001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.server; 017 018 019 020import java.util.SortedSet; 021import org.forgerock.opendj.config.Configuration; 022import org.forgerock.opendj.config.server.ConfigurationChangeListener; 023import org.forgerock.opendj.ldap.DN; 024import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.DisabledPrivilege; 025import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.EtimeResolution; 026import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior; 027import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior; 028import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.WritabilityMode; 029 030 031 032/** 033 * A server-side interface for querying Global Configuration settings. 034 * <p> 035 * The Global Configuration contains properties that affect the 036 * overall operation of the OpenDJ. 037 */ 038public interface GlobalCfg extends Configuration { 039 040 /** 041 * Gets the configuration class associated with this Global Configuration. 042 * 043 * @return Returns the configuration class associated with this Global Configuration. 044 */ 045 Class<? extends GlobalCfg> configurationClass(); 046 047 048 049 /** 050 * Register to be notified when this Global Configuration is changed. 051 * 052 * @param listener 053 * The Global Configuration configuration change listener. 054 */ 055 void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 056 057 058 059 /** 060 * Deregister an existing Global Configuration configuration change listener. 061 * 062 * @param listener 063 * The Global Configuration configuration change listener. 064 */ 065 void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 066 067 068 069 /** 070 * Gets the "add-missing-rdn-attributes" property. 071 * <p> 072 * Indicates whether the directory server should automatically add 073 * any attribute values contained in the entry's RDN into that entry 074 * when processing an add request. 075 * 076 * @return Returns the value of the "add-missing-rdn-attributes" property. 077 */ 078 boolean isAddMissingRDNAttributes(); 079 080 081 082 /** 083 * Gets the "allow-attribute-name-exceptions" property. 084 * <p> 085 * Indicates whether the directory server should allow underscores 086 * in attribute names and allow attribute names to begin with numeric 087 * digits (both of which are violations of the LDAP standards). 088 * 089 * @return Returns the value of the "allow-attribute-name-exceptions" property. 090 */ 091 boolean isAllowAttributeNameExceptions(); 092 093 094 095 /** 096 * Gets the "allowed-task" property. 097 * <p> 098 * Specifies the fully-qualified name of a Java class that may be 099 * invoked in the server. 100 * <p> 101 * Any attempt to invoke a task not included in the list of allowed 102 * tasks is rejected. 103 * 104 * @return Returns an unmodifiable set containing the values of the "allowed-task" property. 105 */ 106 SortedSet<String> getAllowedTask(); 107 108 109 110 /** 111 * Gets the "bind-with-dn-requires-password" property. 112 * <p> 113 * Indicates whether the directory server should reject any simple 114 * bind request that contains a DN but no password. 115 * <p> 116 * Although such bind requests are technically allowed by the LDAPv3 117 * specification (and should be treated as anonymous simple 118 * authentication), they may introduce security problems in 119 * applications that do not verify that the client actually provided 120 * a password. 121 * 122 * @return Returns the value of the "bind-with-dn-requires-password" property. 123 */ 124 boolean isBindWithDNRequiresPassword(); 125 126 127 128 /** 129 * Gets the "check-schema" property. 130 * <p> 131 * Indicates whether schema enforcement is active. 132 * <p> 133 * When schema enforcement is activated, the directory server 134 * ensures that all operations result in entries are valid according 135 * to the defined server schema. It is strongly recommended that this 136 * option be left enabled to prevent the inadvertent addition of 137 * invalid data into the server. 138 * 139 * @return Returns the value of the "check-schema" property. 140 */ 141 boolean isCheckSchema(); 142 143 144 145 /** 146 * Gets the "default-password-policy" property. 147 * <p> 148 * Specifies the name of the password policy that is in effect for 149 * users whose entries do not specify an alternate password policy 150 * (either via a real or virtual attribute). 151 * <p> 152 * In addition, the default password policy will be used for 153 * providing default parameters for sub-entry based password policies 154 * when not provided or supported by the sub-entry itself. This 155 * property must reference a password policy and no other type of 156 * authentication policy. 157 * 158 * @return Returns the value of the "default-password-policy" property. 159 */ 160 String getDefaultPasswordPolicy(); 161 162 163 164 /** 165 * Gets the "default-password-policy" property as a DN. 166 * <p> 167 * Specifies the name of the password policy that is in effect for 168 * users whose entries do not specify an alternate password policy 169 * (either via a real or virtual attribute). 170 * <p> 171 * In addition, the default password policy will be used for 172 * providing default parameters for sub-entry based password policies 173 * when not provided or supported by the sub-entry itself. This 174 * property must reference a password policy and no other type of 175 * authentication policy. 