001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    package org.opends.server.admin.std.server;
028    
029    
030    
031    import java.util.SortedSet;
032    import org.opends.server.admin.Configuration;
033    import org.opends.server.admin.server.ConfigurationChangeListener;
034    import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege;
035    import org.opends.server.admin.std.meta.GlobalCfgDefn.EtimeResolution;
036    import org.opends.server.admin.std.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior;
037    import org.opends.server.admin.std.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior;
038    import org.opends.server.admin.std.meta.GlobalCfgDefn.WorkflowConfigurationMode;
039    import org.opends.server.admin.std.meta.GlobalCfgDefn.WritabilityMode;
040    import org.opends.server.types.DN;
041    
042    
043    
044    /**
045     * A server-side interface for querying Global Configuration settings.
046     * <p>
047     * The Global Configuration contains properties that affect the
048     * overall operation of the OpenDS Directory Server .
049     */
050    public interface GlobalCfg extends Configuration {
051    
052      /**
053       * Gets the configuration class associated with this Global Configuration.
054       *
055       * @return Returns the configuration class associated with this Global Configuration.
056       */
057      Class<? extends GlobalCfg> configurationClass();
058    
059    
060    
061      /**
062       * Register to be notified when this Global Configuration is changed.
063       *
064       * @param listener
065       *          The Global Configuration configuration change listener.
066       */
067      void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
068    
069    
070    
071      /**
072       * Deregister an existing Global Configuration configuration change listener.
073       *
074       * @param listener
075       *          The Global Configuration configuration change listener.
076       */
077      void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
078    
079    
080    
081      /**
082       * Gets the "add-missing-rdn-attributes" property.
083       * <p>
084       * Indicates whether the Directory Server should automatically add
085       * any attribute values contained in the entry's RDN into that entry
086       * when processing an add request.
087       *
088       * @return Returns the value of the "add-missing-rdn-attributes" property.
089       */
090      boolean isAddMissingRDNAttributes();
091    
092    
093    
094      /**
095       * Gets the "allow-attribute-name-exceptions" property.
096       * <p>
097       * Indicates whether the Directory Server should allow underscores
098       * in attribute names and allow attribute names to begin with numeric
099       * digits (both of which are violations of the LDAP standards).
100       *
101       * @return Returns the value of the "allow-attribute-name-exceptions" property.
102       */
103      boolean isAllowAttributeNameExceptions();
104    
105    
106    
107      /**
108       * Gets the "allowed-task" property.
109       * <p>
110       * Specifies the fully-qualified name of a Java class that may be
111       * invoked in the server.
112       * <p>
113       * Any attempt to invoke a task not included in the list of allowed
114       * tasks is rejected.
115       *
116       * @return Returns an unmodifiable set containing the values of the "allowed-task" property.
117       */
118      SortedSet<String> getAllowedTask();
119    
120    
121    
122      /**
123       * Gets the "bind-with-dn-requires-password" property.
124       * <p>
125       * Indicates whether the Directory Server should reject any simple
126       * bind request that contains a DN but no password.
127       * <p>
128       * Although such bind requests are technically allowed by the LDAPv3
129       * specification (and should be treated as anonymous simple
130       * authentication), they may introduce security problems in
131       * applications that do not verify that the client actually provided
132       * a password.
133       *
134       * @return Returns the value of the "bind-with-dn-requires-password" property.
135       */
136      boolean isBindWithDNRequiresPassword();
137    
138    
139    
140      /**
141       * Gets the "check-schema" property.
142       * <p>
143       * Indicates whether schema enforcement is active.
144       * <p>
145       * When schema enforcement is activated, the Directory Server
146       * ensures that all operations result in entries are valid according
147       * to the defined server schema. It is strongly recommended that this
148       * option be left enabled to prevent the inadvertent addition of
149       * invalid data into the server.
150       *
151       * @return Returns the value of the "check-schema" property.
152       */
153      boolean isCheckSchema();
154    
155    
156    
157      /**
158       * Gets the "default-password-policy" property.
159       * <p>
160       * Specifies the name of the password policy that is in effect for
161       * users whose entries do not specify an alternate password policy
162       * (either via a real or virtual attribute).
163       *
164       * @return Returns the value of the "default-password-policy" property.
165       */
166      String getDefaultPasswordPolicy();
167    
168    
169    
170      /**
171       * Gets the "default-password-policy" property as a DN.
