001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.admin.std.server;
028
029
030
031 import java.util.SortedSet;
032 import org.opends.server.admin.Configuration;
033 import org.opends.server.admin.server.ConfigurationChangeListener;
034 import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege;
035 import org.opends.server.admin.std.meta.GlobalCfgDefn.EtimeResolution;
036 import org.opends.server.admin.std.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior;
037 import org.opends.server.admin.std.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior;
038 import org.opends.server.admin.std.meta.GlobalCfgDefn.WorkflowConfigurationMode;
039 import org.opends.server.admin.std.meta.GlobalCfgDefn.WritabilityMode;
040 import org.opends.server.types.DN;
041
042
043
044 /**
045 * A server-side interface for querying Global Configuration settings.
046 * <p>
047 * The Global Configuration contains properties that affect the
048 * overall operation of the OpenDS Directory Server .
049 */
050 public interface GlobalCfg extends Configuration {
051
052 /**
053 * Gets the configuration class associated with this Global Configuration.
054 *
055 * @return Returns the configuration class associated with this Global Configuration.
056 */
057 Class<? extends GlobalCfg> configurationClass();
058
059
060
061 /**
062 * Register to be notified when this Global Configuration is changed.
063 *
064 * @param listener
065 * The Global Configuration configuration change listener.
066 */
067 void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
068
069
070
071 /**
072 * Deregister an existing Global Configuration configuration change listener.
073 *
074 * @param listener
075 * The Global Configuration configuration change listener.
076 */
077 void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
078
079
080
081 /**
082 * Gets the "add-missing-rdn-attributes" property.
083 * <p>
084 * Indicates whether the Directory Server should automatically add
085 * any attribute values contained in the entry's RDN into that entry
086 * when processing an add request.
087 *
088 * @return Returns the value of the "add-missing-rdn-attributes" property.
089 */
090 boolean isAddMissingRDNAttributes();
091
092
093
094 /**
095 * Gets the "allow-attribute-name-exceptions" property.
096 * <p>
097 * Indicates whether the Directory Server should allow underscores
098 * in attribute names and allow attribute names to begin with numeric
099 * digits (both of which are violations of the LDAP standards).
100 *
101 * @return Returns the value of the "allow-attribute-name-exceptions" property.
102 */
103 boolean isAllowAttributeNameExceptions();
104
105
106
107 /**
108 * Gets the "allowed-task" property.
109 * <p>
110 * Specifies the fully-qualified name of a Java class that may be
111 * invoked in the server.
112 * <p>
113 * Any attempt to invoke a task not included in the list of allowed
114 * tasks is rejected.
115 *
116 * @return Returns an unmodifiable set containing the values of the "allowed-task" property.
117 */
118 SortedSet<String> getAllowedTask();
119
120
121
122 /**
123 * Gets the "bind-with-dn-requires-password" property.
124 * <p>
125 * Indicates whether the Directory Server should reject any simple
126 * bind request that contains a DN but no password.
127 * <p>
128 * Although such bind requests are technically allowed by the LDAPv3
129 * specification (and should be treated as anonymous simple
130 * authentication), they may introduce security problems in
131 * applications that do not verify that the client actually provided
132 * a password.
133 *
134 * @return Returns the value of the "bind-with-dn-requires-password" property.
135 */
136 boolean isBindWithDNRequiresPassword();
137
138
139
140 /**
141 * Gets the "check-schema" property.
142 * <p>
143 * Indicates whether schema enforcement is active.
144 * <p>
145 * When schema enforcement is activated, the Directory Server
146 * ensures that all operations result in entries are valid according
147 * to the defined server schema. It is strongly recommended that this
148 * option be left enabled to prevent the inadvertent addition of
149 * invalid data into the server.
150 *
151 * @return Returns the value of the "check-schema" property.
152 */
153 boolean isCheckSchema();
154
155
156
157 /**
158 * Gets the "default-password-policy" property.
159 * <p>
160 * Specifies the name of the password policy that is in effect for
161 * users whose entries do not specify an alternate password policy
162 * (either via a real or virtual attribute).
163 *
164 * @return Returns the value of the "default-password-policy" property.
165 */
166 String getDefaultPasswordPolicy();
167
168
169
170 /**
171 * Gets the "default-password-policy" property as a DN.
