001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.admin.std.server;
028
029
030
031 import java.net.InetAddress;
032 import java.util.SortedSet;
033 import org.opends.server.admin.server.ConfigurationChangeListener;
034 import org.opends.server.admin.std.meta.LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy;
035 import org.opends.server.types.DN;
036
037
038
039 /**
040 * A server-side interface for querying LDAP Connection Handler
041 * settings.
042 * <p>
043 * The LDAP Connection Handler is used to interact with clients using
044 * LDAP.
045 */
046 public interface LDAPConnectionHandlerCfg extends ConnectionHandlerCfg {
047
048 /**
049 * Gets the configuration class associated with this LDAP Connection Handler.
050 *
051 * @return Returns the configuration class associated with this LDAP Connection Handler.
052 */
053 Class<? extends LDAPConnectionHandlerCfg> configurationClass();
054
055
056
057 /**
058 * Register to be notified when this LDAP Connection Handler is changed.
059 *
060 * @param listener
061 * The LDAP Connection Handler configuration change listener.
062 */
063 void addLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener);
064
065
066
067 /**
068 * Deregister an existing LDAP Connection Handler configuration change listener.
069 *
070 * @param listener
071 * The LDAP Connection Handler configuration change listener.
072 */
073 void removeLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener);
074
075
076
077 /**
078 * Gets the "accept-backlog" property.
079 * <p>
080 * Specifies the maximum number of pending connection attempts that
081 * are allowed to queue up in the accept backlog before the server
082 * starts rejecting new connection attempts.
083 * <p>
084 * This is primarily an issue for cases in which a large number of
085 * connections are established to the server in a very short period
086 * of time (for example, a benchmark utility that creates a large
087 * number of client threads that each have their own connection to
088 * the server) and the connection handler is unable to keep up with
089 * the rate at which the new connections are established.
090 *
091 * @return Returns the value of the "accept-backlog" property.
092 */
093 int getAcceptBacklog();
094
095
096
097 /**
098 * Gets the "allow-ldap-v2" property.
099 * <p>
100 * Indicates whether connections from LDAPv2 clients are allowed.
101 * <p>
102 * If LDAPv2 clients are allowed, then only a minimal degree of
103 * special support are provided for them to ensure that
104 * LDAPv3-specific protocol elements (for example, Configuration
105 * Guide 25 controls, extended response messages, intermediate
106 * response messages, referrals) are not sent to an LDAPv2 client.
107 *
108 * @return Returns the value of the "allow-ldap-v2" property.
109 */
110 boolean isAllowLDAPV2();
111
112
113
114 /**
115 * Gets the "allow-start-tls" property.
116 * <p>
117 * Indicates whether clients are allowed to use StartTLS.
118 * <p>
119 * If enabled, the LDAP Connection Handler allows clients to use the
120 * StartTLS extended operation to initiate secure communication over
121 * an otherwise insecure channel. Note that this is only allowed if
122 * the LDAP Connection Handler is not configured to use SSL, and if
123 * the server is configured with a valid key manager provider and a
124 * valid trust manager provider.
125 *
126 * @return Returns the value of the "allow-start-tls" property.
127 */
128 boolean isAllowStartTLS();
129
130
131
132 /**
133 * Gets the "allow-tcp-reuse-address" property.
134 * <p>
135 * Indicates whether the LDAP Connection Handler should reuse socket
136 * descriptors.
137 * <p>
138 * If enabled, the SO_REUSEADDR socket option is used on the server
139 * listen socket to potentially allow the reuse of socket descriptors
140 * for clients in a TIME_WAIT state. This may help the server avoid
141 * temporarily running out of socket descriptors in cases in which a
142 * very large number of short-lived connections have been established
143 * from the same client system.
144 *
145 * @return Returns the value of the "allow-tcp-reuse-address" property.
146 */
147 boolean isAllowTCPReuseAddress();
148
149
150
151 /**
152 * Gets the "java-class" property.
153 * <p>
154 * Specifies the fully-qualified name of the Java class that
155 * provides the LDAP Connection Handler implementation.
156 *
157 * @return Returns the value of the "java-class" property.