176 * 177 * @return Returns the DN value of the "default-password-policy" 178 * property. 179 */ 180 DN getDefaultPasswordPolicyDN(); 181 182 183 184 /** 185 * Gets the "disabled-privilege" property. 186 * <p> 187 * Specifies the name of a privilege that should not be evaluated by 188 * the server. 189 * <p> 190 * If a privilege is disabled, then it is assumed that all clients 191 * (including unauthenticated clients) have that privilege. 192 * 193 * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property. 194 */ 195 SortedSet<DisabledPrivilege> getDisabledPrivilege(); 196 197 198 199 /** 200 * Gets the "etime-resolution" property. 201 * <p> 202 * Specifies the resolution to use for operation elapsed processing 203 * time (etime) measurements. 204 * 205 * @return Returns the value of the "etime-resolution" property. 206 */ 207 EtimeResolution getEtimeResolution(); 208 209 210 211 /** 212 * Gets the "idle-time-limit" property. 213 * <p> 214 * Specifies the maximum length of time that a client connection may 215 * remain established since its last completed operation. 216 * <p> 217 * A value of "0 seconds" indicates that no idle time limit is 218 * enforced. 219 * 220 * @return Returns the value of the "idle-time-limit" property. 221 */ 222 long getIdleTimeLimit(); 223 224 225 226 /** 227 * Gets the "invalid-attribute-syntax-behavior" property. 228 * <p> 229 * Specifies how the directory server should handle operations 230 * whenever an attribute value violates the associated attribute 231 * syntax. 232 * 233 * @return Returns the value of the "invalid-attribute-syntax-behavior" property. 234 */ 235 InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior(); 236 237 238 239 /** 240 * Gets the "lookthrough-limit" property. 241 * <p> 242 * Specifies the maximum number of entries that the directory server 243 * should "look through" in the course of processing a search 244 * request. 245 * <p> 246 * This includes any entry that the server must examine in the 247 * course of processing the request, regardless of whether it 248 * actually matches the search criteria. A value of 0 indicates that 249 * no lookthrough limit is enforced. Note that this is the default 250 * server-wide limit, but it may be overridden on a per-user basis 251 * using the ds-rlim-lookthrough-limit operational attribute. 252 * 253 * @return Returns the value of the "lookthrough-limit" property. 254 */ 255 int getLookthroughLimit(); 256 257 258 259 /** 260 * Gets the "max-allowed-client-connections" property. 261 * <p> 262 * Specifies the maximum number of client connections that may be 263 * established at any given time 264 * <p> 265 * A value of 0 indicates that unlimited client connection is 266 * allowed. 267 * 268 * @return Returns the value of the "max-allowed-client-connections" property. 269 */ 270 int getMaxAllowedClientConnections(); 271 272 273 274 /** 275 * Gets the "max-internal-buffer-size" property. 276 * <p> 277 * The threshold capacity beyond which internal cached buffers used 278 * for encoding and decoding entries and protocol messages will be 279 * trimmed after use. 280 * <p> 281 * Individual buffers may grow very large when encoding and decoding 282 * large entries and protocol messages and should be reduced in size 283 * when they are no longer needed. This setting specifies the 284 * threshold at which a buffer is determined to have grown too big 285 * and should be trimmed down after use. 286 * 287 * @return Returns the value of the "max-internal-buffer-size" property. 288 */ 289 long getMaxInternalBufferSize(); 290 291 292 293 /** 294 * Gets the "max-psearches" property. 295 * <p> 296 * Defines the maximum number of concurrent persistent searches that 297 * can be performed on directory server 298 * <p> 299 * The persistent search mechanism provides an active channel 300 * through which entries that change, and information about the 301 * changes that occur, can be communicated. Because each persistent 302 * search operation consumes resources, limiting the number of 303 * simultaneous persistent searches keeps the performance impact 304 * minimal. A value of -1 indicates that there is no limit on the 305 * persistent searches. 306 * 307 * @return Returns the value of the "max-psearches" property. 308 */ 309 int getMaxPsearches(); 310 311 312 313 /** 314 * Gets the "notify-abandoned-operations" property. 315 * <p> 316 * Indicates whether the directory server should send a response to 317 * any operation that is interrupted via an abandon request. 318 * <p> 319 * The LDAP specification states that abandoned operations should 320 * not receive any response, but this may cause problems with client 321 * applications that always expect to receive a response to each 322 * request. 323 * 324 * @return Returns the value of the "notify-abandoned-operations" property. 325 */ 326 boolean isNotifyAbandonedOperations(); 327 328 329 330 /** 331 * Gets the "proxied-authorization-identity-mapper" property. 332 * <p> 333 * Specifies the name of the identity mapper to map authorization ID 334 * values (using the "u:" form) provided in the proxied authorization 335 * control to the corresponding user entry. 