try
          {
            parentEntry = DirectoryServer.getEntry(parentDN);
            if (parentEntry == null)
            {
              LocalizableMessage message =
                   ERR_ENTRY_SCHEMA_DSR_NO_PARENT_ENTRY.get(
                       dn, parentDN);

              if (structuralPolicy == AcceptRejectWarn.REJECT)
              {
                invalidReason.append(message);
                return false;
              }
              else if (structuralPolicy == AcceptRejectWarn.WARN)
              {
                logger.error(message);
              }
            }
            else
            {
              parentExists = true;
              parentStructuralClass = parentEntry.getStructuralObjectClass();
            }
          }
          catch (Exception e)
          {
            logger.traceException(e);

            LocalizableMessage message =
                 ERR_ENTRY_SCHEMA_COULD_NOT_CHECK_PARENT_DSR.get(
                     dn, getExceptionMessage(e));

            if (structuralPolicy == AcceptRejectWarn.REJECT)
            {
              invalidReason.append(message);
              return false;
            }
            else if (structuralPolicy == AcceptRejectWarn.WARN)
            {
              logger.error(message);
            }
          }
        }
      }

      if (parentExists)
      {
        if (parentStructuralClass == null)
        {
          LocalizableMessage message = ERR_ENTRY_SCHEMA_DSR_NO_PARENT_OC.get(
              dn, parentEntry.getName());

          if (structuralPolicy == AcceptRejectWarn.REJECT)
          {
            invalidReason.append(message);
            return false;
          }
          else if (structuralPolicy == AcceptRejectWarn.WARN)
          {
            logger.error(message);
          }
        }
        else
        {
          List<NameForm> allNFs =
               DirectoryServer.getNameForm(parentStructuralClass);
          if(allNFs != null)
          {
            for(NameForm parentNF : allNFs)
            {
              if (parentNF != null && !parentNF.isObsolete())
              {
                DITStructureRule parentDSR =
                     DirectoryServer.getDITStructureRule(parentNF);
                if (parentDSR != null && !parentDSR.isObsolete())
                {
                  LocalizableMessage message =
                       ERR_ENTRY_SCHEMA_VIOLATES_PARENT_DSR.get(dn, parentEntry.getName());

                  if (structuralPolicy == AcceptRejectWarn.REJECT)
                  {
                    invalidReason.append(message);
                    return false;
                  }
                  else if (structuralPolicy == AcceptRejectWarn.WARN)
                  {
                    logger.error(message);
                  }
                }
              }
            }
          }
        }
      }
    }

    // If we've gotten here, then things are OK.
    return true;
  }



  /**
   * Determines whether this entry is in conformance to the provided
   * DIT structure rule.
   *
   * @param  dsr               The DIT structure rule to use in the
   *                           determination.
   * @param  structuralClass   The structural objectclass for this
   *                           entry to use in the determination.
   * @param  parentEntry       The reference to the parent entry to
   *                           check.
   * @param  structuralPolicy  The policy that should be used around
   *                           enforcement of DIT structure rules.
   * @param  invalidReason     The buffer to which the invalid reason
   *                           should be appended if a problem is
   *                           found.
   *
   * @return  <CODE>true</CODE> if this entry conforms to the provided
   *          DIT structure rule, or <CODE>false</CODE> if not.
   */
  private boolean validateDITStructureRule(DITStructureRule dsr,
                       ObjectClass structuralClass, Entry parentEntry,
                       AcceptRejectWarn structuralPolicy,
                       LocalizableMessageBuilder invalidReason)
  {
    ObjectClass oc = parentEntry.getStructuralObjectClass();
    if (oc == null)
    {
      LocalizableMessage message = ERR_ENTRY_SCHEMA_DSR_NO_PARENT_OC.get(
          dn, parentEntry.getName());

      if (structuralPolicy == AcceptRejectWarn.REJECT)
      {
        invalidReason.append(message);
        return false;
      }
      else if (structuralPolicy == AcceptRejectWarn.WARN)
      {
        logger.error(message);
      }
    }

    boolean matchFound = false;
    for (DITStructureRule dsr2 : dsr.getSuperiorRules())
    {
      if (dsr2.getStructuralClass().equals(oc))
      {
        matchFound = true;
      }
    }

    if (! matchFound)
    {
      LocalizableMessage message =
              ERR_ENTRY_SCHEMA_DSR_DISALLOWED_SUPERIOR_OC.get(
                dn,
                dsr.getNameOrRuleID(),
                structuralClass.getNameOrOID(),
                oc.getNameOrOID());

      if (structuralPolicy == AcceptRejectWarn.REJECT)
      {
        invalidReason.append(message);
        return false;
      }
      else if (structuralPolicy == AcceptRejectWarn.WARN)
      {
        logger.error(message);
      }
    }

    return true;
  }



  /**
   * Retrieves the attachment for this entry.
   *
   * @return  The attachment for this entry, or <CODE>null</CODE> if
   *          there is none.
   */
  public Object getAttachment()
  {
    return attachment;
  }



  /**
   * Specifies the attachment for this entry.  This will replace any
   * existing attachment that might be defined.
   *
   * @param  attachment  The attachment for this entry, or
   *                     <CODE>null</CODE> if there should not be an
   *                     attachment.
   */
  public void setAttachment(Object attachment)
  {
    this.attachment = attachment;
  }



  /**
   * Creates a duplicate of this entry that may be altered without
   * impacting the information in this entry.
   *
   * @param  processVirtual  Indicates whether virtual attribute
   *                         processing should be performed for the
   *                         entry.
   *
   * @return  A duplicate of this entry that may be altered without
   *          impacting the information in this entry.
   */
  public Entry duplicate(boolean processVirtual)
  {
    Map<ObjectClass, String> objectClassesCopy = new HashMap<>(objectClasses);

    Map<AttributeType, List<Attribute>> userAttrsCopy = new HashMap<>(userAttributes.size());
    deepCopy(userAttributes, userAttrsCopy, false, false, false,
        true, false);

    Map<AttributeType, List<Attribute>> operationalAttrsCopy =
         new HashMap<>(operationalAttributes.size());
    deepCopy(operationalAttributes, operationalAttrsCopy, false,
        false, false, true, false);

    // Put back all the suppressed attributes where they belonged to.
    // Then hopefully processVirtualAttributes() will rebuild the suppressed
    // attribute list correctly.
    for (AttributeType t : suppressedAttributes.keySet())
    {
      List<Attribute> attrList = suppressedAttributes.get(t);
      if (t.isOperational())
      {
        operationalAttrsCopy.put(t, attrList);
      }
      else
      {
        userAttrsCopy.put(t, attrList);
      }
    }

    Entry e = new Entry(dn, objectClassesCopy, userAttrsCopy,
                        operationalAttrsCopy);
    if (processVirtual)
    {
      e.processVirtualAttributes();
    }
    return e;
  }



  /**
   * Performs a deep copy from the source map to the target map.
   * In this case, the attributes in the list will be duplicates
   * rather than re-using the same reference.
   *
   * @param source
   *          The source map from which to obtain the information.
   * @param target
   *          The target map into which to place the copied
   *          information.
   * @param omitValues
   *          Indicates whether to omit attribute values when
   *          processing.
   * @param omitEmpty
   *          Indicates whether to omit empty attributes when
   *          processing.
   * @param omitReal
   *          Indicates whether to exclude real attributes.
   * @param omitVirtual
   *          Indicates whether to exclude virtual attributes.
   * @param mergeDuplicates
   *          Indicates whether duplicate attributes should be merged.
   */
  private void deepCopy(Map<AttributeType,List<Attribute>> source,
                        Map<AttributeType,List<Attribute>> target,
                        boolean omitValues,
                        boolean omitEmpty,
                        boolean omitReal,
                        boolean omitVirtual,
                        boolean mergeDuplicates)
  {
    for (Map.Entry<AttributeType, List<Attribute>> mapEntry :
      source.entrySet())
    {
      AttributeType t = mapEntry.getKey();
      List<Attribute> sourceList = mapEntry.getValue();
      List<Attribute> targetList = new ArrayList<>(sourceList.size());

      for (Attribute a : sourceList)
      {
        if ((omitReal && a.isReal())
            || (omitVirtual && a.isVirtual())
            || (omitEmpty && a.isEmpty()))
        {
          continue;
        }

        if (omitValues)
        {
          a = Attributes.empty(a);
        }

        if (!targetList.isEmpty() && mergeDuplicates)
        {
          // Ensure that there is only one attribute with the same type and options.
          // This is not very efficient but will occur very rarely.
          boolean found = false;
          for (int i = 0; i < targetList.size(); i++)
          {
            Attribute otherAttribute = targetList.get(i);
            if (otherAttribute.optionsEqual(a.getOptions()))
            {
              targetList.set(i, Attributes.merge(a, otherAttribute));
              found = true;
            }
          }

          if (!found)
          {
            targetList.add(a);
          }
        }
        else
        {
          targetList.add(a);
        }
      }

      if (!targetList.isEmpty())
      {
        target.put(t, targetList);
      }
    }
  }



