Interface GlobalCfg
-
- All Superinterfaces:
Configuration
public interface GlobalCfg extends Configuration
A server-side interface for querying Global Configuration settings.The Global Configuration contains properties that affect the overall operation of the OpenDJ.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addChangeListener(ConfigurationChangeListener<GlobalCfg> listener)
Register to be notified when this Global Configuration is changed.Class<? extends GlobalCfg>
configurationClass()
Gets the configuration class associated with this Global Configuration.SortedSet<com.forgerock.opendj.util.Host>
getAdvertisedListenAddress()
Gets the "advertised-listen-address" property.SortedSet<AddressMask>
getAllowedClient()
Gets the "allowed-client" property.SortedSet<String>
getAllowedTask()
Gets the "allowed-task" property.int
getCursorEntryLimit()
Gets the "cursor-entry-limit" property.String
getDefaultPasswordPolicy()
Gets the "default-password-policy" property.Dn
getDefaultPasswordPolicyDn()
Gets the "default-password-policy" property as a DN.SortedSet<AddressMask>
getDeniedClient()
Gets the "denied-client" property.SortedSet<GlobalCfgDefn.DisabledPrivilege>
getDisabledPrivilege()
Gets the "disabled-privilege" property.GlobalCfgDefn.EtimeResolution
getEtimeResolution()
Gets the "etime-resolution" property.String
getGroupId()
Gets the "group-id" property.long
getIdleTimeLimit()
Gets the "idle-time-limit" property.GlobalCfgDefn.InvalidAttributeSyntaxBehavior
getInvalidAttributeSyntaxBehavior()
Gets the "invalid-attribute-syntax-behavior" property.SortedSet<com.forgerock.opendj.util.Host>
getListenAddress()
Gets the "listen-address" property.int
getLookthroughLimit()
Gets the "lookthrough-limit" property.int
getMaxAllowedClientConnections()
Gets the "max-allowed-client-connections" property.long
getMaxInternalBufferSize()
Gets the "max-internal-buffer-size" property.int
getMaxPsearches()
Gets the "max-psearches" property.SortedSet<String>
getProxiedAuthorizationIdentityMapper()
Gets the "proxied-authorization-identity-mapper" property.SortedSet<Dn>
getProxiedAuthorizationIdentityMapperDns()
Gets the "proxied-authorization-identity-mapper" property as a set of DNs.SortedSet<AddressMask>
getRestrictedClient()
Gets the "restricted-client" property.int
getRestrictedClientConnectionLimit()
Gets the "restricted-client-connection-limit" property.String
getServerId()
Gets the "server-id" property.GlobalCfgDefn.SingleStructuralObjectclassBehavior
getSingleStructuralObjectclassBehavior()
Gets the "single-structural-objectclass-behavior" property.int
getSizeLimit()
Gets the "size-limit" property.SortedSet<Dn>
getSubordinateBaseDn()
Gets the "subordinate-base-dn" property.long
getTimeLimit()
Gets the "time-limit" property.GlobalCfgDefn.UnauthenticatedRequestsPolicy
getUnauthenticatedRequestsPolicy()
Gets the "unauthenticated-requests-policy" property.GlobalCfgDefn.WritabilityMode
getWritabilityMode()
Gets the "writability-mode" property.boolean
isAddMissingRdnAttributes()
Gets the "add-missing-rdn-attributes" property.boolean
isAllowAttributeNameExceptions()
Gets the "allow-attribute-name-exceptions" property.boolean
isBindWithDnRequiresPassword()
Gets the "bind-with-dn-requires-password" property.boolean
isCheckSchema()
Gets the "check-schema" property.boolean
isJeBackendSharedCacheEnabled()
Gets the "je-backend-shared-cache-enabled" property.boolean
isNotifyAbandonedOperations()
Gets the "notify-abandoned-operations" property.boolean
isReturnBindErrorMessages()
Gets the "return-bind-error-messages" property.boolean
isSaveConfigOnSuccessfulStartup()
Gets the "save-config-on-successful-startup" property.boolean
isTrustTransactionIds()
Gets the "trust-transaction-ids" property.void
removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener)
Deregister an existing Global Configuration configuration change listener.-
Methods inherited from interface org.forgerock.opendj.config.Configuration
dn, name
-
-
-
-
Method Detail
-
configurationClass
Class<? extends GlobalCfg> configurationClass()
Gets the configuration class associated with this Global Configuration.- Specified by:
configurationClass
in interfaceConfiguration
- Returns:
- Returns the configuration class associated with this Global Configuration.
