001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 */
016package org.forgerock.opendj.server.config.server;
017
018
019
020import org.forgerock.opendj.config.server.ConfigurationChangeListener;
021import org.forgerock.opendj.ldap.DN;
022import org.forgerock.opendj.server.config.meta.GSSAPISASLMechanismHandlerCfgDefn.QualityOfProtection;
023
024
025
026/**
027 * A server-side interface for querying GSSAPI SASL Mechanism Handler
028 * settings.
029 * <p>
030 * The GSSAPI SASL mechanism performs all processing related to SASL
031 * GSSAPI authentication using Kerberos V5.
032 */
033public interface GSSAPISASLMechanismHandlerCfg extends SASLMechanismHandlerCfg {
034
035  /**
036   * Gets the configuration class associated with this GSSAPI SASL Mechanism Handler.
037   *
038   * @return Returns the configuration class associated with this GSSAPI SASL Mechanism Handler.
039   */
040  Class<? extends GSSAPISASLMechanismHandlerCfg> configurationClass();
041
042
043
044  /**
045   * Register to be notified when this GSSAPI SASL Mechanism Handler is changed.
046   *
047   * @param listener
048   *          The GSSAPI SASL Mechanism Handler configuration change listener.
049   */
050  void addGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener);
051
052
053
054  /**
055   * Deregister an existing GSSAPI SASL Mechanism Handler configuration change listener.
056   *
057   * @param listener
058   *          The GSSAPI SASL Mechanism Handler configuration change listener.
059   */
060  void removeGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener);
061
062
063
064  /**
065   * Gets the "identity-mapper" property.
066   * <p>
067   * Specifies the name of the identity mapper that is to be used with
068   * this SASL mechanism handler to match the Kerberos principal
069   * included in the SASL bind request to the corresponding user in the
070   * directory.
071   *
072   * @return Returns the value of the "identity-mapper" property.
073   */
074  String getIdentityMapper();
075
076
077
078  /**
079   * Gets the "identity-mapper" property as a DN.
080   * <p>
081   * Specifies the name of the identity mapper that is to be used with
082   * this SASL mechanism handler to match the Kerberos principal
083   * included in the SASL bind request to the corresponding user in the
084   * directory.
085   *
086   * @return Returns the DN value of the "identity-mapper" property.
087   */
088  DN getIdentityMapperDN();
089
090
091
092  /**
093   * Gets the "java-class" property.
094   * <p>
095   * Specifies the fully-qualified name of the Java class that
096   * provides the SASL mechanism handler implementation.
097   *
098   * @return Returns the value of the "java-class" property.
099   */
100  String getJavaClass();
101
102
103
104  /**
105   * Gets the "kdc-address" property.
106   * <p>
107   * Specifies the address of the KDC that is to be used for Kerberos
108   * processing.
109   * <p>
110   * If provided, this property must be a fully-qualified
111   * DNS-resolvable name. If this property is not provided, then the
112   * server attempts to determine it from the system-wide Kerberos
113   * configuration.
114   *
115   * @return Returns the value of the "kdc-address" property.
116   */
117  String getKdcAddress();
118
119
120
121  /**
122   * Gets the "keytab" property.
123   * <p>
124   * Specifies the path to the keytab file that should be used for
125   * Kerberos processing.
126   * <p>
127   * If provided, this is either an absolute path or one that is
128   * relative to the server instance root.
129   *
130   * @return Returns the value of the "keytab" property.
131   */
132  String getKeytab();
133
134
135
136  /**
137   * Gets the "principal-name" property.
138   * <p>
139   * Specifies the principal name.
140   * <p>
141   * It can either be a simple user name or a service name such as
142   * host/example.com. If this property is not provided, then the
143   * server attempts to build the principal name by appending the fully
144   * qualified domain name to the string "ldap/".
145   *
146   * @return Returns the value of the "principal-name" property.
147   */
148  String getPrincipalName();
149
150
151
152  /**
153   * Gets the "quality-of-protection" property.
154   * <p>
155   * The name of a property that specifies the quality of protection
156   * the server will support.
157   *
158   * @return Returns the value of the "quality-of-protection" property.
159   */
160  QualityOfProtection getQualityOfProtection();
161
162
163
164  /**
165   * Gets the "realm" property.
166   * <p>
167   * Specifies the realm to be used for GSSAPI authentication.
168   *
169   * @return Returns the value of the "realm" property.
170   */
171  String getRealm();
172
173
174
175  /**
176   * Gets the "server-fqdn" property.
177   * <p>
178   * Specifies the DNS-resolvable fully-qualified domain name for the
179   * system.
180   *
181   * @return Returns the value of the "server-fqdn" property.
182   */
183  String getServerFqdn();
184
185}