  /**
   * Indicates whether this entry meets the criteria to consider it a referral
   * (e.g., it contains the "referral" objectclass and a "ref" attribute).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it a referral, or <CODE>false</CODE> if not.
   */
  public boolean isReferral()
  {
    return hasObjectClassOrAttribute(OC_REFERRAL, ATTR_REFERRAL_URL);
  }

  /**
   * Returns whether the current entry has a specific object class or attribute.
   *
   * @param objectClassName
   *          the name of the object class to look for
   * @param attrTypeName
   *          the attribute type name of the object class to look for
   * @return true if the current entry has the object class or the attribute,
   *         false otherwise
   */
  private boolean hasObjectClassOrAttribute(String objectClassName,
      String attrTypeName)
  {
    ObjectClass oc = DirectoryServer.getObjectClass(objectClassName);
    if (oc == null)
    {
      // This should not happen
      // The server doesn't have this objectclass defined.
      if (logger.isTraceEnabled())
      {
        logger.trace(
            "No %s objectclass is defined in the server schema.",
            objectClassName);
      }
      return containsObjectClassByName(objectClassName);
    }
    if (!objectClasses.containsKey(oc))
    {
      return false;
    }


    AttributeType attrType = DirectoryServer.getAttributeTypeOrNull(attrTypeName);
    if (attrType == null)
    {
      // This should not happen
      // The server doesn't have this attribute type defined.
      if (logger.isTraceEnabled())
      {
        logger.trace("No %s attribute type is defined in the server schema.", attrTypeName);
      }
      return false;
    }
    return userAttributes.containsKey(attrType)
        || operationalAttributes.containsKey(attrType);
  }

  /**
   * Whether the object class name exists in the objectClass of this entry.
   *
   * @param objectClassName
   *          the name of the object class to look for
   * @return true if the object class name exists in the objectClass of this
   *         entry, false otherwise
   */
  private boolean containsObjectClassByName(String objectClassName)
  {
    for (String ocName : objectClasses.values())
    {
      if (objectClassName.equalsIgnoreCase(ocName))
      {
        return true;
      }
    }
    return false;
  }

  /**
   * Retrieves the set of referral URLs that are included in this
   * referral entry.  This should only be called if
   * <CODE>isReferral()</CODE> returns <CODE>true</CODE>.
   *
   * @return  The set of referral URLs that are included in this entry
   *          if it is a referral, or <CODE>null</CODE> if it is not a
   *          referral.
   */
  public Set<String> getReferralURLs()
  {
    AttributeType referralType = DirectoryServer.getAttributeTypeOrNull(ATTR_REFERRAL_URL);
    if (referralType == null)
    {
      // This should not happen -- The server doesn't have a ref attribute type defined.
      logger.trace("No %s attribute type is defined in the server schema.", ATTR_REFERRAL_URL);
      return null;
    }

    List<Attribute> refAttrs = userAttributes.get(referralType);
    if (refAttrs == null)
    {
      refAttrs = operationalAttributes.get(referralType);
      if (refAttrs == null)
      {
        return null;
      }
    }

    Set<String> referralURLs = new LinkedHashSet<>();
    for (Attribute a : refAttrs)
    {
      for (ByteString v : a)
      {
        referralURLs.add(v.toString());
      }
    }

    return referralURLs;
  }



  /**
   * Indicates whether this entry meets the criteria to consider it an
   * alias (e.g., it contains the "aliasObject" objectclass and a
   * "alias" attribute).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an alias, or <CODE>false</CODE> if not.
   */
  public boolean isAlias()
  {
    return hasObjectClassOrAttribute(OC_ALIAS, ATTR_ALIAS_DN);
  }



  /**
   * Retrieves the DN of the entry referenced by this alias entry.
   * This should only be called if <CODE>isAlias()</CODE> returns
   * <CODE>true</CODE>.
   *
   * @return  The DN of the entry referenced by this alias entry, or
   *          <CODE>null</CODE> if it is not an alias.
   *
   * @throws  DirectoryException  If there is an aliasedObjectName
   *                              attribute but its value cannot be
   *                              parsed as a DN.
   */
  public DN getAliasedDN() throws DirectoryException
  {
    AttributeType aliasType = DirectoryServer.getAttributeTypeOrNull(ATTR_REFERRAL_URL);
    if (aliasType == null)
    {
      // This should not happen -- The server doesn't have an aliasedObjectName attribute type defined.
      logger.trace("No %s attribute type is defined in the server schema.", ATTR_ALIAS_DN);
      return null;
    }

    List<Attribute> aliasAttrs = userAttributes.get(aliasType);
    if (aliasAttrs == null)
    {
      aliasAttrs = operationalAttributes.get(aliasType);
      if (aliasAttrs == null)
      {
        return null;
      }
    }

    if (!aliasAttrs.isEmpty())
    {
      // There should only be a single alias attribute in an entry,
      // and we'll skip the check for others for performance reasons.
      // We would just end up taking the first one anyway. The same
      // is true with the set of values, since it should be a
      // single-valued attribute.
      Attribute aliasAttr = aliasAttrs.get(0);
      if (!aliasAttr.isEmpty())
      {
        return DN.valueOf(aliasAttr.iterator().next().toString());
      }
    }
    return null;
  }



  /**
   * Indicates whether this entry meets the criteria to consider it an
   * LDAP subentry (i.e., it contains the "ldapSubentry" objectclass).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an LDAP subentry, or <CODE>false</CODE> if
   *          not.
   */
  public boolean isLDAPSubentry()
  {
    return hasObjectClass(OC_LDAP_SUBENTRY_LC);
  }

  /**
   * Returns whether the current entry has a specific object class.
   *
   * @param objectClassLowerCase
   *          the lowercase name of the object class to look for
   * @return true if the current entry has the object class, false otherwise
   */
  private boolean hasObjectClass(String objectClassLowerCase)
  {
    ObjectClass oc = DirectoryServer.getObjectClass(objectClassLowerCase);
    if (oc == null)
    {
      // This should not happen
      // The server doesn't have this object class defined.
      if (logger.isTraceEnabled())
      {
        logger.trace(
            "No %s objectclass is defined in the server schema.",
            objectClassLowerCase);
      }
      return containsObjectClassByName(objectClassLowerCase);
    }

    // Make the determination based on whether this entry has this objectclass.
    return objectClasses.containsKey(oc);
  }



  /**
   * Indicates whether this entry meets the criteria to consider it
   * an RFC 3672 LDAP subentry (i.e., it contains the "subentry"
   * objectclass).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an RFC 3672 LDAP subentry, or <CODE>false
   *          </CODE> if not.
   */
  public boolean isSubentry()
  {
    return hasObjectClass(OC_SUBENTRY);
  }



  /**
   * Indicates whether the entry meets the criteria to consider it an
   * RFC 3671 LDAP collective attributes subentry (i.e., it contains
   * the "collectiveAttributeSubentry" objectclass).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an RFC 3671 LDAP collective attributes
   *          subentry, or <CODE>false</CODE> if not.
   */
  public boolean isCollectiveAttributeSubentry()
  {
    return hasObjectClass(OC_COLLECTIVE_ATTR_SUBENTRY_LC);
  }



  /**
   * Indicates whether the entry meets the criteria to consider it an
   * inherited collective attributes subentry (i.e., it contains
   * the "inheritedCollectiveAttributeSubentry" objectclass).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an inherited collective attributes
   *          subentry, or <CODE>false</CODE> if not.
   */
  public boolean isInheritedCollectiveAttributeSubentry()
  {
    return hasObjectClass(OC_INHERITED_COLLECTIVE_ATTR_SUBENTRY_LC);
  }



  /**
   * Indicates whether the entry meets the criteria to consider it an inherited
   * from DN collective attributes subentry (i.e., it contains the
   * "inheritedFromDNCollectiveAttributeSubentry" objectclass).
   *
   * @return <CODE>true</CODE> if this entry meets the criteria to consider it
   *         an inherited from DN collective attributes subentry, or
   *         <CODE>false</CODE> if not.
   */
  public boolean isInheritedFromDNCollectiveAttributeSubentry()
  {
    return hasObjectClass(OC_INHERITED_FROM_DN_COLLECTIVE_ATTR_SUBENTRY_LC);
  }



  /**
   * Indicates whether the entry meets the criteria to consider it
   * an inherited from RDN collective attributes subentry (i.e.,
   * it contains the "inheritedFromRDNCollectiveAttributeSubentry"
   * objectclass).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it an inherited from RDN collective attributes
   *          subentry, or <CODE>false</CODE> if not.
   */
  public boolean isInheritedFromRDNCollectiveAttributeSubentry()
  {
    return hasObjectClass(OC_INHERITED_FROM_RDN_COLLECTIVE_ATTR_SUBENTRY_LC);
  }