336 * 337 * @return Returns the value of the "proxied-authorization-identity-mapper" property. 338 */ 339 String getProxiedAuthorizationIdentityMapper(); 340 341 342 343 /** 344 * Gets the "proxied-authorization-identity-mapper" property as a 345 * DN. 346 * <p> 347 * Specifies the name of the identity mapper to map authorization ID 348 * values (using the "u:" form) provided in the proxied authorization 349 * control to the corresponding user entry. 350 * 351 * @return Returns the DN value of the 352 * "proxied-authorization-identity-mapper" property. 353 */ 354 DN getProxiedAuthorizationIdentityMapperDN(); 355 356 357 358 /** 359 * Gets the "reject-unauthenticated-requests" property. 360 * <p> 361 * Indicates whether the directory server should reject any request 362 * (other than bind or StartTLS requests) received from a client that 363 * has not yet been authenticated, whose last authentication attempt 364 * was unsuccessful, or whose last authentication attempt used 365 * anonymous authentication. 366 * 367 * @return Returns the value of the "reject-unauthenticated-requests" property. 368 */ 369 boolean isRejectUnauthenticatedRequests(); 370 371 372 373 /** 374 * Gets the "return-bind-error-messages" property. 375 * <p> 376 * Indicates whether responses for failed bind operations should 377 * include a message string providing the reason for the 378 * authentication failure. 379 * <p> 380 * Note that these messages may include information that could 381 * potentially be used by an attacker. If this option is disabled, 382 * then these messages appears only in the server's access log. 383 * 384 * @return Returns the value of the "return-bind-error-messages" property. 385 */ 386 boolean isReturnBindErrorMessages(); 387 388 389 390 /** 391 * Gets the "save-config-on-successful-startup" property. 392 * <p> 393 * Indicates whether the directory server should save a copy of its 394 * configuration whenever the startup process completes successfully. 395 * <p> 396 * This ensures that the server provides a "last known good" 397 * configuration, which can be used as a reference (or copied into 398 * the active config) if the server fails to start with the current 399 * "active" configuration. 400 * 401 * @return Returns the value of the "save-config-on-successful-startup" property. 402 */ 403 boolean isSaveConfigOnSuccessfulStartup(); 404 405 406 407 /** 408 * Gets the "server-error-result-code" property. 409 * <p> 410 * Specifies the numeric value of the result code when request 411 * processing fails due to an internal server error. 412 * 413 * @return Returns the value of the "server-error-result-code" property. 414 */ 415 int getServerErrorResultCode(); 416 417 418 419 /** 420 * Gets the "single-structural-objectclass-behavior" property. 421 * <p> 422 * Specifies how the directory server should handle operations an 423 * entry does not contain a structural object class or contains 424 * multiple structural classes. 425 * 426 * @return Returns the value of the "single-structural-objectclass-behavior" property. 427 */ 428 SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior(); 429 430 431 432 /** 433 * Gets the "size-limit" property. 434 * <p> 435 * Specifies the maximum number of entries that can be returned to 436 * the client during a single search operation. 437 * <p> 438 * A value of 0 indicates that no size limit is enforced. Note that 439 * this is the default server-wide limit, but it may be overridden on 440 * a per-user basis using the ds-rlim-size-limit operational 441 * attribute. 442 * 443 * @return Returns the value of the "size-limit" property. 444 */ 445 int getSizeLimit(); 446 447 448 449 /** 450 * Gets the "smtp-server" property. 451 * <p> 452 * Specifies the address (and optional port number) for a mail 453 * server that can be used to send email messages via SMTP. 454 * <p> 455 * It may be an IP address or resolvable hostname, optionally 456 * followed by a colon and a port number. 457 * 458 * @return Returns an unmodifiable set containing the values of the "smtp-server" property. 459 */ 460 SortedSet<String> getSMTPServer(); 461 462 463 464 /** 465 * Gets the "time-limit" property. 466 * <p> 467 * Specifies the maximum length of time that should be spent 468 * processing a single search operation. 469 * <p> 470 * A value of 0 seconds indicates that no time limit is enforced. 471 * Note that this is the default server-wide time limit, but it may 472 * be overridden on a per-user basis using the ds-rlim-time-limit 473 * operational attribute. 474 * 475 * @return Returns the value of the "time-limit" property. 476 */ 477 long getTimeLimit(); 478 479 480 481 /** 482 * Gets the "trust-transaction-ids" property. 483 * <p> 484 * Indicates whether the directory server should trust the 485 * transaction ids that may be received from requests, either through 486 * a LDAP control or through a HTTP header. 487 * 488 * @return Returns the value of the "trust-transaction-ids" property. 489 */ 490 boolean isTrustTransactionIds(); 491 492 493 494 /** 495 * Gets the "writability-mode" property. 496 * <p> 497 * Specifies the kinds of write operations the directory server can 498 * process. 499 * 500 * @return Returns the value of the "writability-mode" property. 501 */ 502 WritabilityMode getWritabilityMode(); 503 504}