001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.server;
017
018
019
020import java.util.SortedSet;
021import org.forgerock.opendj.config.Configuration;
022import org.forgerock.opendj.config.server.ConfigurationChangeListener;
023import org.forgerock.opendj.ldap.DN;
024import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.DisabledPrivilege;
025import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.EtimeResolution;
026import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior;
027import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior;
028import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.WritabilityMode;
029
030
031
032/**
033 * A server-side interface for querying Global Configuration settings.
034 * <p>
035 * The Global Configuration contains properties that affect the
036 * overall operation of the OpenDJ.
037 */
038public interface GlobalCfg extends Configuration {
039
040  /**
041   * Gets the configuration class associated with this Global Configuration.
042   *
043   * @return Returns the configuration class associated with this Global Configuration.
044   */
045  Class<? extends GlobalCfg> configurationClass();
046
047
048
049  /**
050   * Register to be notified when this Global Configuration is changed.
051   *
052   * @param listener
053   *          The Global Configuration configuration change listener.
054   */
055  void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
056
057
058
059  /**
060   * Deregister an existing Global Configuration configuration change listener.
061   *
062   * @param listener
063   *          The Global Configuration configuration change listener.
064   */
065  void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
066
067
068
069  /**
070   * Gets the "add-missing-rdn-attributes" property.
071   * <p>
072   * Indicates whether the directory server should automatically add
073   * any attribute values contained in the entry's RDN into that entry
074   * when processing an add request.
075   *
076   * @return Returns the value of the "add-missing-rdn-attributes" property.
077   */
078  boolean isAddMissingRDNAttributes();
079
080
081
082  /**
083   * Gets the "allow-attribute-name-exceptions" property.
084   * <p>
085   * Indicates whether the directory server should allow underscores
086   * in attribute names and allow attribute names to begin with numeric
087   * digits (both of which are violations of the LDAP standards).
088   *
089   * @return Returns the value of the "allow-attribute-name-exceptions" property.
090   */
091  boolean isAllowAttributeNameExceptions();
092
093
094
095  /**
096   * Gets the "allowed-task" property.
097   * <p>
098   * Specifies the fully-qualified name of a Java class that may be
099   * invoked in the server.
100   * <p>
101   * Any attempt to invoke a task not included in the list of allowed
102   * tasks is rejected.
103   *
104   * @return Returns an unmodifiable set containing the values of the "allowed-task" property.
105   */
106  SortedSet<String> getAllowedTask();
107
108
109
110  /**
111   * Gets the "bind-with-dn-requires-password" property.
112   * <p>
113   * Indicates whether the directory server should reject any simple
114   * bind request that contains a DN but no password.
115   * <p>
116   * Although such bind requests are technically allowed by the LDAPv3
117   * specification (and should be treated as anonymous simple
118   * authentication), they may introduce security problems in
119   * applications that do not verify that the client actually provided
120   * a password.
121   *
122   * @return Returns the value of the "bind-with-dn-requires-password" property.
123   */
124  boolean isBindWithDNRequiresPassword();
125
126
127
128  /**
129   * Gets the "check-schema" property.
130   * <p>
131   * Indicates whether schema enforcement is active.
132   * <p>
133   * When schema enforcement is activated, the directory server
134   * ensures that all operations result in entries are valid according
135   * to the defined server schema. It is strongly recommended that this
136   * option be left enabled to prevent the inadvertent addition of
137   * invalid data into the server.
138   *
139   * @return Returns the value of the "check-schema" property.
140   */
141  boolean isCheckSchema();
142
143
144
145  /**
146   * Gets the "default-password-policy" property.
147   * <p>
148   * Specifies the name of the password policy that is in effect for
149   * users whose entries do not specify an alternate password policy
150   * (either via a real or virtual attribute).
151   * <p>
152   * In addition, the default password policy will be used for
153   * providing default parameters for sub-entry based password policies
154   * when not provided or supported by the sub-entry itself. This
155   * property must reference a password policy and no other type of
156   * authentication policy.
157   *
158   * @return Returns the value of the "default-password-policy" property.
159   */
160  String getDefaultPasswordPolicy();
161
162
163
164  /**
165   * Gets the "default-password-policy" property as a DN.
166   * <p>
167   * Specifies the name of the password policy that is in effect for
168   * users whose entries do not specify an alternate password policy
169   * (either via a real or virtual attribute).
170   * <p>
171   * In addition, the default password policy will be used for
172   * providing default parameters for sub-entry based password policies
173   * when not provided or supported by the sub-entry itself. This
174   * property must reference a password policy and no other type of
175   * authentication policy.
176   *
177   * @return Returns the DN value of the "default-password-policy"
178   *         property.
179   */
180  DN getDefaultPasswordPolicyDN();
181
182
183
184  /**
185   * Gets the "disabled-privilege" property.