  /**
   * Indicates whether the entry meets the criteria to consider it a
   * LDAP password policy subentry (i.e., it contains the "pwdPolicy"
   * objectclass of LDAP Password Policy Internet-Draft).
   *
   * @return  <CODE>true</CODE> if this entry meets the criteria to
   *          consider it a LDAP Password Policy Internet-Draft
   *          subentry, or <CODE>false</CODE> if not.
   */
  public boolean isPasswordPolicySubentry()
  {
    return hasObjectClass(OC_PWD_POLICY_SUBENTRY_LC);
  }



  /**
   * Indicates whether this entry falls within the range of the
   * provided search base DN and scope.
   *
   * @param  baseDN  The base DN for which to make the determination.
   * @param  scope   The search scope for which to make the
   *                 determination.
   *
   * @return  <CODE>true</CODE> if this entry is within the given
   *          base and scope, or <CODE>false</CODE> if it is not.
   */
  public boolean matchesBaseAndScope(DN baseDN, SearchScope scope)
  {
    return dn.matchesBaseAndScope(baseDN, scope);
  }



  /**
   * Performs any necessary collective attribute processing for this
   * entry.  This should only be called at the time the entry is
   * decoded or created within the backend.
   */
  private void processCollectiveAttributes()
  {
    if (isSubentry() || isLDAPSubentry())
    {
      return;
    }

    SubentryManager manager =
            DirectoryServer.getSubentryManager();
    if(manager == null)
    {
      //Subentry manager may not have been initialized by
      //a component that doesn't require it.
      return;
    }
    // Get applicable collective subentries.
    List<SubEntry> collectiveAttrSubentries =
            manager.getCollectiveSubentries(this);

    if (collectiveAttrSubentries == null || collectiveAttrSubentries.isEmpty())
    {
      // Nothing to see here, move along.
      return;
    }

    // Get collective attribute exclusions.
    AttributeType exclusionsType = DirectoryServer.getAttributeTypeOrNull(ATTR_COLLECTIVE_EXCLUSIONS_LC);
    List<Attribute> exclusionsAttrList = operationalAttributes.get(exclusionsType);
    Set<String> exclusionsNameSet = new HashSet<>();
    if (exclusionsAttrList != null && !exclusionsAttrList.isEmpty())
    {
      for (Attribute attr : exclusionsAttrList)
      {
        for (ByteString attrValue : attr)
        {
          String exclusionsName = attrValue.toString().toLowerCase();
          if (VALUE_COLLECTIVE_EXCLUSIONS_EXCLUDE_ALL_LC.equals(exclusionsName)
              || OID_COLLECTIVE_EXCLUSIONS_EXCLUDE_ALL.equals(exclusionsName))
          {
            return;
          }
          exclusionsNameSet.add(exclusionsName);
        }
      }
    }

    // Process collective attributes.
    for (SubEntry subEntry : collectiveAttrSubentries)
    {
      if (subEntry.isCollective() || subEntry.isInheritedCollective())
      {
        Entry inheritFromEntry = null;
        if (subEntry.isInheritedCollective())
        {
          if (subEntry.isInheritedFromDNCollective() &&
              hasAttribute(subEntry.getInheritFromDNType()))
          {
            try
            {
              DN inheritFromDN = null;
              for (Attribute attr : getAttribute(
                   subEntry.getInheritFromDNType()))
              {
                for (ByteString value : attr)
                {
                  inheritFromDN = DN.decode(value);
                  // Respect subentry root scope.
                  if (!inheritFromDN.isDescendantOf(
                       subEntry.getDN().parent()))
                  {
                    inheritFromDN = null;
                  }
                  break;
                }
              }
              if (inheritFromDN == null)
              {
                continue;
              }

              // TODO : ACI check; needs re-factoring to happen.
              inheritFromEntry = DirectoryServer.getEntry(inheritFromDN);
            }
            catch (DirectoryException de)
            {
              logger.traceException(de);
            }
          }
          else if (subEntry.isInheritedFromRDNCollective() &&
                   hasAttribute(subEntry.getInheritFromRDNAttrType()))
          {
            DN inheritFromDN = subEntry.getInheritFromBaseDN();
            if (inheritFromDN != null)
            {
              try
              {
                for (Attribute attr : getAttribute(
                   subEntry.getInheritFromRDNAttrType()))
                {
                  inheritFromDN = subEntry.getInheritFromBaseDN();
                  for (ByteString value : attr)
                  {
                    inheritFromDN = inheritFromDN.child(
                        RDN.create(subEntry.getInheritFromRDNType(),
                        value));
                    break;
                  }
                }

                // TODO : ACI check; needs re-factoring to happen.
                inheritFromEntry = DirectoryServer.getEntry(inheritFromDN);
              }
              catch (DirectoryException de)
              {
                logger.traceException(de);
              }
            }
            else
            {
              continue;
            }
          }
        }
        List<Attribute> collectiveAttrList = subEntry.getCollectiveAttributes();
        for (Attribute collectiveAttr : collectiveAttrList)
        {
          AttributeType attributeType = collectiveAttr.getAttributeType();
          if (exclusionsNameSet.contains(
                  attributeType.getNormalizedPrimaryNameOrOID()))
          {
            continue;
          }
          if (subEntry.isInheritedCollective())
          {
            if (inheritFromEntry != null)
            {
              collectiveAttr = inheritFromEntry.getExactAttribute(
                      collectiveAttr.getAttributeType(),
                      collectiveAttr.getOptions());
              if (collectiveAttr == null || collectiveAttr.isEmpty())
              {
                continue;
              }
              collectiveAttr = new CollectiveVirtualAttribute(collectiveAttr);
            }
            else
            {
              continue;
            }
          }
          List<Attribute> attrList = userAttributes.get(attributeType);
          if (attrList == null || attrList.isEmpty())
          {
            attrList = operationalAttributes.get(attributeType);
            if (attrList == null || attrList.isEmpty())
            {
              // There aren't any conflicts, so we can just add the attribute to the entry.
              putAttributes(attributeType, newLinkedList(collectiveAttr));
            }
            else
            {
              // There is a conflict with an existing operational attribute.
              resolveCollectiveConflict(subEntry.getConflictBehavior(),
                  collectiveAttr, attrList, operationalAttributes, attributeType);
            }
          }
          else
          {
            // There is a conflict with an existing user attribute.
            resolveCollectiveConflict(subEntry.getConflictBehavior(),
                collectiveAttr, attrList, userAttributes, attributeType);
          }
        }
      }
    }
  }

  private ByteString normalize(MatchingRule matchingRule, ByteString value)
      throws DirectoryException
  {
    try
    {
      return matchingRule.normalizeAttributeValue(value);
    }
    catch (DecodeException e)
    {
      throw new DirectoryException(ResultCode.INVALID_ATTRIBUTE_SYNTAX,
          e.getMessageObject(), e);
    }
  }

  /**
   * Resolves a conflict arising with a collective attribute.
   *
   * @param conflictBehavior
   *          the behavior of the conflict
   * @param collectiveAttr
   *          the attribute in conflict
   * @param attrList
   *          the List of attribute where to resolve the conflict
   * @param attributes
   *          the Map of attributes where to solve the conflict
   * @param attributeType
   *          the attribute type used with the Map
   */
  private void resolveCollectiveConflict(
      CollectiveConflictBehavior conflictBehavior, Attribute collectiveAttr,
      List<Attribute> attrList, Map<AttributeType, List<Attribute>> attributes,
      AttributeType attributeType)
  {
    if (attrList.get(0).isVirtual())
    {
      // The existing attribute is already virtual,
      // so we've got a different conflict, but we'll let the first win.
      // FIXME -- Should we handle this differently?
      return;
    }

    // The conflict is with a real attribute. See what the
    // conflict behavior is and figure out how to handle it.
    switch (conflictBehavior)
    {
    case REAL_OVERRIDES_VIRTUAL:
      // We don't need to update the entry because the real attribute will take
      // precedence.
      break;

    case VIRTUAL_OVERRIDES_REAL:
      // We need to move the real attribute to the suppressed list
      // and replace it with the virtual attribute.
      suppressedAttributes.put(attributeType, attrList);
      attributes.put(attributeType, newLinkedList(collectiveAttr));
      break;

    case MERGE_REAL_AND_VIRTUAL:
      // We need to add the virtual attribute to the
      // list and keep the existing real attribute(s).
      attrList.add(collectiveAttr);
      break;
    }
  }