-
addChangeListener
void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener)
Register to be notified when this Global Configuration is changed.- Parameters:
listener
- The Global Configuration configuration change listener.
-
removeChangeListener
void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener)
Deregister an existing Global Configuration configuration change listener.- Parameters:
listener
- The Global Configuration configuration change listener.
-
isAddMissingRdnAttributes
boolean isAddMissingRdnAttributes()
Gets the "add-missing-rdn-attributes" property.Indicates whether the directory server should automatically add any attribute values contained in the entry's RDN into that entry when processing an add request.
Default value:
true
- Returns:
- Returns the value of the "add-missing-rdn-attributes" property.
-
getAdvertisedListenAddress
SortedSet<com.forgerock.opendj.util.Host> getAdvertisedListenAddress()
Gets the "advertised-listen-address" property.The advertised address(es) which clients should use for connecting to this Global Configuration.
Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted.
- Returns:
- Returns an unmodifiable set containing the values of the "advertised-listen-address" property.
-
isAllowAttributeNameExceptions
boolean isAllowAttributeNameExceptions()
Gets the "allow-attribute-name-exceptions" property.Indicates whether the directory server should allow underscores in attribute names and allow attribute names to begin with numeric digits (both of which are violations of the LDAP standards).
Default value:
false
- Returns:
- Returns the value of the "allow-attribute-name-exceptions" property.
-
getAllowedClient
SortedSet<AddressMask> getAllowedClient()
Gets the "allowed-client" property.A set of clients who will be allowed to establish connections to this Global Configuration.
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.
- Returns:
- Returns an unmodifiable set containing the values of the "allowed-client" property.
-
getAllowedTask
SortedSet<String> getAllowedTask()
Gets the "allowed-task" property.Specifies the fully-qualified name of a Java class that may be invoked in the server.
Any attempt to invoke a task not included in the list of allowed tasks is rejected.
- Returns:
- Returns an unmodifiable set containing the values of the "allowed-task" property.
-
isBindWithDnRequiresPassword
boolean isBindWithDnRequiresPassword()
Gets the "bind-with-dn-requires-password" property.Indicates whether the directory server should reject any simple bind request that contains a DN but no password.
Although such bind requests are technically allowed by the LDAPv3 specification (and should be treated as anonymous simple authentication), they may introduce security problems in applications that do not verify that the client actually provided a password.
Default value:
true
- Returns:
- Returns the value of the "bind-with-dn-requires-password" property.
-
isCheckSchema
boolean isCheckSchema()
Gets the "check-schema" property.Indicates whether schema enforcement is active.
When schema enforcement is activated, the directory server ensures that all operations result in entries are valid according to the defined server schema. It is strongly recommended that this option be left enabled to prevent the inadvertent addition of invalid data into the server.
Default value:
true
- Returns:
- Returns the value of the "check-schema" property.
-
getCursorEntryLimit
int getCursorEntryLimit()
Gets the "cursor-entry-limit" property.Specifies the maximum number of entry IDs that the directory server may retrieve by cursoring through an index during a search.
A value of 0 indicates that no cursor entry limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-cursor-entry-limit operational attribute.
Default value:
100000
- Returns:
- Returns the value of the "cursor-entry-limit" property.
