001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.server; 017 018 019 020import org.forgerock.opendj.config.server.ConfigurationChangeListener; 021import org.forgerock.opendj.ldap.DN; 022import org.forgerock.opendj.server.config.meta.GSSAPISASLMechanismHandlerCfgDefn.QualityOfProtection; 023 024 025 026/** 027 * A server-side interface for querying GSSAPI SASL Mechanism Handler 028 * settings. 029 * <p> 030 * The GSSAPI SASL mechanism performs all processing related to SASL 031 * GSSAPI authentication using Kerberos V5. 032 */ 033public interface GSSAPISASLMechanismHandlerCfg extends SASLMechanismHandlerCfg { 034 035 /** 036 * Gets the configuration class associated with this GSSAPI SASL Mechanism Handler. 037 * 038 * @return Returns the configuration class associated with this GSSAPI SASL Mechanism Handler. 039 */ 040 Class<? extends GSSAPISASLMechanismHandlerCfg> configurationClass(); 041 042 043 044 /** 045 * Register to be notified when this GSSAPI SASL Mechanism Handler is changed. 046 * 047 * @param listener 048 * The GSSAPI SASL Mechanism Handler configuration change listener. 049 */ 050 void addGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener); 051 052 053 054 /** 055 * Deregister an existing GSSAPI SASL Mechanism Handler configuration change listener. 056 * 057 * @param listener 058 * The GSSAPI SASL Mechanism Handler configuration change listener. 059 */ 060 void removeGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener); 061 062 063 064 /** 065 * Gets the "identity-mapper" property. 066 * <p> 067 * Specifies the name of the identity mapper that is to be used with 068 * this SASL mechanism handler to match the Kerberos principal 069 * included in the SASL bind request to the corresponding user in the 070 * directory. 071 * 072 * @return Returns the value of the "identity-mapper" property. 073 */ 074 String getIdentityMapper(); 075 076 077 078 /** 079 * Gets the "identity-mapper" property as a DN. 080 * <p> 081 * Specifies the name of the identity mapper that is to be used with 082 * this SASL mechanism handler to match the Kerberos principal 083 * included in the SASL bind request to the corresponding user in the 084 * directory. 085 * 086 * @return Returns the DN value of the "identity-mapper" property. 087 */ 088 DN getIdentityMapperDN(); 089 090 091 092 /** 093 * Gets the "java-class" property. 094 * <p> 095 * Specifies the fully-qualified name of the Java class that 096 * provides the SASL mechanism handler implementation. 097 * 098 * @return Returns the value of the "java-class" property. 099 */ 100 String getJavaClass(); 101 102 103 104 /** 105 * Gets the "kdc-address" property. 106 * <p> 107 * Specifies the address of the KDC that is to be used for Kerberos 108 * processing. 109 * <p> 110 * If provided, this property must be a fully-qualified 111 * DNS-resolvable name. If this property is not provided, then the 112 * server attempts to determine it from the system-wide Kerberos 113 * configuration. 114 * 115 * @return Returns the value of the "kdc-address" property. 116 */ 117 String getKdcAddress(); 118 119 120 121 /** 122 * Gets the "keytab" property. 123 * <p> 124 * Specifies the path to the keytab file that should be used for 125 * Kerberos processing. 126 * <p> 127 * If provided, this is either an absolute path or one that is 128 * relative to the server instance root. 129 * 130 * @return Returns the value of the "keytab" property. 131 */ 132 String getKeytab(); 133 134 135 136 /** 137 * Gets the "principal-name" property. 138 * <p> 139 * Specifies the principal name. 140 * <p> 141 * It can either be a simple user name or a service name such as 142 * host/example.com. If this property is not provided, then the 143 * server attempts to build the principal name by appending the fully 144 * qualified domain name to the string "ldap/". 145 * 146 * @return Returns the value of the "principal-name" property. 147 */ 148 String getPrincipalName(); 149 150 151 152 /** 153 * Gets the "quality-of-protection" property. 154 * <p> 155 * The name of a property that specifies the quality of protection 156 * the server will support. 157 * 158 * @return Returns the value of the "quality-of-protection" property. 159 */ 160 QualityOfProtection getQualityOfProtection(); 161 162 163 164 /** 165 * Gets the "realm" property. 166 * <p> 167 * Specifies the realm to be used for GSSAPI authentication. 168 * 169 * @return Returns the value of the "realm" property. 170 */ 171 String getRealm(); 172 173 174 175 /** 176 * Gets the "server-fqdn" property. 177 * <p> 178 * Specifies the DNS-resolvable fully-qualified domain name for the 179 * system. 180 * 181 * @return Returns the value of the "server-fqdn" property. 182 */ 183 String getServerFqdn(); 184 185}