  /**
   * Performs any necessary virtual attribute processing for this
   * entry.  This should only be called at the time the entry is
   * decoded or created within the backend.
   */
  public void processVirtualAttributes()
  {
    for (VirtualAttributeRule rule : DirectoryServer.getVirtualAttributes(this))
    {
      AttributeType attributeType = rule.getAttributeType();
      List<Attribute> attrList = userAttributes.get(attributeType);
      if (attrList == null || attrList.isEmpty())
      {
        attrList = operationalAttributes.get(attributeType);
        if (attrList == null || attrList.isEmpty())
        {
          // There aren't any conflicts, so we can just add the attribute to the entry.
          Attribute attr = new VirtualAttribute(attributeType, this, rule);
          putAttributes(attributeType, newLinkedList(attr));
        }
        else
        {
          // There is a conflict with an existing operational attribute.
          resolveVirtualConflict(rule, attrList, operationalAttributes, attributeType);
        }
      }
      else
      {
        // There is a conflict with an existing user attribute.
        resolveVirtualConflict(rule, attrList, userAttributes, attributeType);
      }
    }

    // Collective attributes.
    processCollectiveAttributes();
  }

  /**
   * Resolves a conflict arising with a virtual attribute.
   *
   * @param rule
   *          the VirtualAttributeRule in conflict
   * @param attrList
   *          the List of attribute where to resolve the conflict
   * @param attributes
   *          the Map of attribute where to resolve the conflict
   * @param attributeType
   *          the attribute type used with the Map
   */
  private void resolveVirtualConflict(VirtualAttributeRule rule,
      List<Attribute> attrList, Map<AttributeType, List<Attribute>> attributes,
      AttributeType attributeType)
  {
    if (attrList.get(0).isVirtual())
    {
      // The existing attribute is already virtual, so we've got
      // a different conflict, but we'll let the first win.
      // FIXME -- Should we handle this differently?
      return;
    }

    // The conflict is with a real attribute. See what the
    // conflict behavior is and figure out how to handle it.
    switch (rule.getConflictBehavior())
    {
    case REAL_OVERRIDES_VIRTUAL:
      // We don't need to update the entry because the real
      // attribute will take precedence.
      break;

    case VIRTUAL_OVERRIDES_REAL:
      // We need to move the real attribute to the suppressed
      // list and replace it with the virtual attribute.
      suppressedAttributes.put(attributeType, attrList);
      Attribute attr = new VirtualAttribute(attributeType, this, rule);
      attributes.put(attributeType, newLinkedList(attr));
      break;

    case MERGE_REAL_AND_VIRTUAL:
      // We need to add the virtual attribute to the list and
      // keep the existing real attribute(s).
      attrList.add(new VirtualAttribute(attributeType, this, rule));
      break;
    }
  }


  /**
   * Encodes this entry into a form that is suitable for long-term
   * persistent storage.  The encoding will have a version number so
   * that if the way we store entries changes in the future we will
   * still be able to read entries encoded in an older format.
   *
   * @param  buffer  The buffer to encode into.
   * @param  config  The configuration that may be used to control how
   *                 the entry is encoded.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to encode the entry.
   */
  public void encode(ByteStringBuilder buffer,
                     EntryEncodeConfig config)
         throws DirectoryException
  {
    encodeV3(buffer, config);
  }

  /**
   * Encodes this entry using the V3 encoding.
   *
   * @param  buffer  The buffer to encode into.
   * @param  config  The configuration that should be used to encode
   *                 the entry.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to encode the entry.
   */
  private void encodeV3(ByteStringBuilder buffer,
                        EntryEncodeConfig config)
         throws DirectoryException
  {
    // The version number will be one byte.
    buffer.appendByte(0x03);

    // Get the encoded representation of the config.
    config.encode(buffer);

    // If we should include the DN, then it will be encoded as a
    // one-to-five byte length followed by the UTF-8 byte
    // representation.
    if (! config.excludeDN())
    {
      // TODO: Can we encode the DN directly into buffer?
      byte[] dnBytes  = getBytes(dn.toString());
      buffer.appendBERLength(dnBytes.length);
      buffer.appendBytes(dnBytes);
    }


    // Encode the object classes in the appropriate manner.
    if (config.compressObjectClassSets())
    {
      config.getCompressedSchema().encodeObjectClasses(buffer, objectClasses);
    }
    else
    {
      // Encode number of OCs and 0 terminated names.
      buffer.appendBERLength(objectClasses.size());
      for (String ocName : objectClasses.values())
      {
        buffer.appendUtf8(ocName);
        buffer.appendByte(0x00);
      }
    }


    // Encode the user attributes in the appropriate manner.
    encodeAttributes(buffer, userAttributes, config);


    // The operational attributes will be encoded in the same way as
    // the user attributes.
    encodeAttributes(buffer, operationalAttributes, config);
  }

  /**
   * Encode the given attributes of an entry.
   *
   * @param  buffer  The buffer to encode into.
   * @param  attributes The attributes to encode.
   * @param  config  The configuration that may be used to control how
   *                 the entry is encoded.
   *
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to encode the entry.
   */
  private void encodeAttributes(ByteStringBuilder buffer,
                    Map<AttributeType,List<Attribute>> attributes,
                                EntryEncodeConfig config)
      throws DirectoryException
  {
    int numAttributes = 0;

    // First count how many attributes are there to encode.
    for (List<Attribute> attrList : attributes.values())
    {
      Attribute a;
      for (int i = 0; i < attrList.size(); i++)
      {
        a = attrList.get(i);
        if (a.isVirtual() || a.isEmpty())
        {
          continue;
        }

        numAttributes++;
      }
    }

    // Encoded one-to-five byte number of attributes
    buffer.appendBERLength(numAttributes);

    if (config.compressAttributeDescriptions())
    {
      for (List<Attribute> attrList : attributes.values())
      {
        for (Attribute a : attrList)
        {
          if (a.isVirtual() || a.isEmpty())
          {
            continue;
          }

          config.getCompressedSchema().encodeAttribute(buffer, a);
        }
      }
    }
    else
    {
      // The attributes will be encoded as a sequence of:
      // - A UTF-8 byte representation of the attribute name.
      // - A zero delimiter
      // - A one-to-five byte number of values for the attribute
      // - A sequence of:
      //   - A one-to-five byte length for the value
      //   - A UTF-8 byte representation for the value
      for (List<Attribute> attrList : attributes.values())
      {
        for (Attribute a : attrList)
        {
          byte[] nameBytes = getBytes(a.getNameWithOptions());
          buffer.appendBytes(nameBytes);
          buffer.appendByte(0x00);

          buffer.appendBERLength(a.size());
          for(ByteString v : a)
          {
            buffer.appendBERLength(v.length());
            buffer.appendBytes(v);
          }
        }
      }
    }
  }


  /**
   * Decodes the provided byte array as an entry.
   *
   * @param  entryBuffer  The byte array containing the data to be
   *                      decoded.
   *
   * @return  The decoded entry.
   *
   * @throws  DirectoryException  If the provided byte array cannot be
   *                              decoded as an entry.
   */
  public static Entry decode(ByteSequenceReader entryBuffer)
         throws DirectoryException
  {
    return decode(entryBuffer,
                  DirectoryServer.getDefaultCompressedSchema());
  }



    /**
   * Decodes the provided byte array as an entry using the V3
   * encoding.
   *
   * @param  entryBuffer       The byte buffer containing the data to
   *                           be decoded.
   * @param  compressedSchema  The compressed schema manager to use
   *                           when decoding tokenized schema
   *                           elements.
   *
   * @return  The decoded entry.
   *
   * @throws  DirectoryException  If the provided byte array cannot be
   *                              decoded as an entry.
   */
  public static Entry decode(ByteSequenceReader entryBuffer,
                             CompressedSchema compressedSchema)
         throws DirectoryException
  {
    try
    {
      // The first byte must be the entry version.  If it's not one
      // we recognize, then that's an error.
      Byte version = entryBuffer.readByte();
      if (version != 0x03 && version != 0x02 && version != 0x01)
      {
        LocalizableMessage message = ERR_ENTRY_DECODE_UNRECOGNIZED_VERSION.get(
            byteToHex(version));
        throw new DirectoryException(
                       DirectoryServer.getServerErrorResultCode(),
                       message);
      }

      EntryEncodeConfig config;
      if(version != 0x01)
      {
        // Next is the length of the encoded configuration.
        int configLength = entryBuffer.readBERLength();

        // Next is the encoded configuration itself.
        config =
            EntryEncodeConfig.decode(entryBuffer, configLength,
                compressedSchema);
      }
      else
      {
        config = EntryEncodeConfig.DEFAULT_CONFIG;
      }

      // If we should have included the DN in the entry, then it's
      // next.
      DN dn;
      if (config.excludeDN())
      {
        dn = DN.NULL_DN;
      }
      else
      {
        // Next is the length of the DN.  It may be a single byte or
        // multiple bytes.
        int dnLength = entryBuffer.readBERLength();


        // Next is the DN itself.
        ByteSequence dnBytes = entryBuffer.readByteSequence(dnLength);
        dn = DN.decode(dnBytes.toByteString());
      }


      // Next is the set of encoded object classes.  The encoding will
      // depend on the configuration.
      Map<ObjectClass,String> objectClasses =
          decodeObjectClasses(version, entryBuffer, config);