158 */
159 String getJavaClass();
160
161
162
163 /**
164 * Gets the "keep-stats" property.
165 * <p>
166 * Indicates whether the LDAP Connection Handler should keep
167 * statistics.
168 * <p>
169 * If enabled, the LDAP Connection Handler maintains statistics
170 * about the number and types of operations requested over LDAP and
171 * the amount of data sent and received.
172 *
173 * @return Returns the value of the "keep-stats" property.
174 */
175 boolean isKeepStats();
176
177
178
179 /**
180 * Gets the "key-manager-provider" property.
181 * <p>
182 * Specifies the name of the key manager that should be used with
183 * this LDAP Connection Handler .
184 *
185 * @return Returns the value of the "key-manager-provider" property.
186 */
187 String getKeyManagerProvider();
188
189
190
191 /**
192 * Gets the "key-manager-provider" property as a DN.
193 * <p>
194 * Specifies the name of the key manager that should be used with
195 * this LDAP Connection Handler .
196 *
197 * @return Returns the DN value of the "key-manager-provider"
198 * property.
199 */
200 DN getKeyManagerProviderDN();
201
202
203
204 /**
205 * Gets the "listen-address" property.
206 * <p>
207 * Specifies the address or set of addresses on which this LDAP
208 * Connection Handler should listen for connections from LDAP
209 * clients.
210 * <p>
211 * Multiple addresses may be provided as separate values for this
212 * attribute. If no values are provided, then the LDAP Connection
213 * Handler listens on all interfaces.
214 *
215 * @return Returns an unmodifiable set containing the values of the "listen-address" property.
216 */
217 SortedSet<InetAddress> getListenAddress();
218
219
220
221 /**
222 * Gets the "listen-port" property.
223 * <p>
224 * Specifies the port number on which the LDAP Connection Handler
225 * will listen for connections from clients.
226 * <p>
227 * Only a single port number may be provided.
228 *
229 * @return Returns the value of the "listen-port" property.
230 */
231 int getListenPort();
232
233
234
235 /**
236 * Gets the "max-blocked-write-time-limit" property.
237 * <p>
238 * Specifies the maximum length of time that attempts to write data
239 * to LDAP clients should be allowed to block.
240 * <p>
241 * If an attempt to write data to a client takes longer than this
242 * length of time, then the client connection is terminated.
243 *
244 * @return Returns the value of the "max-blocked-write-time-limit" property.
245 */
246 long getMaxBlockedWriteTimeLimit();
247
248
249
250 /**
251 * Gets the "max-request-size" property.
252 * <p>
253 * Specifies the size of the largest LDAP request message that will
254 * be allowed by this LDAP Connection handler.
255 * <p>
256 * This property is analogous to the maxBERSize configuration
257 * attribute of the Sun Java System Directory Server. This can help
258 * prevent denial-of-service attacks by clients that indicate they
259 * send extremely large requests to the server causing it to attempt
260 * to allocate large amounts of memory.
261 *
262 * @return Returns the value of the "max-request-size" property.
263 */
264 long getMaxRequestSize();
265
266
267
268 /**
269 * Gets the "num-request-handlers" property.
270 * <p>
271 * Specifies the number of request handlers that are used to read
272 * requests from clients.
273 * <p>
274 * The LDAP Connection Handler uses one thread to accept new
275 * connections from clients, but uses one or more additional threads
276 * to read requests from existing client connections. This ensures
277 * that new requests are read efficiently and that the connection
278 * handler itself does not become a bottleneck when the server is
279 * under heavy load from many clients at the same time.
280 *
281 * @return Returns the value of the "num-request-handlers" property.
282 */
283 int getNumRequestHandlers();
284
285
286
287 /**
288 * Gets the "send-rejection-notice" property.
289 * <p>
290 * Indicates whether the LDAP Connection Handler should send a
291 * notice of disconnection extended response message to the client if
292 * a new connection is rejected for some reason.
293 * <p>
294 * The extended response message may provide an explanation
295 * indicating the reason that the connection was rejected.
296 *
297 * @return Returns the value of the "send-rejection-notice" property.