186   * <p>
187   * Specifies the name of a privilege that should not be evaluated by
188   * the server.
189   * <p>
190   * If a privilege is disabled, then it is assumed that all clients
191   * (including unauthenticated clients) have that privilege.
192   *
193   * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property.
194   */
195  SortedSet<DisabledPrivilege> getDisabledPrivilege();
196
197
198
199  /**
200   * Gets the "etime-resolution" property.
201   * <p>
202   * Specifies the resolution to use for operation elapsed processing
203   * time (etime) measurements.
204   *
205   * @return Returns the value of the "etime-resolution" property.
206   */
207  EtimeResolution getEtimeResolution();
208
209
210
211  /**
212   * Gets the "idle-time-limit" property.
213   * <p>
214   * Specifies the maximum length of time that a client connection may
215   * remain established since its last completed operation.
216   * <p>
217   * A value of "0 seconds" indicates that no idle time limit is
218   * enforced.
219   *
220   * @return Returns the value of the "idle-time-limit" property.
221   */
222  long getIdleTimeLimit();
223
224
225
226  /**
227   * Gets the "invalid-attribute-syntax-behavior" property.
228   * <p>
229   * Specifies how the directory server should handle operations
230   * whenever an attribute value violates the associated attribute
231   * syntax.
232   *
233   * @return Returns the value of the "invalid-attribute-syntax-behavior" property.
234   */
235  InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior();
236
237
238
239  /**
240   * Gets the "lookthrough-limit" property.
241   * <p>
242   * Specifies the maximum number of entries that the directory server
243   * should "look through" in the course of processing a search
244   * request.
245   * <p>
246   * This includes any entry that the server must examine in the
247   * course of processing the request, regardless of whether it
248   * actually matches the search criteria. A value of 0 indicates that
249   * no lookthrough limit is enforced. Note that this is the default
250   * server-wide limit, but it may be overridden on a per-user basis
251   * using the ds-rlim-lookthrough-limit operational attribute.
252   *
253   * @return Returns the value of the "lookthrough-limit" property.
254   */
255  int getLookthroughLimit();
256
257
258
259  /**
260   * Gets the "max-allowed-client-connections" property.
261   * <p>
262   * Specifies the maximum number of client connections that may be
263   * established at any given time
264   * <p>
265   * A value of 0 indicates that unlimited client connection is
266   * allowed.
267   *
268   * @return Returns the value of the "max-allowed-client-connections" property.
269   */
270  int getMaxAllowedClientConnections();
271
272
273
274  /**
275   * Gets the "max-internal-buffer-size" property.
276   * <p>
277   * The threshold capacity beyond which internal cached buffers used
278   * for encoding and decoding entries and protocol messages will be
279   * trimmed after use.
280   * <p>
281   * Individual buffers may grow very large when encoding and decoding
282   * large entries and protocol messages and should be reduced in size
283   * when they are no longer needed. This setting specifies the
284   * threshold at which a buffer is determined to have grown too big
285   * and should be trimmed down after use.
286   *
287   * @return Returns the value of the "max-internal-buffer-size" property.
288   */
289  long getMaxInternalBufferSize();
290
291
292
293  /**
294   * Gets the "max-psearches" property.
295   * <p>
296   * Defines the maximum number of concurrent persistent searches that
297   * can be performed on directory server
298   * <p>
299   * The persistent search mechanism provides an active channel
300   * through which entries that change, and information about the
301   * changes that occur, can be communicated. Because each persistent
302   * search operation consumes resources, limiting the number of
303   * simultaneous persistent searches keeps the performance impact
304   * minimal. A value of -1 indicates that there is no limit on the
305   * persistent searches.
306   *
307   * @return Returns the value of the "max-psearches" property.
308   */
309  int getMaxPsearches();
310
311
312
313  /**
314   * Gets the "notify-abandoned-operations" property.
315   * <p>
316   * Indicates whether the directory server should send a response to
317   * any operation that is interrupted via an abandon request.
318   * <p>
319   * The LDAP specification states that abandoned operations should
320   * not receive any response, but this may cause problems with client
321   * applications that always expect to receive a response to each
322   * request.
323   *
324   * @return Returns the value of the "notify-abandoned-operations" property.
325   */
326  boolean isNotifyAbandonedOperations();
327
328
329
330  /**
331   * Gets the "proxied-authorization-identity-mapper" property.
332   * <p>
333   * Specifies the name of the identity mapper to map authorization ID
334   * values (using the "u:" form) provided in the proxied authorization
335   * control to the corresponding user entry.
336   *
337   * @return Returns the value of the "proxied-authorization-identity-mapper" property.
