001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.admin.std.server; 028 029 030 031 import java.net.InetAddress; 032 import java.util.SortedSet; 033 import org.opends.server.admin.server.ConfigurationChangeListener; 034 import org.opends.server.admin.std.meta.LDAPConnectionHandlerCfgDefn.SSLClientAuthPolicy; 035 import org.opends.server.types.DN; 036 037 038 039 /** 040 * A server-side interface for querying LDAP Connection Handler 041 * settings. 042 * <p> 043 * The LDAP Connection Handler is used to interact with clients using 044 * LDAP. 045 */ 046 public interface LDAPConnectionHandlerCfg extends ConnectionHandlerCfg { 047 048 /** 049 * Gets the configuration class associated with this LDAP Connection Handler. 050 * 051 * @return Returns the configuration class associated with this LDAP Connection Handler. 052 */ 053 Class<? extends LDAPConnectionHandlerCfg> configurationClass(); 054 055 056 057 /** 058 * Register to be notified when this LDAP Connection Handler is changed. 059 * 060 * @param listener 061 * The LDAP Connection Handler configuration change listener. 062 */ 063 void addLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener); 064 065 066 067 /** 068 * Deregister an existing LDAP Connection Handler configuration change listener. 069 * 070 * @param listener 071 * The LDAP Connection Handler configuration change listener. 072 */ 073 void removeLDAPChangeListener(ConfigurationChangeListener<LDAPConnectionHandlerCfg> listener); 074 075 076 077 /** 078 * Gets the "accept-backlog" property. 079 * <p> 080 * Specifies the maximum number of pending connection attempts that 081 * are allowed to queue up in the accept backlog before the server 082 * starts rejecting new connection attempts. 083 * <p> 084 * This is primarily an issue for cases in which a large number of 085 * connections are established to the server in a very short period 086 * of time (for example, a benchmark utility that creates a large 087 * number of client threads that each have their own connection to 088 * the server) and the connection handler is unable to keep up with 089 * the rate at which the new connections are established. 090 * 091 * @return Returns the value of the "accept-backlog" property. 092 */ 093 int getAcceptBacklog(); 094 095 096 097 /** 098 * Gets the "allow-ldap-v2" property. 099 * <p> 100 * Indicates whether connections from LDAPv2 clients are allowed. 101 * <p> 102 * If LDAPv2 clients are allowed, then only a minimal degree of 103 * special support are provided for them to ensure that 104 * LDAPv3-specific protocol elements (for example, Configuration 105 * Guide 25 controls, extended response messages, intermediate 106 * response messages, referrals) are not sent to an LDAPv2 client. 107 * 108 * @return Returns the value of the "allow-ldap-v2" property. 109 */ 110 boolean isAllowLDAPV2(); 111 112 113 114 /** 115 * Gets the "allow-start-tls" property. 116 * <p> 117 * Indicates whether clients are allowed to use StartTLS. 118 * <p> 119 * If enabled, the LDAP Connection Handler allows clients to use the 120 * StartTLS extended operation to initiate secure communication over 121 * an otherwise insecure channel. Note that this is only allowed if 122 * the LDAP Connection Handler is not configured to use SSL, and if 123 * the server is configured with a valid key manager provider and a 124 * valid trust manager provider. 125 * 126 * @return Returns the value of the "allow-start-tls" property. 127 */ 128 boolean isAllowStartTLS(); 129 130 131 132 /** 133 * Gets the "allow-tcp-reuse-address" property. 134 * <p> 135 * Indicates whether the LDAP Connection Handler should reuse socket 136 * descriptors. 137 * <p> 138 * If enabled, the SO_REUSEADDR socket option is used on the server 139 * listen socket to potentially allow the reuse of socket descriptors 140 * for clients in a TIME_WAIT state. This may help the server avoid 141 * temporarily running out of socket descriptors in cases in which a 142 * very large number of short-lived connections have been established 143 * from the same client system. 144 * 145 * @return Returns the value of the "allow-tcp-reuse-address" property. 146 */ 147 boolean isAllowTCPReuseAddress(); 148 149 150 151 /** 152 * Gets the "java-class" property. 