298 */
299 boolean isSendRejectionNotice();
300
301
302
303 /**
304 * Gets the "ssl-cert-nickname" property.
305 * <p>
306 * Specifies the nickname (also called the alias) of the certificate
307 * that the LDAP Connection Handler should use when performing SSL
308 * communication.
309 * <p>
310 * This is only applicable when the LDAP Connection Handler is
311 * configured to use SSL.
312 *
313 * @return Returns the value of the "ssl-cert-nickname" property.
314 */
315 String getSSLCertNickname();
316
317
318
319 /**
320 * Gets the "ssl-cipher-suite" property.
321 * <p>
322 * Specifies the names of the SSL cipher suites that are allowed for
323 * use in SSL or StartTLS communication.
324 *
325 * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property.
326 */
327 SortedSet<String> getSSLCipherSuite();
328
329
330
331 /**
332 * Gets the "ssl-client-auth-policy" property.
333 * <p>
334 * Specifies the policy that the LDAP Connection Handler should use
335 * regarding client SSL certificates.
336 * <p>
337 * This is only applicable if clients are allowed to use SSL.
338 *
339 * @return Returns the value of the "ssl-client-auth-policy" property.
340 */
341 SSLClientAuthPolicy getSSLClientAuthPolicy();
342
343
344
345 /**
346 * Gets the "ssl-protocol" property.
347 * <p>
348 * Specifies the names of the SSL protocols that are allowed for use
349 * in SSL or StartTLS communication.
350 *
351 * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property.
352 */
353 SortedSet<String> getSSLProtocol();
354
355
356
357 /**
358 * Gets the "trust-manager-provider" property.
359 * <p>
360 * Specifies the name of the trust manager that should be used with
361 * the LDAP Connection Handler .
362 *
363 * @return Returns the value of the "trust-manager-provider" property.
364 */
365 String getTrustManagerProvider();
366
367
368
369 /**
370 * Gets the "trust-manager-provider" property as a DN.
371 * <p>
372 * Specifies the name of the trust manager that should be used with
373 * the LDAP Connection Handler .
374 *
375 * @return Returns the DN value of the "trust-manager-provider"
376 * property.
377 */
378 DN getTrustManagerProviderDN();
379
380
381
382 /**
383 * Gets the "use-ssl" property.
384 * <p>
385 * Indicates whether the LDAP Connection Handler should use SSL.
386 * <p>
387 * If enabled, the LDAP Connection Handler will use SSL to encrypt
388 * communication with the clients.
389 *
390 * @return Returns the value of the "use-ssl" property.
391 */
392 boolean isUseSSL();
393
394
395
396 /**
397 * Gets the "use-tcp-keep-alive" property.
398 * <p>
399 * Indicates whether the LDAP Connection Handler should use TCP
400 * keep-alive.
401 * <p>
402 * If enabled, the SO_KEEPALIVE socket option is used to indicate
403 * that TCP keepalive messages should periodically be sent to the
404 * client to verify that the associated connection is still valid.
405 * This may also help prevent cases in which intermediate network
406 * hardware could silently drop an otherwise idle client connection,
407 * provided that the keepalive interval configured in the underlying
408 * operating system is smaller than the timeout enforced by the
409 * network hardware.
410 *
411 * @return Returns the value of the "use-tcp-keep-alive" property.
412 */
413 boolean isUseTCPKeepAlive();
414
415
416
417 /**
418 * Gets the "use-tcp-no-delay" property.
419 * <p>
420 * Indicates whether the LDAP Connection Handler should use TCP
421 * no-delay.
422 * <p>
423 * If enabled, the TCP_NODELAY socket option is used to ensure that
424 * response messages to the client are sent immediately rather than
425 * potentially waiting to determine whether additional response
426 * messages can be sent in the same packet. In most cases, using the
427 * TCP_NODELAY socket option provides better performance and lower
428 * response times, but disabling it may help for some cases in which
429 * the server sends a large number of entries to a client in response
430 * to a search request.
431 *
432 * @return Returns the value of the "use-tcp-no-delay" property.
433 */
434 boolean isUseTCPNoDelay();
435
436 }