      // Now, we should iterate through the user and operational attributes and
      // decode each one.
      Map<AttributeType, List<Attribute>> userAttributes =
          decodeAttributes(version, entryBuffer, config);
      Map<AttributeType, List<Attribute>> operationalAttributes =
          decodeAttributes(version, entryBuffer, config);


      // We've got everything that we need, so create and return the entry.
      return new Entry(dn, objectClasses, userAttributes,
          operationalAttributes);
    }
    catch (DirectoryException de)
    {
      throw de;
    }
    catch (Exception e)
    {
      logger.traceException(e);

      LocalizableMessage message =
          ERR_ENTRY_DECODE_EXCEPTION.get(getExceptionMessage(e));
      throw new DirectoryException(
                     DirectoryServer.getServerErrorResultCode(),
                     message, e);
    }
  }


  /**
   * Decode the object classes of an encoded entry.
   *
   * @param  ver The version of the entry encoding.
   * @param  entryBuffer The byte sequence containing the encoded
   *                     entry.
   * @param  config  The configuration that may be used to control how
   *                 the entry is encoded.
   *
   * @return  A map of the decoded object classes.
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to encode the entry.
   */
  private static Map<ObjectClass,String> decodeObjectClasses(
      byte ver, ByteSequenceReader entryBuffer,
      EntryEncodeConfig config) throws DirectoryException
  {
    // Next is the set of encoded object classes.  The encoding will
    // depend on the configuration.
    if (config.compressObjectClassSets())
    {
      return config.getCompressedSchema().decodeObjectClasses(entryBuffer);
    }

    Map<ObjectClass, String> objectClasses;
    {
      if(ver < 0x03)
      {
        // Next is the length of the object classes. It may be a
        // single byte or multiple bytes.
        int ocLength = entryBuffer.readBERLength();

        // The set of object classes will be encoded as a single
        // string with the object class names separated by zeros.
        objectClasses = new LinkedHashMap<>();
        int startPos = entryBuffer.position();
        for (int i=0; i < ocLength; i++)
        {
          if (entryBuffer.readByte() == 0x00)
          {
            int endPos = entryBuffer.position() - 1;
            addObjectClass(objectClasses, entryBuffer, startPos, endPos);

            entryBuffer.skip(1);
            startPos = entryBuffer.position();
          }
        }
        int endPos = entryBuffer.position();
        addObjectClass(objectClasses, entryBuffer, startPos, endPos);
      }
      else
      {
        // Next is the number of zero terminated object classes.
        int numOC = entryBuffer.readBERLength();
        objectClasses = new LinkedHashMap<>(numOC);
        for(int i = 0; i < numOC; i++)
        {
          int startPos = entryBuffer.position();
          while(entryBuffer.readByte() != 0x00)
          {}
          int endPos = entryBuffer.position() - 1;
          addObjectClass(objectClasses, entryBuffer, startPos, endPos);
          entryBuffer.skip(1);
        }
      }
    }

    return objectClasses;
  }

  /**
   * Adds the objectClass contained in the buffer to the map of object class.
   *
   * @param objectClasses
   *          the Map where to add the objectClass
   * @param entryBuffer
   *          the buffer containing the objectClass name
   * @param startPos
   *          the starting position in the buffer
   * @param endPos
   *          the ending position in the buffer
   */
  private static void addObjectClass(Map<ObjectClass, String> objectClasses,
      ByteSequenceReader entryBuffer, int startPos, int endPos)
  {
    entryBuffer.position(startPos);
    final String ocName = entryBuffer.readStringUtf8(endPos - startPos);
    final String lowerName = toLowerCase(ocName);
    final ObjectClass oc = DirectoryServer.getObjectClass(lowerName, true);
    objectClasses.put(oc, ocName);
  }

  /**
   * Decode the attributes of an encoded entry.
   *
   * @param  ver The version of the entry encoding.
   * @param  entryBuffer The byte sequence containing the encoded
   *                     entry.
   * @param  config  The configuration that may be used to control how
   *                 the entry is encoded.
   *
   * @return  A map of the decoded object classes.
   * @throws  DirectoryException  If a problem occurs while attempting
   *                              to encode the entry.
   */
  private static Map<AttributeType, List<Attribute>>
  decodeAttributes(Byte ver, ByteSequenceReader entryBuffer,
                   EntryEncodeConfig config) throws DirectoryException
  {
    // Next is the total number of attributes.  It may be a
    // single byte or multiple bytes.
    int attrs = entryBuffer.readBERLength();


    // Now, we should iterate through the attributes and decode each one.
    Map<AttributeType, List<Attribute>> attributes = new LinkedHashMap<>(attrs);
    if (config.compressAttributeDescriptions())
    {
      for (int i=0; i < attrs; i++)
      {
        if(ver < 0x03)
        {
          // Version 2 includes a total attribute length
          entryBuffer.readBERLength();
        }
        // Decode the attribute.
        Attribute a = config.getCompressedSchema().decodeAttribute(entryBuffer);
        List<Attribute> attrList = attributes.get(a.getAttributeType());
        if (attrList == null)
        {
          attrList = new ArrayList<>(1);
          attributes.put(a.getAttributeType(), attrList);
        }
        attrList.add(a);
      }
    }
    else
    {
      AttributeBuilder builder = new AttributeBuilder();
      int startPos;
      int endPos;
      for (int i=0; i < attrs; i++)
      {

        // First, we have the zero-terminated attribute name.
        startPos = entryBuffer.position();
        while (entryBuffer.readByte() != 0x00)
        {}
        endPos = entryBuffer.position()-1;
        entryBuffer.position(startPos);
        String name = entryBuffer.readStringUtf8(endPos - startPos);
        entryBuffer.skip(1);

        AttributeType attributeType;
        int semicolonPos = name.indexOf(';');
        if (semicolonPos > 0)
        {
          builder.setAttributeType(name.substring(0, semicolonPos));
          attributeType = builder.getAttributeType();

          int nextPos = name.indexOf(';', semicolonPos+1);
          while (nextPos > 0)
          {
            String option = name.substring(semicolonPos+1, nextPos);
            if (option.length() > 0)
            {
              builder.setOption(option);
            }

            semicolonPos = nextPos;
            nextPos = name.indexOf(';', semicolonPos+1);
          }

          String option = name.substring(semicolonPos+1);
          if (option.length() > 0)
          {
            builder.setOption(option);
          }
        }
        else
        {
          builder.setAttributeType(name);
          attributeType = builder.getAttributeType();
        }


        // Next, we have the number of values.
        int numValues = entryBuffer.readBERLength();

        // Next, we have the sequence of length-value pairs.
        for (int j=0; j < numValues; j++)
        {
          int valueLength = entryBuffer.readBERLength();

          ByteString valueBytes =
              entryBuffer.readByteSequence(valueLength).toByteString();
          builder.add(valueBytes);
        }


        // Create the attribute and add it to the set of attributes.
        Attribute a = builder.toAttribute();
        List<Attribute> attrList = attributes.get(attributeType);
        if (attrList == null)
        {
          attrList = new ArrayList<>(1);
          attributes.put(attributeType, attrList);
        }
        attrList.add(a);
      }
    }

    return attributes;
  }



  /**
   * Retrieves a list of the lines for this entry in LDIF form.  Long
   * lines will not be wrapped automatically.
   *
   * @return  A list of the lines for this entry in LDIF form.
   */
  public List<StringBuilder> toLDIF()
  {
    List<StringBuilder> ldifLines = new LinkedList<>();

    // First, append the DN.
    StringBuilder dnLine = new StringBuilder("dn");
    appendLDIFSeparatorAndValue(dnLine, ByteString.valueOfUtf8(dn.toString()));
    ldifLines.add(dnLine);

    // Next, add the set of objectclasses.
    for (String s : objectClasses.values())
    {
      StringBuilder ocLine = new StringBuilder("objectClass: ").append(s);
      ldifLines.add(ocLine);
    }

    // Finally, add the set of user and operational attributes.
    addLinesForAttributes(ldifLines, userAttributes);
    addLinesForAttributes(ldifLines, operationalAttributes);

    return ldifLines;
  }


  /**
   * Add LDIF lines for each passed in attributes.
   *
   * @param ldifLines
   *          the List where to add the LDIF lines
   * @param attributes
   *          the List of attributes to convert into LDIf lines
   */
  private void addLinesForAttributes(List<StringBuilder> ldifLines,
      Map<AttributeType, List<Attribute>> attributes)
  {
    for (List<Attribute> attrList : attributes.values())
    {
      for (Attribute a : attrList)
      {
        StringBuilder attrName = new StringBuilder(a.getName());
        for (String o : a.getOptions())
        {
          attrName.append(";");
          attrName.append(o);
        }

        for (ByteString v : a)
        {
          StringBuilder attrLine = new StringBuilder(attrName);
          appendLDIFSeparatorAndValue(attrLine, v);
          ldifLines.add(attrLine);
        }
      }
    }
  }


