001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.admin.std.server;
028    
029    
030    
031    import java.net.InetAddress;
032    import java.util.SortedSet;
033    import org.opends.server.admin.server.ConfigurationChangeListener;
034    import org.opends.server.admin.std.meta.LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy;
035    import org.opends.server.types.DN;
036    
037    
038    
039    /**
040     * A server-side interface for querying LDAP Connection Handler
041     * settings.
042     * <p>
043     * The LDAP Connection Handler is used to interact with clients using
044     * LDAP.
045     */
046    public interface LDAPConnectionHandlerCfg extends ConnectionHandlerCfg {
047    
048      /**
049       * Gets the configuration class associated with this LDAP Connection Handler.
050       *
051       * @return Returns the configuration class associated with this LDAP Connection Handler.
052       */
053      Class<? extends LDAPConnectionHandlerCfg> configurationClass();
054    
055    
056    
057      /**
058       * Register to be notified when this LDAP Connection Handler is changed.
059       *
060       * @param listener
061       *          The LDAP Connection Handler configuration change listener.
062       */
063      void addLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener);
064    
065    
066    
067      /**
068       * Deregister an existing LDAP Connection Handler configuration change listener.
069       *
070       * @param listener
071       *          The LDAP Connection Handler configuration change listener.
072       */
073      void removeLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener);
074    
075    
076    
077      /**
078       * Gets the "accept-backlog" property.
079       * <p>
080       * Specifies the maximum number of pending connection attempts that
081       * are allowed to queue up in the accept backlog before the server
082       * starts rejecting new connection attempts.
083       * <p>
084       * This is primarily an issue for cases in which a large number of
085       * connections are established to the server in a very short period
086       * of time (for example, a benchmark utility that creates a large
087       * number of client threads that each have their own connection to
088       * the server) and the connection handler is unable to keep up with
089       * the rate at which the new connections are established.
090       *
091       * @return Returns the value of the "accept-backlog" property.
092       */
093      int getAcceptBacklog();
094    
095    
096    
097      /**
098       * Gets the "allow-ldap-v2" property.
099       * <p>
100       * Indicates whether connections from LDAPv2 clients are allowed.
101       * <p>
102       * If LDAPv2 clients are allowed, then only a minimal degree of
103       * special support are provided for them to ensure that
104       * LDAPv3-specific protocol elements (for example, Configuration
105       * Guide 25 controls, extended response messages, intermediate
106       * response messages, referrals) are not sent to an LDAPv2 client.
107       *
108       * @return Returns the value of the "allow-ldap-v2" property.
109       */
110      boolean isAllowLDAPV2();
111    
112    
113    
114      /**
115       * Gets the "allow-start-tls" property.
116       * <p>
117       * Indicates whether clients are allowed to use StartTLS.
118       * <p>
119       * If enabled, the LDAP Connection Handler allows clients to use the
120       * StartTLS extended operation to initiate secure communication over
121       * an otherwise insecure channel. Note that this is only allowed if
122       * the LDAP Connection Handler is not configured to use SSL, and if
123       * the server is configured with a valid key manager provider and a
124       * valid trust manager provider.
125       *
126       * @return Returns the value of the "allow-start-tls" property.
127       */
128      boolean isAllowStartTLS();
129    
130    
131    
132      /**
133       * Gets the "allow-tcp-reuse-address" property.
134       * <p>
135       * Indicates whether the LDAP Connection Handler should reuse socket
136       * descriptors.
137       * <p>
138       * If enabled, the SO_REUSEADDR socket option is used on the server
139       * listen socket to potentially allow the reuse of socket descriptors
140       * for clients in a TIME_WAIT state. This may help the server avoid
141       * temporarily running out of socket descriptors in cases in which a
142       * very large number of short-lived connections have been established
143       * from the same client system.
144       *
145       * @return Returns the value of the "allow-tcp-reuse-address" property.
146       */
147      boolean isAllowTCPReuseAddress();
148    
149    
150    
151      /**
152       * Gets the "java-class" property.
153       * <p>
154       * Specifies the fully-qualified name of the Java class that
155       * provides the LDAP Connection Handler implementation.
156       *
157       * @return Returns the value of the "java-class" property.