-
getDefaultPasswordPolicy
String getDefaultPasswordPolicy()
Gets the "default-password-policy" property.Specifies the name of the password policy that is in effect for users whose entries do not specify an alternate password policy (either via a real or virtual attribute).
In addition, the default password policy will be used for providing default parameters for sub-entry based password policies when not provided or supported by the sub-entry itself. This property must reference a password policy and no other type of authentication policy.
- Returns:
- Returns the value of the "default-password-policy" property.
-
getDefaultPasswordPolicyDn
Dn getDefaultPasswordPolicyDn()
Gets the "default-password-policy" property as a DN.Specifies the name of the password policy that is in effect for users whose entries do not specify an alternate password policy (either via a real or virtual attribute).
In addition, the default password policy will be used for providing default parameters for sub-entry based password policies when not provided or supported by the sub-entry itself. This property must reference a password policy and no other type of authentication policy.
- Returns:
- Returns the DN value of the "default-password-policy" property.
-
getDeniedClient
SortedSet<AddressMask> getDeniedClient()
Gets the "denied-client" property.A set of clients who are not allowed to establish connections to this Global Configuration.
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration.
- Returns:
- Returns an unmodifiable set containing the values of the "denied-client" property.
-
getDisabledPrivilege
SortedSet<GlobalCfgDefn.DisabledPrivilege> getDisabledPrivilege()
Gets the "disabled-privilege" property.Specifies the name of a privilege that should not be evaluated by the server.
If a privilege is disabled, then it is assumed that all clients (including unauthenticated clients) have that privilege.
- Returns:
- Returns an unmodifiable set containing the values of the "disabled-privilege" property.
-
getEtimeResolution
GlobalCfgDefn.EtimeResolution getEtimeResolution()
Gets the "etime-resolution" property.Specifies the resolution to use for operation elapsed processing time (etime) measurements.
Default value:
milliseconds
- Returns:
- Returns the value of the "etime-resolution" property.
-
getGroupId
String getGroupId()
Gets the "group-id" property.Specifies the unique identifier of the group in which the directory server belongs.
Directory servers are typically grouped according to their physical location, such as a rack or data center. Servers will prefer connecting to other servers within the same group.
Default value:
default
- Returns:
- Returns the value of the "group-id" property.
-
getIdleTimeLimit
long getIdleTimeLimit()
Gets the "idle-time-limit" property.Specifies the maximum length of time that a client connection may remain established since its last completed operation.
A value of "0 seconds" indicates that no idle time limit is enforced.
Default value:
0 seconds
- Returns:
- Returns the value of the "idle-time-limit" property.
-
getInvalidAttributeSyntaxBehavior
GlobalCfgDefn.InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior()
Gets the "invalid-attribute-syntax-behavior" property.Specifies how the directory server should handle operations whenever an attribute value violates the associated attribute syntax.
Default value:
reject
- Returns:
- Returns the value of the "invalid-attribute-syntax-behavior" property.
-
isJeBackendSharedCacheEnabled
boolean isJeBackendSharedCacheEnabled()
Gets the "je-backend-shared-cache-enabled" property.Indicates whether all the JE backends should share the same cache.
When enabled, all the JE backends share the same cache. JE backends will make better use of memory: the cache will use around at most 75% of the JVM Old Gen size. Note that when this setting is enabled, it overrides all db-cache-percent and db-cache-size settings. Note also that cache misses in one backend could cause cached data for other backends to be evicted. When disabled, each JE backend will have its own cache sized according to their options db-cache-percent/db-cache-size.
Default value:
true
- Returns:
- Returns the value of the "je-backend-shared-cache-enabled" property.
-
getListenAddress
SortedSet<com.forgerock.opendj.util.Host> getListenAddress()
Gets the "listen-address" property.The network interface(s) on which this Global Configuration should listen for incoming client connections.
Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces.