  /**
   * Writes this entry in LDIF form according to the provided
   * configuration.
   *
   * @param  exportConfig  The configuration that specifies how the
   *                       entry should be written.
   *
   * @return  <CODE>true</CODE> if the entry is actually written, or
   *          <CODE>false</CODE> if it is not for some reason.
   *
   * @throws  IOException  If a problem occurs while writing the
   *                       information.
   *
   * @throws  LDIFException  If a problem occurs while trying to
   *                         determine whether to write the entry.
   */
  public boolean toLDIF(LDIFExportConfig exportConfig)
         throws IOException, LDIFException
  {
    // See if this entry should be included in the export at all.
    try
    {
      if (! exportConfig.includeEntry(this))
      {
        if (logger.isTraceEnabled())
        {
          logger.trace("Skipping entry %s because of the export configuration.", dn);
        }
        return false;
      }
    }
    catch (Exception e)
    {
      logger.traceException(e);
      throw new LDIFException(ERR_LDIF_COULD_NOT_EVALUATE_FILTERS_FOR_EXPORT.get(dn, e), e);
    }


    // Invoke LDIF export plugins on the entry if appropriate.
    if (exportConfig.invokeExportPlugins())
    {
      PluginConfigManager pluginConfigManager =
           DirectoryServer.getPluginConfigManager();
      PluginResult.ImportLDIF pluginResult =
           pluginConfigManager.invokeLDIFExportPlugins(exportConfig,
                                                    this);
      if (! pluginResult.continueProcessing())
      {
        return false;
      }
    }


    // Get the information necessary to write the LDIF.
    BufferedWriter writer     = exportConfig.getWriter();
    int            wrapColumn = exportConfig.getWrapColumn();
    boolean        wrapLines  = wrapColumn > 1;


    // First, write the DN.  It will always be included.
    StringBuilder dnLine = new StringBuilder("dn");
    appendLDIFSeparatorAndValue(dnLine, ByteString.valueOfUtf8(dn.toString()));
    LDIFWriter.writeLDIFLine(dnLine, writer, wrapLines, wrapColumn);


    // Next, the set of objectclasses.
    final boolean typesOnly = exportConfig.typesOnly();
    if (exportConfig.includeObjectClasses())
    {
      if (typesOnly)
      {
        StringBuilder ocLine = new StringBuilder("objectClass:");
        LDIFWriter.writeLDIFLine(ocLine, writer, wrapLines, wrapColumn);
      }
      else
      {
        for (String s : objectClasses.values())
        {
          StringBuilder ocLine = new StringBuilder("objectClass: ").append(s);
          LDIFWriter.writeLDIFLine(ocLine, writer, wrapLines, wrapColumn);
        }
      }
    }
    else
    {
      if (logger.isTraceEnabled())
      {
        logger.trace("Skipping objectclasses for entry %s because of the export configuration.", dn);
      }
    }


    // Now the set of user attributes.
    writeLDIFLines(userAttributes, typesOnly, "user", exportConfig, writer,
        wrapColumn, wrapLines);


    // Next, the set of operational attributes.
    if (exportConfig.includeOperationalAttributes())
    {
      writeLDIFLines(operationalAttributes, typesOnly, "operational",
          exportConfig, writer, wrapColumn, wrapLines);
    }
    else
    {
      if (logger.isTraceEnabled())
      {
        logger.trace(
            "Skipping all operational attributes for entry %s " +
            "because of the export configuration.", dn);
      }
    }


    // If we are not supposed to include virtual attributes, then
    // write any attributes that may normally be suppressed by a
    // virtual attribute.
    if (! exportConfig.includeVirtualAttributes())
    {
      for (AttributeType t : suppressedAttributes.keySet())
      {
        if (exportConfig.includeAttribute(t))
        {
          for (Attribute a : suppressedAttributes.get(t))
          {
            writeLDIFLine(a, typesOnly, writer, wrapLines, wrapColumn);
          }
        }
      }
    }


    // Make sure there is a blank line after the entry.
    writer.newLine();


    return true;
  }


  /**
   * Writes the provided List of attributes to LDIF using the provided
   * information.
   *
   * @param attributes
   *          the List of attributes to write as LDIF
   * @param typesOnly
   *          if true, only writes the type information, else writes the type
   *          information and values for the attribute.
   * @param attributeType
   *          the type of attribute being written to LDIF
   * @param exportConfig
   *          configures the export to LDIF
   * @param writer
   *          The writer to which the data should be written. It must not be
   *          <CODE>null</CODE>.
   * @param wrapLines
   *          Indicates whether to wrap long lines.
   * @param wrapColumn
   *          The column at which long lines should be wrapped.
   * @throws IOException
   *           If a problem occurs while writing the information.
   */
  private void writeLDIFLines(Map<AttributeType, List<Attribute>> attributes,
      final boolean typesOnly, String attributeType,
      LDIFExportConfig exportConfig, BufferedWriter writer, int wrapColumn,
      boolean wrapLines) throws IOException
  {
    for (AttributeType attrType : attributes.keySet())
    {
      if (exportConfig.includeAttribute(attrType))
      {
        List<Attribute> attrList = attributes.get(attrType);
        for (Attribute a : attrList)
        {
          if (a.isVirtual() && !exportConfig.includeVirtualAttributes())
          {
            continue;
          }

          writeLDIFLine(a, typesOnly, writer, wrapLines, wrapColumn);
        }
      }
      else
      {
        if (logger.isTraceEnabled())
        {
          logger.trace("Skipping %s attribute %s for entry %s "
              + "because of the export configuration.", attributeType, attrType.getNameOrOID(), dn);
        }
      }
    }
  }


  /**
   * Writes the provided attribute to LDIF using the provided information.
   *
   * @param attribute
   *          the attribute to write to LDIF
   * @param typesOnly
   *          if true, only writes the type information, else writes the type
   *          information and values for the attribute.
   * @param writer
   *          The writer to which the data should be written. It must not be
   *          <CODE>null</CODE>.
   * @param wrapLines
   *          Indicates whether to wrap long lines.
   * @param wrapColumn
   *          The column at which long lines should be wrapped.
   * @throws IOException
   *           If a problem occurs while writing the information.
   */
  private void writeLDIFLine(Attribute attribute, final boolean typesOnly,
      BufferedWriter writer, boolean wrapLines, int wrapColumn)
      throws IOException
  {
    StringBuilder attrName = new StringBuilder(attribute.getName());
    for (String o : attribute.getOptions())
    {
      attrName.append(";");
      attrName.append(o);
    }

    if (typesOnly)
    {
      attrName.append(":");

      LDIFWriter.writeLDIFLine(attrName, writer, wrapLines, wrapColumn);
    }
    else
    {
      for (ByteString v : attribute)
      {
        StringBuilder attrLine = new StringBuilder(attrName);
        appendLDIFSeparatorAndValue(attrLine, v);
        LDIFWriter.writeLDIFLine(attrLine, writer, wrapLines, wrapColumn);
      }
    }
  }



  /**
   * Retrieves the name of the protocol associated with this protocol
   * element.
   *
   * @return  The name of the protocol associated with this protocol
   *          element.
   */
  @Override
  public String getProtocolElementName()
  {
    return "Entry";
  }



  /**
   * Retrieves a hash code for this entry.
   *
   * @return  The hash code for this entry.
   */
  @Override
  public int hashCode()
  {
    int hashCode = dn.hashCode();
    for (ObjectClass oc : objectClasses.keySet())
    {
      hashCode += oc.hashCode();
    }

    hashCode += hashCode(userAttributes.values());
    hashCode += hashCode(operationalAttributes.values());
    return hashCode;
  }

  /**
   * Computes the hashCode for the list of attributes list.
   *
   * @param attributesLists
   *          the attributes for which to commpute the hashCode
   * @return the hashCode for the list of attributes list.
   */
  private int hashCode(Collection<List<Attribute>> attributesLists)
  {
    int result = 0;
    for (List<Attribute> attributes : attributesLists)
    {
      for (Attribute a : attributes)
      {
        result += a.hashCode();
      }
    }
    return result;
  }



  /**
   * Indicates whether the provided object is equal to this entry.  In
   * order for the object to be considered equal, it must be an entry
   * with the same DN, set of object classes, and set of user and
   * operational attributes.
   *
   * @param  o  The object for which to make the determination.
   *
   * @return  {@code true} if the provided object may be considered
   *          equal to this entry, or {@code false} if not.
   */
  @Override
  public boolean equals(Object o)
  {
    if (this == o)
    {
      return true;
    }
    if (o == null)
    {
      return false;
    }
    if (! (o instanceof Entry))
    {
      return false;
    }