172 * <p>
173 * Specifies the name of the password policy that is in effect for
174 * users whose entries do not specify an alternate password policy
175 * (either via a real or virtual attribute).
176 *
177 * @return Returns the DN value of the "default-password-policy"
178 * property.
179 */
180 DN getDefaultPasswordPolicyDN();
181
182
183
184 /**
185 * Gets the "disabled-privilege" property.
186 * <p>
187 * Specifies the name of a privilege that should not be evaluated by
188 * the server.
189 * <p>
190 * If a privilege is disabled, then it is assumed that all clients
191 * (including unauthenticated clients) have that privilege.
192 *
193 * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property.
194 */
195 SortedSet<DisabledPrivilege> getDisabledPrivilege();
196
197
198
199 /**
200 * Gets the "entry-cache-preload" property.
201 * <p>
202 * Indicates whether or not to preload the entry cache on startup.
203 *
204 * @return Returns the value of the "entry-cache-preload" property.
205 */
206 boolean isEntryCachePreload();
207
208
209
210 /**
211 * Gets the "etime-resolution" property.
212 * <p>
213 * Specifies the resolution to use for operation elapsed processing
214 * time (etime) measurements.
215 *
216 * @return Returns the value of the "etime-resolution" property.
217 */
218 EtimeResolution getEtimeResolution();
219
220
221
222 /**
223 * Gets the "idle-time-limit" property.
224 * <p>
225 * Specifies the maximum length of time that a client connection may
226 * remain established since its last completed operation.
227 * <p>
228 * A value of "0 seconds" indicates that no idle time limit is
229 * enforced.
230 *
231 * @return Returns the value of the "idle-time-limit" property.
232 */
233 long getIdleTimeLimit();
234
235
236
237 /**
238 * Gets the "invalid-attribute-syntax-behavior" property.
239 * <p>
240 * Specifies how the Directory Server should handle operations
241 * whenever an attribute value violates the associated attribute
242 * syntax.
243 *
244 * @return Returns the value of the "invalid-attribute-syntax-behavior" property.
245 */
246 InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior();
247
248
249
250 /**
251 * Gets the "lookthrough-limit" property.
252 * <p>
253 * Specifies the maximum number of entries that the Directory Server
254 * should "look through" in the course of processing a search
255 * request.
256 * <p>
257 * This includes any entry that the server must examine in the
258 * course of processing the request, regardless of whether it
259 * actually matches the search criteria. A value of 0 indicates that
260 * no lookthrough limit is enforced. Note that this is the default
261 * server-wide limit, but it may be overridden on a per-user basis
262 * using the ds-rlim-lookthrough-limit operational attribute.
263 *
264 * @return Returns the value of the "lookthrough-limit" property.
265 */
266 int getLookthroughLimit();
267
268
269
270 /**
271 * Gets the "notify-abandoned-operations" property.
272 * <p>
273 * Indicates whether the Directory Server should send a response to
274 * any operation that is interrupted via an abandon request.
275 * <p>
276 * The LDAP specification states that abandoned operations should
277 * not receive any response, but this may cause problems with client
278 * applications that always expect to receive a response to each
279 * request.
280 *
281 * @return Returns the value of the "notify-abandoned-operations" property.
282 */
283 boolean isNotifyAbandonedOperations();
284
285
286
287 /**
288 * Gets the "proxied-authorization-identity-mapper" property.
289 * <p>
290 * Specifies the name of the identity mapper to map authorization ID
291 * values (using the "u:" form) provided in the proxied authorization
292 * control to the corresponding user entry.
293 *
294 * @return Returns the value of the "proxied-authorization-identity-mapper" property.
295 */
296 String getProxiedAuthorizationIdentityMapper();
297
298
299
300 /**
301 * Gets the "proxied-authorization-identity-mapper" property as a
302 * DN.
303 * <p>
304 * Specifies the name of the identity mapper to map authorization ID
305 * values (using the "u:" form) provided in the proxied authorization
306 * control to the corresponding user entry.
307 *
308 * @return Returns the DN value of the
309 * "proxied-authorization-identity-mapper" property.
310 */
311 DN getProxiedAuthorizationIdentityMapperDN();
312
313
314
315 /**
316 * Gets the "reject-unauthenticated-requests" property.