Default value:
0.0.0.0
- Returns:
- Returns an unmodifiable set containing the values of the "listen-address" property.
-
getLookthroughLimit
int getLookthroughLimit()
Gets the "lookthrough-limit" property.Specifies the maximum number of entries that the directory server should "look through" in the course of processing a search request.
This includes any entry that the server must examine in the course of processing the request, regardless of whether it actually matches the search criteria. A value of 0 indicates that no lookthrough limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-lookthrough-limit operational attribute.
Default value:
5000
- Returns:
- Returns the value of the "lookthrough-limit" property.
-
getMaxAllowedClientConnections
int getMaxAllowedClientConnections()
Gets the "max-allowed-client-connections" property.Specifies the maximum number of client connections that may be established at any given time
A value of 0 indicates that unlimited client connection is allowed.
Default value:
0
- Returns:
- Returns the value of the "max-allowed-client-connections" property.
-
getMaxInternalBufferSize
long getMaxInternalBufferSize()
Gets the "max-internal-buffer-size" property.The threshold capacity beyond which internal cached buffers used for encoding and decoding entries and protocol messages will be trimmed after use.
Individual buffers may grow very large when encoding and decoding large entries and protocol messages and should be reduced in size when they are no longer needed. This setting specifies the threshold at which a buffer is determined to have grown too big and should be trimmed down after use.
Default value:
32 KB
- Returns:
- Returns the value of the "max-internal-buffer-size" property.
-
getMaxPsearches
int getMaxPsearches()
Gets the "max-psearches" property.Defines the maximum number of concurrent persistent searches that can be performed on directory server
The persistent search mechanism provides an active channel through which entries that change, and information about the changes that occur, can be communicated. Because each persistent search operation consumes resources, limiting the number of simultaneous persistent searches keeps the performance impact minimal. A value of -1 indicates that there is no limit on the persistent searches.
Default value:
-1
- Returns:
- Returns the value of the "max-psearches" property.
-
isNotifyAbandonedOperations
boolean isNotifyAbandonedOperations()
Gets the "notify-abandoned-operations" property.Indicates whether the directory server should send a response to any operation that is interrupted via an abandon request.
The LDAP specification states that abandoned operations should not receive any response, but this may cause problems with client applications that always expect to receive a response to each request.
Default value:
false
- Returns:
- Returns the value of the "notify-abandoned-operations" property.
-
getProxiedAuthorizationIdentityMapper
SortedSet<String> getProxiedAuthorizationIdentityMapper()
Gets the "proxied-authorization-identity-mapper" property.Specifies the name of the identity mapper(s) to map authorization ID values (using the "u:" form) provided in the proxied authorization control to the corresponding user entry.
- Returns:
- Returns an unmodifiable set containing the values of the "proxied-authorization-identity-mapper" property.
-
getProxiedAuthorizationIdentityMapperDns
SortedSet<Dn> getProxiedAuthorizationIdentityMapperDns()
Gets the "proxied-authorization-identity-mapper" property as a set of DNs.Specifies the name of the identity mapper(s) to map authorization ID values (using the "u:" form) provided in the proxied authorization control to the corresponding user entry.
- Returns:
- Returns the DN values of the "proxied-authorization-identity-mapper" property.
-
getRestrictedClient
SortedSet<AddressMask> getRestrictedClient()
Gets the "restricted-client" property.A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property.
Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.
- Returns:
- Returns an unmodifiable set containing the values of the "restricted-client" property.
-
getRestrictedClientConnectionLimit
int getRestrictedClientConnectionLimit()
Gets the "restricted-client-connection-limit" property.Specifies the maximum number of connections a restricted client can open at the same time to this Global Configuration.
Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration.
Default value:
100
- Returns:
- Returns the value of the "restricted-client-connection-limit" property.