158       */
159      String getJavaClass();
160    
161    
162    
163      /**
164       * Gets the "keep-stats" property.
165       * <p>
166       * Indicates whether the LDAP Connection Handler should keep
167       * statistics.
168       * <p>
169       * If enabled, the LDAP Connection Handler maintains statistics
170       * about the number and types of operations requested over LDAP and
171       * the amount of data sent and received.
172       *
173       * @return Returns the value of the "keep-stats" property.
174       */
175      boolean isKeepStats();
176    
177    
178    
179      /**
180       * Gets the "key-manager-provider" property.
181       * <p>
182       * Specifies the name of the key manager that should be used with
183       * this LDAP Connection Handler .
184       *
185       * @return Returns the value of the "key-manager-provider" property.
186       */
187      String getKeyManagerProvider();
188    
189    
190    
191      /**
192       * Gets the "key-manager-provider" property as a DN.
193       * <p>
194       * Specifies the name of the key manager that should be used with
195       * this LDAP Connection Handler .
196       *
197       * @return Returns the DN value of the "key-manager-provider"
198       *         property.
199       */
200      DN getKeyManagerProviderDN();
201    
202    
203    
204      /**
205       * Gets the "listen-address" property.
206       * <p>
207       * Specifies the address or set of addresses on which this LDAP
208       * Connection Handler should listen for connections from LDAP
209       * clients.
210       * <p>
211       * Multiple addresses may be provided as separate values for this
212       * attribute. If no values are provided, then the LDAP Connection
213       * Handler listens on all interfaces.
214       *
215       * @return Returns an unmodifiable set containing the values of the "listen-address" property.
216       */
217      SortedSet<InetAddress> getListenAddress();
218    
219    
220    
221      /**
222       * Gets the "listen-port" property.
223       * <p>
224       * Specifies the port number on which the LDAP Connection Handler
225       * will listen for connections from clients.
226       * <p>
227       * Only a single port number may be provided.
228       *
229       * @return Returns the value of the "listen-port" property.
230       */
231      int getListenPort();
232    
233    
234    
235      /**
236       * Gets the "max-blocked-write-time-limit" property.
237       * <p>
238       * Specifies the maximum length of time that attempts to write data
239       * to LDAP clients should be allowed to block.
240       * <p>
241       * If an attempt to write data to a client takes longer than this
242       * length of time, then the client connection is terminated.
243       *
244       * @return Returns the value of the "max-blocked-write-time-limit" property.
245       */
246      long getMaxBlockedWriteTimeLimit();
247    
248    
249    
250      /**
251       * Gets the "max-request-size" property.
252       * <p>
253       * Specifies the size of the largest LDAP request message that will
254       * be allowed by this LDAP Connection handler.
255       * <p>
256       * This property is analogous to the maxBERSize configuration
257       * attribute of the Sun Java System Directory Server. This can help
258       * prevent denial-of-service attacks by clients that indicate they
259       * send extremely large requests to the server causing it to attempt
260       * to allocate large amounts of memory.
261       *
262       * @return Returns the value of the "max-request-size" property.
263       */
264      long getMaxRequestSize();
265    
266    
267    
268      /**
269       * Gets the "num-request-handlers" property.
270       * <p>
271       * Specifies the number of request handlers that are used to read
272       * requests from clients.
273       * <p>
274       * The LDAP Connection Handler uses one thread to accept new
275       * connections from clients, but uses one or more additional threads
276       * to read requests from existing client connections. This ensures
277       * that new requests are read efficiently and that the connection
278       * handler itself does not become a bottleneck when the server is
279       * under heavy load from many clients at the same time.
280       *
281       * @return Returns the value of the "num-request-handlers" property.
282       */
283      int getNumRequestHandlers();
284    
285    
286    
287      /**
288       * Gets the "send-rejection-notice" property.
289       * <p>
290       * Indicates whether the LDAP Connection Handler should send a
291       * notice of disconnection extended response message to the client if
292       * a new connection is rejected for some reason.
293       * <p>
294       * The extended response message may provide an explanation
295       * indicating the reason that the connection was rejected.
296       *
297       * @return Returns the value of the "send-rejection-notice" property.