338   */
339  String getProxiedAuthorizationIdentityMapper();
340
341
342
343  /**
344   * Gets the "proxied-authorization-identity-mapper" property as a
345   * DN.
346   * <p>
347   * Specifies the name of the identity mapper to map authorization ID
348   * values (using the "u:" form) provided in the proxied authorization
349   * control to the corresponding user entry.
350   *
351   * @return Returns the DN value of the
352   *         "proxied-authorization-identity-mapper" property.
353   */
354  DN getProxiedAuthorizationIdentityMapperDN();
355
356
357
358  /**
359   * Gets the "reject-unauthenticated-requests" property.
360   * <p>
361   * Indicates whether the directory server should reject any request
362   * (other than bind or StartTLS requests) received from a client that
363   * has not yet been authenticated, whose last authentication attempt
364   * was unsuccessful, or whose last authentication attempt used
365   * anonymous authentication.
366   *
367   * @return Returns the value of the "reject-unauthenticated-requests" property.
368   */
369  boolean isRejectUnauthenticatedRequests();
370
371
372
373  /**
374   * Gets the "return-bind-error-messages" property.
375   * <p>
376   * Indicates whether responses for failed bind operations should
377   * include a message string providing the reason for the
378   * authentication failure.
379   * <p>
380   * Note that these messages may include information that could
381   * potentially be used by an attacker. If this option is disabled,
382   * then these messages appears only in the server's access log.
383   *
384   * @return Returns the value of the "return-bind-error-messages" property.
385   */
386  boolean isReturnBindErrorMessages();
387
388
389
390  /**
391   * Gets the "save-config-on-successful-startup" property.
392   * <p>
393   * Indicates whether the directory server should save a copy of its
394   * configuration whenever the startup process completes successfully.
395   * <p>
396   * This ensures that the server provides a "last known good"
397   * configuration, which can be used as a reference (or copied into
398   * the active config) if the server fails to start with the current
399   * "active" configuration.
400   *
401   * @return Returns the value of the "save-config-on-successful-startup" property.
402   */
403  boolean isSaveConfigOnSuccessfulStartup();
404
405
406
407  /**
408   * Gets the "server-error-result-code" property.
409   * <p>
410   * Specifies the numeric value of the result code when request
411   * processing fails due to an internal server error.
412   *
413   * @return Returns the value of the "server-error-result-code" property.
414   */
415  int getServerErrorResultCode();
416
417
418
419  /**
420   * Gets the "single-structural-objectclass-behavior" property.
421   * <p>
422   * Specifies how the directory server should handle operations an
423   * entry does not contain a structural object class or contains
424   * multiple structural classes.
425   *
426   * @return Returns the value of the "single-structural-objectclass-behavior" property.
427   */
428  SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior();
429
430
431
432  /**
433   * Gets the "size-limit" property.
434   * <p>
435   * Specifies the maximum number of entries that can be returned to
436   * the client during a single search operation.
437   * <p>
438   * A value of 0 indicates that no size limit is enforced. Note that
439   * this is the default server-wide limit, but it may be overridden on
440   * a per-user basis using the ds-rlim-size-limit operational
441   * attribute.
442   *
443   * @return Returns the value of the "size-limit" property.
444   */
445  int getSizeLimit();
446
447
448
449  /**
450   * Gets the "smtp-server" property.
451   * <p>
452   * Specifies the address (and optional port number) for a mail
453   * server that can be used to send email messages via SMTP.
454   * <p>
455   * It may be an IP address or resolvable hostname, optionally
456   * followed by a colon and a port number.
457   *
458   * @return Returns an unmodifiable set containing the values of the "smtp-server" property.
459   */
460  SortedSet<String> getSMTPServer();
461
462
463
464  /**
465   * Gets the "time-limit" property.
466   * <p>
467   * Specifies the maximum length of time that should be spent
468   * processing a single search operation.
469   * <p>
470   * A value of 0 seconds indicates that no time limit is enforced.
471   * Note that this is the default server-wide time limit, but it may
472   * be overridden on a per-user basis using the ds-rlim-time-limit
473   * operational attribute.
474   *
475   * @return Returns the value of the "time-limit" property.
476   */
477  long getTimeLimit();
478
479
480
481  /**
482   * Gets the "trust-transaction-ids" property.
483   * <p>
484   * Indicates whether the directory server should trust the
485   * transaction ids that may be received from requests, either through
486   * a LDAP control or through a HTTP header.
487   *
488   * @return Returns the value of the "trust-transaction-ids" property.
489   */
490  boolean isTrustTransactionIds();
491
492
493
494  /**
495   * Gets the "writability-mode" property.
496   * <p>
497   * Specifies the kinds of write operations the directory server can
498   * process.
499   *
500   * @return Returns the value of the "writability-mode" property.
501   */
502  WritabilityMode getWritabilityMode();
503
504}