-
isReturnBindErrorMessages
boolean isReturnBindErrorMessages()
Gets the "return-bind-error-messages" property.Indicates whether responses for failed bind operations should include a message string providing the reason for the authentication failure.
Note that these messages may include information that could potentially be used by an attacker. If this option is disabled, then these messages appears only in the server's access log.
Default value:
false
- Returns:
- Returns the value of the "return-bind-error-messages" property.
-
isSaveConfigOnSuccessfulStartup
boolean isSaveConfigOnSuccessfulStartup()
Gets the "save-config-on-successful-startup" property.Indicates whether the directory server should save a copy of its configuration whenever the startup process completes successfully.
This ensures that the server provides a "last known good" configuration, which can be used as a reference (or copied into the active config) if the server fails to start with the current "active" configuration.
Default value:
true
- Returns:
- Returns the value of the "save-config-on-successful-startup" property.
-
getServerId
String getServerId()
Gets the "server-id" property.Specifies a unique identifier for the directory server which will identify the server within a replication topology.
Each directory server within the same replication topology must have a different server identifier. If no server identifier is specified then one must be provided in each replication server and replication domain configuration.
- Returns:
- Returns the value of the "server-id" property.
-
getSingleStructuralObjectclassBehavior
GlobalCfgDefn.SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior()
Gets the "single-structural-objectclass-behavior" property.Specifies how the directory server should handle operations an entry does not contain a structural object class or contains multiple structural classes.
Default value:
reject
- Returns:
- Returns the value of the "single-structural-objectclass-behavior" property.
-
getSizeLimit
int getSizeLimit()
Gets the "size-limit" property.Specifies the maximum number of entries that can be returned to the client during a single search operation.
A value of 0 indicates that no size limit is enforced. Note that this is the default server-wide limit, but it may be overridden on a per-user basis using the ds-rlim-size-limit operational attribute.
Default value:
1000
- Returns:
- Returns the value of the "size-limit" property.
-
getSubordinateBaseDn
SortedSet<Dn> getSubordinateBaseDn()
Gets the "subordinate-base-dn" property.Specifies the set of base DNs used for singleLevel, wholeSubtree, and subordinateSubtree searches based at the root DSE.
- Returns:
- Returns an unmodifiable set containing the values of the "subordinate-base-dn" property.
-
getTimeLimit
long getTimeLimit()
Gets the "time-limit" property.Specifies the maximum length of time that should be spent processing a single search operation.
A value of 0 seconds indicates that no time limit is enforced. Note that this is the default server-wide time limit, but it may be overridden on a per-user basis using the ds-rlim-time-limit operational attribute.
Default value:
60 seconds
- Returns:
- Returns the value of the "time-limit" property.
-
isTrustTransactionIds
boolean isTrustTransactionIds()
Gets the "trust-transaction-ids" property.Indicates whether the directory server should trust the transaction ids that may be received from requests, either through a LDAP control or through a HTTP header.
When enabled, the transaction IDs are created when the requests do not include one, then are logged; in addition, the server will add a sub-transaction ID control to all forwarded requests. When disabled, the incoming transaction IDs are discarded and new ones are created.
Default value:
false
- Returns:
- Returns the value of the "trust-transaction-ids" property.
-
getUnauthenticatedRequestsPolicy
GlobalCfgDefn.UnauthenticatedRequestsPolicy getUnauthenticatedRequestsPolicy()
Gets the "unauthenticated-requests-policy" property.Controls how the directory server should handle requests received from a client that has not yet been authenticated, whose last authentication attempt was unsuccessful, or whose last authentication attempt used anonymous authentication.
Default value:
allow
- Returns:
- Returns the value of the "unauthenticated-requests-policy" property.
-
getWritabilityMode
GlobalCfgDefn.WritabilityMode getWritabilityMode()
Gets the "writability-mode" property.Specifies the kinds of write operations the directory server can process.
Default value:
enabled
- Returns:
- Returns the value of the "writability-mode" property.
-
-