    Entry e = (Entry) o;
    return dn.equals(e.dn)
        && objectClasses.keySet().equals(e.objectClasses.keySet())
        && equals(userAttributes, e.userAttributes)
        && equals(operationalAttributes, e.operationalAttributes);
  }

  /**
   * Returns whether the 2 Maps are equal.
   *
   * @param attributes1
   *          the first Map of attributes
   * @param attributes2
   *          the second Map of attributes
   * @return true if the 2 Maps are equal, false otherwise
   */
  private boolean equals(Map<AttributeType, List<Attribute>> attributes1,
      Map<AttributeType, List<Attribute>> attributes2)
  {
    for (AttributeType at : attributes1.keySet())
    {
      List<Attribute> list1 = attributes1.get(at);
      List<Attribute> list2 = attributes2.get(at);
      if (list2 == null || list1.size() != list2.size())
      {
        return false;
      }
      for (Attribute a : list1)
      {
        if (!list2.contains(a))
        {
          return false;
        }
      }
    }
    return true;
  }



  /**
   * Retrieves a string representation of this protocol element.
   *
   * @return  A string representation of this protocol element.
   */
  @Override
  public String toString()
  {
    return toLDIFString();
  }



  /**
   * Appends a string representation of this protocol element to the
   * provided buffer.
   *
   * @param  buffer  The buffer into which the string representation
   *                 should be written.
   */
  @Override
  public void toString(StringBuilder buffer)
  {
    buffer.append(this);
  }



  /**
   * Appends a string representation of this protocol element to the
   * provided buffer.
   *
   * @param  buffer  The buffer into which the string representation
   *                 should be written.
   * @param  indent  The number of spaces that should be used to
   *                 indent the resulting string representation.
   */
  @Override
  public void toString(StringBuilder buffer, int indent)
  {
    StringBuilder indentBuf = new StringBuilder(indent);
    for (int i=0 ; i < indent; i++)
    {
      indentBuf.append(' ');
    }

    for (StringBuilder b : toLDIF())
    {
      buffer.append(indentBuf);
      buffer.append(b);
      buffer.append(EOL);
    }
  }



  /**
   * Retrieves a string representation of this entry in LDIF form.
   *
   * @return  A string representation of this entry in LDIF form.
   */
  public String toLDIFString()
  {
    StringBuilder buffer = new StringBuilder();

    for (StringBuilder ldifLine : toLDIF())
    {
      buffer.append(ldifLine);
      buffer.append(EOL);
    }

    return buffer.toString();
  }



  /**
   * Appends a single-line representation of this entry to the
   * provided buffer.
   *
   * @param  buffer  The buffer to which the information should be
   *                 written.
   */
  public void toSingleLineString(StringBuilder buffer)
  {
    buffer.append("Entry(dn=\"");
    dn.toString(buffer);
    buffer.append("\",objectClasses={");

    Iterator<String> iterator = objectClasses.values().iterator();
    if (iterator.hasNext())
    {
      buffer.append(iterator.next());

      while (iterator.hasNext())
      {
        buffer.append(",");
        buffer.append(iterator.next());
      }
    }

    buffer.append("},userAttrs={");
    appendAttributes(buffer, userAttributes.values());
    buffer.append("},operationalAttrs={");
    appendAttributes(buffer, operationalAttributes.values());
    buffer.append("})");
  }

  /**
   * Appends the attributes to the StringBuilder.
   *
   * @param buffer
   *          the StringBuilder where to append
   * @param attributesLists
   *          the attributesLists to append
   */
  private void appendAttributes(StringBuilder buffer,
      Collection<List<Attribute>> attributesLists)
  {
    boolean firstAttr = true;
    for (List<Attribute> attributes : attributesLists)
    {
      for (Attribute a : attributes)
      {
        if (firstAttr)
        {
          firstAttr = false;
        }
        else
        {
          buffer.append(",");
        }

        buffer.append(a.getName());

        if (a.hasOptions())
        {
          for (String optionString : a.getOptions())
          {
            buffer.append(";");
            buffer.append(optionString);
          }
        }

        buffer.append("={");
        Iterator<ByteString> valueIterator = a.iterator();
        if (valueIterator.hasNext())
        {
          buffer.append(valueIterator.next());

          while (valueIterator.hasNext())
          {
            buffer.append(",");
            buffer.append(valueIterator.next());
          }
        }

        buffer.append("}");
      }
    }
  }



  /**
   * Retrieves the requested attribute element for the specified
   * attribute type and options or <code>null</code> if this entry
   * does not contain an attribute with the specified attribute type
   * and options.
   *
   * @param attributeType
   *          The attribute type to retrieve.
   * @param options
   *          The set of attribute options.
   * @return The requested attribute element for the specified
   *         attribute type and options, or <code>null</code> if the
   *         specified attribute type is not present in this entry
   *         with the provided set of options.
   */
  public Attribute getExactAttribute(AttributeType attributeType,
      Set<String> options)
  {
    List<Attribute> attributes = getAttributes(attributeType);
    if (attributes != null)
    {
      for (Attribute attribute : attributes)
      {
        if (attribute.optionsEqual(options))
        {
          return attribute;
        }
      }
    }
    return null;
  }



  /**
   * Adds the provided attribute to this entry. If an attribute with
   * the provided type and options already exists, then it will be
   * either merged or replaced depending on the value of
   * <code>replace</code>.
   *
   * @param attribute
   *          The attribute to add/replace in this entry.
   * @param duplicateValues
   *          A list to which any duplicate values will be added.
   * @param replace
   *          <code>true</code> if the attribute should replace any
   *          existing attribute.
   */
  private void setAttribute(Attribute attribute,
      List<ByteString> duplicateValues, boolean replace)
  {
    attachment = null;

    AttributeType attributeType = attribute.getAttributeType();

    if (attribute.getAttributeType().isObjectClass())
    {
      // We will not do any validation of the object classes - this is
      // left to the caller.
      if (replace)
      {
        objectClasses.clear();
      }

      MatchingRule rule =
          attribute.getAttributeType().getEqualityMatchingRule();
      for (ByteString v : attribute)
      {
        String name = v.toString();
        String lowerName = toLowerName(rule, v);

        // Create a default object class if necessary.
        ObjectClass oc =
          DirectoryServer.getObjectClass(lowerName, true);

        if (replace)
        {
          objectClasses.put(oc, name);
        }
        else
        {
          if (objectClasses.containsKey(oc))
          {
            duplicateValues.add(v);
          }
          else
          {
            objectClasses.put(oc, name);
          }
        }
      }

      return;
    }

    List<Attribute> attributes = getAttributes(attributeType);
    if (attributes == null)
    {
      // Do nothing if we are deleting a non-existing attribute.
      if (replace && attribute.isEmpty())
      {
        return;
      }

      // We are adding the first attribute with this attribute type.
      putAttributes(attributeType, newArrayList(attribute));
      return;
    }

    // There are already attributes with the same attribute type.
    Set<String> options = attribute.getOptions();
    for (int i = 0; i < attributes.size(); i++)
    {
      Attribute a = attributes.get(i);
      if (a.optionsEqual(options))
      {
        if (replace)
        {
          if (!attribute.isEmpty())
          {
            attributes.set(i, attribute);
          }
          else
          {
            attributes.remove(i);

            if (attributes.isEmpty())
            {
              removeAttributes(attributeType);
            }
          }
        }
        else
        {
          AttributeBuilder builder = new AttributeBuilder(a);
          for (ByteString v : attribute)
          {
            if (!builder.add(v))
            {
              duplicateValues.add(v);
            }
          }
          attributes.set(i, builder.toAttribute());
        }
        return;
      }
    }

    // There were no attributes with the same options.
    if (replace && attribute.isEmpty())
    {
      // Do nothing.
      return;
    }

    attributes.add(attribute);
  }



  /**
   * Returns an entry containing only those attributes of this entry
   * which match the provided criteria.
   *
   * @param attrNameList
   *          The list of attributes to include, may include wild
   *          cards.
   * @param omitValues
   *          Indicates whether to omit attribute values when
   *          processing.
   * @param omitReal
   *          Indicates whether to exclude real attributes.
   * @param omitVirtual
   *          Indicates whether to exclude virtual attributes.
   * @return An entry containing only those attributes of this entry
   *         which match the provided criteria.
   */
  public Entry filterEntry(Set<String> attrNameList,
      boolean omitValues, boolean omitReal, boolean omitVirtual)
  {
    final AttributeType ocType = DirectoryServer.getObjectClassAttributeType();

    Map<ObjectClass, String> objectClassesCopy;
    Map<AttributeType, List<Attribute>> userAttrsCopy;
    Map<AttributeType, List<Attribute>> operationalAttrsCopy;

    if (attrNameList == null || attrNameList.isEmpty())
    {
      // Common case: return filtered user attributes.
      userAttrsCopy = new LinkedHashMap<>(userAttributes.size());
      operationalAttrsCopy = new LinkedHashMap<>(0);

      if (omitReal)
      {
        objectClassesCopy = new LinkedHashMap<>(0);
      }
      else if (omitValues)
      {
        objectClassesCopy = new LinkedHashMap<>(0);