317 * <p>
318 * Indicates whether the Directory Server should reject any request
319 * (other than bind or StartTLS requests) received from a client that
320 * has not yet been authenticated, whose last authentication attempt
321 * was unsuccessful, or whose last authentication attempt used
322 * anonymous authentication.
323 *
324 * @return Returns the value of the "reject-unauthenticated-requests" property.
325 */
326 boolean isRejectUnauthenticatedRequests();
327
328
329
330 /**
331 * Gets the "return-bind-error-messages" property.
332 * <p>
333 * Indicates whether responses for failed bind operations should
334 * include a message string providing the reason for the
335 * authentication failure.
336 * <p>
337 * Note that these messages may include information that could
338 * potentially be used by an attacker. If this option is disabled,
339 * then these messages appears only in the server's access log.
340 *
341 * @return Returns the value of the "return-bind-error-messages" property.
342 */
343 boolean isReturnBindErrorMessages();
344
345
346
347 /**
348 * Gets the "save-config-on-successful-startup" property.
349 * <p>
350 * Indicates whether the Directory Server should save a copy of its
351 * configuration whenever the startup process completes successfully.
352 * <p>
353 * This ensures that the server provides a "last known good"
354 * configuration, which can be used as a reference (or copied into
355 * the active config) if the server fails to start with the current
356 * "active" configuration.
357 *
358 * @return Returns the value of the "save-config-on-successful-startup" property.
359 */
360 boolean isSaveConfigOnSuccessfulStartup();
361
362
363
364 /**
365 * Gets the "server-error-result-code" property.
366 * <p>
367 * Specifies the numeric value of the result code when request
368 * processing fails due to an internal server error.
369 *
370 * @return Returns the value of the "server-error-result-code" property.
371 */
372 int getServerErrorResultCode();
373
374
375
376 /**
377 * Gets the "single-structural-objectclass-behavior" property.
378 * <p>
379 * Specifies how the Directory Server should handle operations an
380 * entry does not contain a structural object class or contains
381 * multiple structural classes.
382 *
383 * @return Returns the value of the "single-structural-objectclass-behavior" property.
384 */
385 SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior();
386
387
388
389 /**
390 * Gets the "size-limit" property.
391 * <p>
392 * Specifies the maximum number of entries that the Directory Server
393 * should return to the client durin a search operation.
394 * <p>
395 * A value of 0 indicates that no size limit is enforced. Note that
396 * this is the default server-wide limit, but it may be overridden on
397 * a per-user basis using the ds-rlim-size-limit operational
398 * attribute.
399 *
400 * @return Returns the value of the "size-limit" property.
401 */
402 int getSizeLimit();
403
404
405
406 /**
407 * Gets the "smtp-server" property.
408 * <p>
409 * Specifies the address (and optional port number) for a mail
410 * server that can be used to send email messages via SMTP.
411 * <p>
412 * It may be an IP address or resolvable hostname, optionally
413 * followed by a colon and a port number.
414 *
415 * @return Returns an unmodifiable set containing the values of the "smtp-server" property.
416 */
417 SortedSet<String> getSMTPServer();
418
419
420
421 /**
422 * Gets the "time-limit" property.
423 * <p>
424 * Specifies the maximum length of time that the Directory Server
425 * should spend processing a search operation.
426 * <p>
427 * A value of 0 seconds indicates that no time limit is enforced.
428 * Note that this is the default server-wide time limit, but it may
429 * be overridden on a per-user basis using the ds-rlim-time-limit
430 * operational attribute.
431 *
432 * @return Returns the value of the "time-limit" property.
433 */
434 long getTimeLimit();
435
436
437
438 /**
439 * Gets the "workflow-configuration-mode" property.
440 * <p>
441 * Specifies the workflow configuration mode (auto vs. manual).
442 *
443 * @return Returns the value of the "workflow-configuration-mode" property.
444 */
445 WorkflowConfigurationMode getWorkflowConfigurationMode();
446
447
448
449 /**
450 * Gets the "writability-mode" property.
451 * <p>
452 * Specifies the kinds of write operations the Directory Server can
453 * process.
454 *
455 * @return Returns the value of the "writability-mode" property.
456 */
457 WritabilityMode getWritabilityMode();
458
459 }