153 * <p> 154 * Specifies the fully-qualified name of the Java class that 155 * provides the LDAP Connection Handler implementation. 156 * 157 * @return Returns the value of the "java-class" property. 158 */ 159 String getJavaClass(); 160 161 162 163 /** 164 * Gets the "keep-stats" property. 165 * <p> 166 * Indicates whether the LDAP Connection Handler should keep 167 * statistics. 168 * <p> 169 * If enabled, the LDAP Connection Handler maintains statistics 170 * about the number and types of operations requested over LDAP and 171 * the amount of data sent and received. 172 * 173 * @return Returns the value of the "keep-stats" property. 174 */ 175 boolean isKeepStats(); 176 177 178 179 /** 180 * Gets the "key-manager-provider" property. 181 * <p> 182 * Specifies the name of the key manager that should be used with 183 * this LDAP Connection Handler . 184 * 185 * @return Returns the value of the "key-manager-provider" property. 186 */ 187 String getKeyManagerProvider(); 188 189 190 191 /** 192 * Gets the "key-manager-provider" property as a DN. 193 * <p> 194 * Specifies the name of the key manager that should be used with 195 * this LDAP Connection Handler . 196 * 197 * @return Returns the DN value of the "key-manager-provider" 198 * property. 199 */ 200 DN getKeyManagerProviderDN(); 201 202 203 204 /** 205 * Gets the "listen-address" property. 206 * <p> 207 * Specifies the address or set of addresses on which this LDAP 208 * Connection Handler should listen for connections from LDAP 209 * clients. 210 * <p> 211 * Multiple addresses may be provided as separate values for this 212 * attribute. If no values are provided, then the LDAP Connection 213 * Handler listens on all interfaces. 214 * 215 * @return Returns an unmodifiable set containing the values of the "listen-address" property. 216 */ 217 SortedSet<InetAddress> getListenAddress(); 218 219 220 221 /** 222 * Gets the "listen-port" property. 223 * <p> 224 * Specifies the port number on which the LDAP Connection Handler 225 * will listen for connections from clients. 226 * <p> 227 * Only a single port number may be provided. 228 * 229 * @return Returns the value of the "listen-port" property. 230 */ 231 int getListenPort(); 232 233 234 235 /** 236 * Gets the "max-blocked-write-time-limit" property. 237 * <p> 238 * Specifies the maximum length of time that attempts to write data 239 * to LDAP clients should be allowed to block. 240 * <p> 241 * If an attempt to write data to a client takes longer than this 242 * length of time, then the client connection is terminated. 243 * 244 * @return Returns the value of the "max-blocked-write-time-limit" property. 245 */ 246 long getMaxBlockedWriteTimeLimit(); 247 248 249 250 /** 251 * Gets the "max-request-size" property. 252 * <p> 253 * Specifies the size of the largest LDAP request message that will 254 * be allowed by this LDAP Connection handler. 255 * <p> 256 * This property is analogous to the maxBERSize configuration 257 * attribute of the Sun Java System Directory Server. This can help 258 * prevent denial-of-service attacks by clients that indicate they 259 * send extremely large requests to the server causing it to attempt 260 * to allocate large amounts of memory. 261 * 262 * @return Returns the value of the "max-request-size" property. 263 */ 264 long getMaxRequestSize(); 265 266 267 268 /** 269 * Gets the "num-request-handlers" property. 270 * <p> 271 * Specifies the number of request handlers that are used to read 272 * requests from clients. 273 * <p> 274 * The LDAP Connection Handler uses one thread to accept new 275 * connections from clients, but uses one or more additional threads 276 * to read requests from existing client connections. This ensures 277 * that new requests are read efficiently and that the connection 278 * handler itself does not become a bottleneck when the server is 279 * under heavy load from many clients at the same time. 280 * 281 * @return Returns the value of the "num-request-handlers" property. 282 */ 283 int getNumRequestHandlers(); 284 285 286 287 /** 288 * Gets the "send-rejection-notice" property. 289 * <p> 290 * Indicates whether the LDAP Connection Handler should send a 291 * notice of disconnection extended response message to the client if 292 * a new connection is rejected for some reason. 293 * <p> 294 * The extended response message may provide an explanation 295 * indicating the reason that the connection was rejected. 