        // Add empty object class attribute.
        userAttrsCopy.put(ocType, newArrayList(Attributes.empty(ocType)));
      }
      else
      {
        objectClassesCopy = new LinkedHashMap<>(objectClasses);

        // First, add the objectclass attribute.
        Attribute ocAttr = getObjectClassAttribute();
        if (ocAttr != null)
        {
          userAttrsCopy.put(ocType, newArrayList(ocAttr));
        }
      }

      // Copy all user attributes.
      deepCopy(userAttributes, userAttrsCopy, omitValues, true,
          omitReal, omitVirtual, true);
    }
    else
    {
      // Incrementally build table of attributes.
      if (omitReal || omitValues)
      {
        objectClassesCopy = new LinkedHashMap<>(0);
      }
      else
      {
        objectClassesCopy = new LinkedHashMap<>(objectClasses.size());
      }

      userAttrsCopy = new LinkedHashMap<>(userAttributes.size());
      operationalAttrsCopy = new LinkedHashMap<>(operationalAttributes.size());

      for (String attrName : attrNameList)
      {
        if ("*".equals(attrName))
        {
          // This is a special placeholder indicating that all user
          // attributes should be returned.
          if (!omitReal)
          {
            if (omitValues)
            {
              // Add empty object class attribute.
              userAttrsCopy.put(ocType, newArrayList(Attributes.empty(ocType)));
            }
            else
            {
              // Add the objectclass attribute.
              objectClassesCopy.putAll(objectClasses);
              Attribute ocAttr = getObjectClassAttribute();
              if (ocAttr != null)
              {
                userAttrsCopy.put(ocType, newArrayList(ocAttr));
              }
            }
          }

          // Copy all user attributes.
          deepCopy(userAttributes, userAttrsCopy, omitValues, true,
              omitReal, omitVirtual, true);
          continue;
        }
        else if ("+".equals(attrName))
        {
          // This is a special placeholder indicating that all
          // operational attributes should be returned.
          deepCopy(operationalAttributes, operationalAttrsCopy,
              omitValues, true, omitReal, omitVirtual, true);
          continue;
        }

        String lowerName;
        Set<String> options;
        int semicolonPos = attrName.indexOf(';');
        if (semicolonPos > 0)
        {
          String tmpName = attrName.substring(0, semicolonPos);
          lowerName = toLowerCase(tmpName);
          int nextPos = attrName.indexOf(';', semicolonPos+1);
          options = new HashSet<>();
          while (nextPos > 0)
          {
            options.add(attrName.substring(semicolonPos+1, nextPos));

            semicolonPos = nextPos;
            nextPos = attrName.indexOf(';', semicolonPos+1);
          }
          options.add(attrName.substring(semicolonPos+1));
          attrName = tmpName;
        }
        else
        {
          lowerName = toLowerCase(attrName);
          options = null;
        }

        AttributeType attrType = DirectoryServer.getAttributeTypeOrNull(lowerName);
        if (attrType == null)
        {
          // Unrecognized attribute type - do best effort search.
          for (Map.Entry<AttributeType, List<Attribute>> e :
            userAttributes.entrySet())
          {
            AttributeType t = e.getKey();
            if (t.hasNameOrOID(lowerName))
            {
              mergeAttributeLists(e.getValue(), userAttrsCopy, t,
                  attrName, options, omitValues, omitReal, omitVirtual);
              continue;
            }
          }

          for (Map.Entry<AttributeType, List<Attribute>> e :
            operationalAttributes.entrySet())
          {
            AttributeType t = e.getKey();
            if (t.hasNameOrOID(lowerName))
            {
              mergeAttributeLists(e.getValue(), operationalAttrsCopy,
                  t, attrName, options, omitValues, omitReal, omitVirtual);
              continue;
            }
          }
        }
        else
        {
          // Recognized attribute type.
          if (attrType.isObjectClass()) {
            if (!omitReal)
            {
              if (omitValues)
              {
                userAttrsCopy.put(ocType, newArrayList(Attributes.empty(ocType, attrName)));
              }
              else
              {
                Attribute ocAttr = getObjectClassAttribute();
                if (ocAttr != null)
                {
                  if (!attrName.equals(ocAttr.getName()))
                  {
                    // User requested non-default object class type name.
                    AttributeBuilder builder = new AttributeBuilder(ocAttr);
                    builder.setAttributeType(ocType, attrName);
                    ocAttr = builder.toAttribute();
                  }

                  userAttrsCopy.put(ocType, newArrayList(ocAttr));
                }
              }
            }
          }
          else
          {
            List<Attribute> attrList = getUserAttribute(attrType);
            if (attrList != null)
            {
              mergeAttributeLists(attrList, userAttrsCopy, attrType,
                  attrName, options, omitValues, omitReal, omitVirtual);
            }
            else
            {
              attrList = getOperationalAttribute(attrType);
              if (attrList != null)
              {
                mergeAttributeLists(attrList, operationalAttrsCopy,
                    attrType, attrName, options, omitValues, omitReal,
                    omitVirtual);
              }
            }
          }
        }
      }
    }

    return new Entry(dn, objectClassesCopy, userAttrsCopy,
                     operationalAttrsCopy);
  }

  /**
   * Copies the provided list of attributes into the destination
   * attribute map according to the provided criteria.
   *
   * @param sourceList
   *          The list containing the attributes to be copied.
   * @param destMap
   *          The map where the attributes should be copied to.
   * @param attrType
   *          The attribute type.
   * @param attrName
   *          The user-provided attribute name.
   * @param options
   *          The user-provided attribute options.
   * @param omitValues
   *          Indicates whether to exclude attribute values.
   * @param omitReal
   *          Indicates whether to exclude real attributes.
   * @param omitVirtual
   *          Indicates whether to exclude virtual attributes.
   */
  private void mergeAttributeLists(List<Attribute> sourceList,
      Map<AttributeType, List<Attribute>> destMap,
      AttributeType attrType, String attrName, Set<String> options,
      boolean omitValues, boolean omitReal, boolean omitVirtual)
  {
    if (sourceList == null)
    {
      return;
    }

    for (Attribute attribute : sourceList)
    {
      if (attribute.isEmpty()
          || (omitReal && attribute.isReal())
          || (omitVirtual && attribute.isVirtual())
          || !attribute.hasAllOptions(options))
      {
        continue;
      }
      else
      {
        // If a non-default attribute name was provided or if the
        // attribute has options then we will need to rebuild the
        // attribute so that it contains the user-requested names and options.
        AttributeType subAttrType = attribute.getAttributeType();

        if ((attrName != null && !attrName.equals(attribute.getName()))
            || (options != null && !options.isEmpty()))
        {
          AttributeBuilder builder = new AttributeBuilder();

          // We want to use the user-provided name only if this attribute has
          // the same type as the requested type. This might not be the case for
          // sub-types e.g. requesting "name" and getting back "cn" - we don't
          // want to rename "name" to "cn".
          if (attrName == null || !subAttrType.equals(attrType))
          {
            builder.setAttributeType(subAttrType, attribute.getName());
          }
          else
          {
            builder.setAttributeType(subAttrType, attrName);
          }

          if (options != null)
          {
            builder.setOptions(options);
          }

          // Now add in remaining options from original attribute
          // (this will not overwrite options already present).
          builder.setOptions(attribute.getOptions());

          if (!omitValues)
          {
            builder.addAll(attribute);
          }

          attribute = builder.toAttribute();
        }
        else if (omitValues)
        {
          attribute = Attributes.empty(attribute);
        }

        // Now put the attribute into the destination map.
        // Be careful of duplicates.
        List<Attribute> attrList = destMap.get(subAttrType);

        if (attrList == null)
        {
          // Assume that they'll all go in the one list. This isn't
          // always the case, for example if the list contains sub-types.
          attrList = new ArrayList<>(sourceList.size());
          attrList.add(attribute);
          destMap.put(subAttrType, attrList);
        }
        else
        {
          // The attribute may have already been put in the list.
          //
          // This may occur in two cases:
          //
          // 1) The attribute is identified by more than one attribute
          //    type description in the attribute list (e.g. in a wildcard).
          //
          // 2) The attribute has both a real and virtual component.
          //
          boolean found = false;
          for (int i = 0; i < attrList.size(); i++)
          {
            Attribute otherAttribute = attrList.get(i);
            if (otherAttribute.optionsEqual(attribute.getOptions()))
            {
              // Assume that wildcards appear first in an attribute
              // list with more specific attribute names afterwards:
              // let the attribute name and options from the later
              // attribute take preference.
              attrList.set(i, Attributes.merge(attribute, otherAttribute));
              found = true;
            }
          }

          if (!found)
          {
            attrList.add(attribute);
          }
        }
      }
    }
  }
}