298       */
299      boolean isSendRejectionNotice();
300    
301    
302    
303      /**
304       * Gets the "ssl-cert-nickname" property.
305       * <p>
306       * Specifies the nickname (also called the alias) of the certificate
307       * that the LDAP Connection Handler should use when performing SSL
308       * communication.
309       * <p>
310       * This is only applicable when the LDAP Connection Handler is
311       * configured to use SSL.
312       *
313       * @return Returns the value of the "ssl-cert-nickname" property.
314       */
315      String getSSLCertNickname();
316    
317    
318    
319      /**
320       * Gets the "ssl-cipher-suite" property.
321       * <p>
322       * Specifies the names of the SSL cipher suites that are allowed for
323       * use in SSL or StartTLS communication.
324       *
325       * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property.
326       */
327      SortedSet<String> getSSLCipherSuite();
328    
329    
330    
331      /**
332       * Gets the "ssl-client-auth-policy" property.
333       * <p>
334       * Specifies the policy that the LDAP Connection Handler should use
335       * regarding client SSL certificates.
336       * <p>
337       * This is only applicable if clients are allowed to use SSL.
338       *
339       * @return Returns the value of the "ssl-client-auth-policy" property.
340       */
341      SSLClientAuthPolicy getSSLClientAuthPolicy();
342    
343    
344    
345      /**
346       * Gets the "ssl-protocol" property.
347       * <p>
348       * Specifies the names of the SSL protocols that are allowed for use
349       * in SSL or StartTLS communication.
350       *
351       * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property.
352       */
353      SortedSet<String> getSSLProtocol();
354    
355    
356    
357      /**
358       * Gets the "trust-manager-provider" property.
359       * <p>
360       * Specifies the name of the trust manager that should be used with
361       * the LDAP Connection Handler .
362       *
363       * @return Returns the value of the "trust-manager-provider" property.
364       */
365      String getTrustManagerProvider();
366    
367    
368    
369      /**
370       * Gets the "trust-manager-provider" property as a DN.
371       * <p>
372       * Specifies the name of the trust manager that should be used with
373       * the LDAP Connection Handler .
374       *
375       * @return Returns the DN value of the "trust-manager-provider"
376       *         property.
377       */
378      DN getTrustManagerProviderDN();
379    
380    
381    
382      /**
383       * Gets the "use-ssl" property.
384       * <p>
385       * Indicates whether the LDAP Connection Handler should use SSL.
386       * <p>
387       * If enabled, the LDAP Connection Handler will use SSL to encrypt
388       * communication with the clients.
389       *
390       * @return Returns the value of the "use-ssl" property.
391       */
392      boolean isUseSSL();
393    
394    
395    
396      /**
397       * Gets the "use-tcp-keep-alive" property.
398       * <p>
399       * Indicates whether the LDAP Connection Handler should use TCP
400       * keep-alive.
401       * <p>
402       * If enabled, the SO_KEEPALIVE socket option is used to indicate
403       * that TCP keepalive messages should periodically be sent to the
404       * client to verify that the associated connection is still valid.
405       * This may also help prevent cases in which intermediate network
406       * hardware could silently drop an otherwise idle client connection,
407       * provided that the keepalive interval configured in the underlying
408       * operating system is smaller than the timeout enforced by the
409       * network hardware.
410       *
411       * @return Returns the value of the "use-tcp-keep-alive" property.
412       */
413      boolean isUseTCPKeepAlive();
414    
415    
416    
417      /**
418       * Gets the "use-tcp-no-delay" property.
419       * <p>
420       * Indicates whether the LDAP Connection Handler should use TCP
421       * no-delay.
422       * <p>
423       * If enabled, the TCP_NODELAY socket option is used to ensure that
424       * response messages to the client are sent immediately rather than
425       * potentially waiting to determine whether additional response
426       * messages can be sent in the same packet. In most cases, using the
427       * TCP_NODELAY socket option provides better performance and lower
428       * response times, but disabling it may help for some cases in which
429       * the server sends a large number of entries to a client in response
430       * to a search request.
431       *
432       * @return Returns the value of the "use-tcp-no-delay" property.
433       */
434      boolean isUseTCPNoDelay();
435    
436    }