172       * <p>
173       * Specifies the name of the password policy that is in effect for
174       * users whose entries do not specify an alternate password policy
175       * (either via a real or virtual attribute).
176       *
177       * @return Returns the DN value of the "default-password-policy"
178       *         property.
179       */
180      DN getDefaultPasswordPolicyDN();
181    
182    
183    
184      /**
185       * Gets the "disabled-privilege" property.
186       * <p>
187       * Specifies the name of a privilege that should not be evaluated by
188       * the server.
189       * <p>
190       * If a privilege is disabled, then it is assumed that all clients
191       * (including unauthenticated clients) have that privilege.
192       *
193       * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property.
194       */
195      SortedSet<DisabledPrivilege> getDisabledPrivilege();
196    
197    
198    
199      /**
200       * Gets the "entry-cache-preload" property.
201       * <p>
202       * Indicates whether or not to preload the entry cache on startup.
203       *
204       * @return Returns the value of the "entry-cache-preload" property.
205       */
206      boolean isEntryCachePreload();
207    
208    
209    
210      /**
211       * Gets the "etime-resolution" property.
212       * <p>
213       * Specifies the resolution to use for operation elapsed processing
214       * time (etime) measurements.
215       *
216       * @return Returns the value of the "etime-resolution" property.
217       */
218      EtimeResolution getEtimeResolution();
219    
220    
221    
222      /**
223       * Gets the "idle-time-limit" property.
224       * <p>
225       * Specifies the maximum length of time that a client connection may
226       * remain established since its last completed operation.
227       * <p>
228       * A value of "0 seconds" indicates that no idle time limit is
229       * enforced.
230       *
231       * @return Returns the value of the "idle-time-limit" property.
232       */
233      long getIdleTimeLimit();
234    
235    
236    
237      /**
238       * Gets the "invalid-attribute-syntax-behavior" property.
239       * <p>
240       * Specifies how the Directory Server should handle operations
241       * whenever an attribute value violates the associated attribute
242       * syntax.
243       *
244       * @return Returns the value of the "invalid-attribute-syntax-behavior" property.
245       */
246      InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior();
247    
248    
249    
250      /**
251       * Gets the "lookthrough-limit" property.
252       * <p>
253       * Specifies the maximum number of entries that the Directory Server
254       * should "look through" in the course of processing a search
255       * request.
256       * <p>
257       * This includes any entry that the server must examine in the
258       * course of processing the request, regardless of whether it
259       * actually matches the search criteria. A value of 0 indicates that
260       * no lookthrough limit is enforced. Note that this is the default
261       * server-wide limit, but it may be overridden on a per-user basis
262       * using the ds-rlim-lookthrough-limit operational attribute.
263       *
264       * @return Returns the value of the "lookthrough-limit" property.
265       */
266      int getLookthroughLimit();
267    
268    
269    
270      /**
271       * Gets the "notify-abandoned-operations" property.
272       * <p>
273       * Indicates whether the Directory Server should send a response to
274       * any operation that is interrupted via an abandon request.
275       * <p>
276       * The LDAP specification states that abandoned operations should
277       * not receive any response, but this may cause problems with client
278       * applications that always expect to receive a response to each
279       * request.
280       *
281       * @return Returns the value of the "notify-abandoned-operations" property.
282       */
283      boolean isNotifyAbandonedOperations();
284    
285    
286    
287      /**
288       * Gets the "proxied-authorization-identity-mapper" property.
289       * <p>
290       * Specifies the name of the identity mapper to map authorization ID
291       * values (using the "u:" form) provided in the proxied authorization
292       * control to the corresponding user entry.
293       *
294       * @return Returns the value of the "proxied-authorization-identity-mapper" property.
295       */
296      String getProxiedAuthorizationIdentityMapper();
297    
298    
299    
300      /**
301       * Gets the "proxied-authorization-identity-mapper" property as a
302       * DN.
303       * <p>
304       * Specifies the name of the identity mapper to map authorization ID
305       * values (using the "u:" form) provided in the proxied authorization
306       * control to the corresponding user entry.
307       *
308       * @return Returns the DN value of the
309       *         "proxied-authorization-identity-mapper" property.
310       */
311      DN getProxiedAuthorizationIdentityMapperDN();
312    
313    
314    
315      /**
316       * Gets the "reject-unauthenticated-requests" property.