296 * 297 * @return Returns the value of the "send-rejection-notice" property. 298 */ 299 boolean isSendRejectionNotice(); 300 301 302 303 /** 304 * Gets the "ssl-cert-nickname" property. 305 * <p> 306 * Specifies the nickname (also called the alias) of the certificate 307 * that the LDAP Connection Handler should use when performing SSL 308 * communication. 309 * <p> 310 * This is only applicable when the LDAP Connection Handler is 311 * configured to use SSL. 312 * 313 * @return Returns the value of the "ssl-cert-nickname" property. 314 */ 315 String getSSLCertNickname(); 316 317 318 319 /** 320 * Gets the "ssl-cipher-suite" property. 321 * <p> 322 * Specifies the names of the SSL cipher suites that are allowed for 323 * use in SSL or StartTLS communication. 324 * 325 * @return Returns an unmodifiable set containing the values of the "ssl-cipher-suite" property. 326 */ 327 SortedSet<String> getSSLCipherSuite(); 328 329 330 331 /** 332 * Gets the "ssl-client-auth-policy" property. 333 * <p> 334 * Specifies the policy that the LDAP Connection Handler should use 335 * regarding client SSL certificates. 336 * <p> 337 * This is only applicable if clients are allowed to use SSL. 338 * 339 * @return Returns the value of the "ssl-client-auth-policy" property. 340 */ 341 SSLClientAuthPolicy getSSLClientAuthPolicy(); 342 343 344 345 /** 346 * Gets the "ssl-protocol" property. 347 * <p> 348 * Specifies the names of the SSL protocols that are allowed for use 349 * in SSL or StartTLS communication. 350 * 351 * @return Returns an unmodifiable set containing the values of the "ssl-protocol" property. 352 */ 353 SortedSet<String> getSSLProtocol(); 354 355 356 357 /** 358 * Gets the "trust-manager-provider" property. 359 * <p> 360 * Specifies the name of the trust manager that should be used with 361 * the LDAP Connection Handler . 362 * 363 * @return Returns the value of the "trust-manager-provider" property. 364 */ 365 String getTrustManagerProvider(); 366 367 368 369 /** 370 * Gets the "trust-manager-provider" property as a DN. 371 * <p> 372 * Specifies the name of the trust manager that should be used with 373 * the LDAP Connection Handler . 374 * 375 * @return Returns the DN value of the "trust-manager-provider" 376 * property. 377 */ 378 DN getTrustManagerProviderDN(); 379 380 381 382 /** 383 * Gets the "use-ssl" property. 384 * <p> 385 * Indicates whether the LDAP Connection Handler should use SSL. 386 * <p> 387 * If enabled, the LDAP Connection Handler will use SSL to encrypt 388 * communication with the clients. 389 * 390 * @return Returns the value of the "use-ssl" property. 391 */ 392 boolean isUseSSL(); 393 394 395 396 /** 397 * Gets the "use-tcp-keep-alive" property. 398 * <p> 399 * Indicates whether the LDAP Connection Handler should use TCP 400 * keep-alive. 401 * <p> 402 * If enabled, the SO_KEEPALIVE socket option is used to indicate 403 * that TCP keepalive messages should periodically be sent to the 404 * client to verify that the associated connection is still valid. 405 * This may also help prevent cases in which intermediate network 406 * hardware could silently drop an otherwise idle client connection, 407 * provided that the keepalive interval configured in the underlying 408 * operating system is smaller than the timeout enforced by the 409 * network hardware. 410 * 411 * @return Returns the value of the "use-tcp-keep-alive" property. 412 */ 413 boolean isUseTCPKeepAlive(); 414 415 416 417 /** 418 * Gets the "use-tcp-no-delay" property. 419 * <p> 420 * Indicates whether the LDAP Connection Handler should use TCP 421 * no-delay. 422 * <p> 423 * If enabled, the TCP_NODELAY socket option is used to ensure that 424 * response messages to the client are sent immediately rather than 425 * potentially waiting to determine whether additional response 426 * messages can be sent in the same packet. In most cases, using the 427 * TCP_NODELAY socket option provides better performance and lower 428 * response times, but disabling it may help for some cases in which 429 * the server sends a large number of entries to a client in response 430 * to a search request. 431 * 432 * @return Returns the value of the "use-tcp-no-delay" property. 433 */ 434 boolean isUseTCPNoDelay(); 435 436 }