317       * <p>
318       * Indicates whether the Directory Server should reject any request
319       * (other than bind or StartTLS requests) received from a client that
320       * has not yet been authenticated, whose last authentication attempt
321       * was unsuccessful, or whose last authentication attempt used
322       * anonymous authentication.
323       *
324       * @return Returns the value of the "reject-unauthenticated-requests" property.
325       */
326      boolean isRejectUnauthenticatedRequests();
327    
328    
329    
330      /**
331       * Gets the "return-bind-error-messages" property.
332       * <p>
333       * Indicates whether responses for failed bind operations should
334       * include a message string providing the reason for the
335       * authentication failure.
336       * <p>
337       * Note that these messages may include information that could
338       * potentially be used by an attacker. If this option is disabled,
339       * then these messages appears only in the server's access log.
340       *
341       * @return Returns the value of the "return-bind-error-messages" property.
342       */
343      boolean isReturnBindErrorMessages();
344    
345    
346    
347      /**
348       * Gets the "save-config-on-successful-startup" property.
349       * <p>
350       * Indicates whether the Directory Server should save a copy of its
351       * configuration whenever the startup process completes successfully.
352       * <p>
353       * This ensures that the server provides a "last known good"
354       * configuration, which can be used as a reference (or copied into
355       * the active config) if the server fails to start with the current
356       * "active" configuration.
357       *
358       * @return Returns the value of the "save-config-on-successful-startup" property.
359       */
360      boolean isSaveConfigOnSuccessfulStartup();
361    
362    
363    
364      /**
365       * Gets the "server-error-result-code" property.
366       * <p>
367       * Specifies the numeric value of the result code when request
368       * processing fails due to an internal server error.
369       *
370       * @return Returns the value of the "server-error-result-code" property.
371       */
372      int getServerErrorResultCode();
373    
374    
375    
376      /**
377       * Gets the "single-structural-objectclass-behavior" property.
378       * <p>
379       * Specifies how the Directory Server should handle operations an
380       * entry does not contain a structural object class or contains
381       * multiple structural classes.
382       *
383       * @return Returns the value of the "single-structural-objectclass-behavior" property.
384       */
385      SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior();
386    
387    
388    
389      /**
390       * Gets the "size-limit" property.
391       * <p>
392       * Specifies the maximum number of entries that the Directory Server
393       * should return to the client durin a search operation.
394       * <p>
395       * A value of 0 indicates that no size limit is enforced. Note that
396       * this is the default server-wide limit, but it may be overridden on
397       * a per-user basis using the ds-rlim-size-limit operational
398       * attribute.
399       *
400       * @return Returns the value of the "size-limit" property.
401       */
402      int getSizeLimit();
403    
404    
405    
406      /**
407       * Gets the "smtp-server" property.
408       * <p>
409       * Specifies the address (and optional port number) for a mail
410       * server that can be used to send email messages via SMTP.
411       * <p>
412       * It may be an IP address or resolvable hostname, optionally
413       * followed by a colon and a port number.
414       *
415       * @return Returns an unmodifiable set containing the values of the "smtp-server" property.
416       */
417      SortedSet<String> getSMTPServer();
418    
419    
420    
421      /**
422       * Gets the "time-limit" property.
423       * <p>
424       * Specifies the maximum length of time that the Directory Server
425       * should spend processing a search operation.
426       * <p>
427       * A value of 0 seconds indicates that no time limit is enforced.
428       * Note that this is the default server-wide time limit, but it may
429       * be overridden on a per-user basis using the ds-rlim-time-limit
430       * operational attribute.
431       *
432       * @return Returns the value of the "time-limit" property.
433       */
434      long getTimeLimit();
435    
436    
437    
438      /**
439       * Gets the "workflow-configuration-mode" property.
440       * <p>
441       * Specifies the workflow configuration mode (auto vs. manual).
442       *
443       * @return Returns the value of the "workflow-configuration-mode" property.
444       */
445      WorkflowConfigurationMode getWorkflowConfigurationMode();
446    
447    
448    
449      /**
450       * Gets the "writability-mode" property.
451       * <p>
452       * Specifies the kinds of write operations the Directory Server can
453       * process.
454       *
455       * @return Returns the value of the "writability-mode" property.
456       */
457      WritabilityMode getWritabilityMode();
458    
459    }