001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 package org.opends.server.admin.std.server; 028 029 030 031 import java.util.SortedSet; 032 import org.opends.server.admin.Configuration; 033 import org.opends.server.admin.server.ConfigurationChangeListener; 034 import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege; 035 import org.opends.server.admin.std.meta.GlobalCfgDefn.EtimeResolution; 036 import org.opends.server.admin.std.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior; 037 import org.opends.server.admin.std.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior; 038 import org.opends.server.admin.std.meta.GlobalCfgDefn.WorkflowConfigurationMode; 039 import org.opends.server.admin.std.meta.GlobalCfgDefn.WritabilityMode; 040 import org.opends.server.types.DN; 041 042 043 044 /** 045 * A server-side interface for querying Global Configuration settings. 046 * <p> 047 * The Global Configuration contains properties that affect the 048 * overall operation of the OpenDS Directory Server . 049 */ 050 public interface GlobalCfg extends Configuration { 051 052 /** 053 * Gets the configuration class associated with this Global Configuration. 054 * 055 * @return Returns the configuration class associated with this Global Configuration. 056 */ 057 Class<? extends GlobalCfg> configurationClass(); 058 059 060 061 /** 062 * Register to be notified when this Global Configuration is changed. 063 * 064 * @param listener 065 * The Global Configuration configuration change listener. 066 */ 067 void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 068 069 070 071 /** 072 * Deregister an existing Global Configuration configuration change listener. 073 * 074 * @param listener 075 * The Global Configuration configuration change listener. 076 */ 077 void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 078 079 080 081 /** 082 * Gets the "add-missing-rdn-attributes" property. 083 * <p> 084 * Indicates whether the Directory Server should automatically add 085 * any attribute values contained in the entry's RDN into that entry 086 * when processing an add request. 087 * 088 * @return Returns the value of the "add-missing-rdn-attributes" property. 089 */ 090 boolean isAddMissingRDNAttributes(); 091 092 093 094 /** 095 * Gets the "allow-attribute-name-exceptions" property. 096 * <p> 097 * Indicates whether the Directory Server should allow underscores 098 * in attribute names and allow attribute names to begin with numeric 099 * digits (both of which are violations of the LDAP standards). 100 * 101 * @return Returns the value of the "allow-attribute-name-exceptions" property. 102 */ 103 boolean isAllowAttributeNameExceptions(); 104 105 106 107 /** 108 * Gets the "allowed-task" property. 109 * <p> 110 * Specifies the fully-qualified name of a Java class that may be 111 * invoked in the server. 112 * <p> 113 * Any attempt to invoke a task not included in the list of allowed 114 * tasks is rejected. 115 * 116 * @return Returns an unmodifiable set containing the values of the "allowed-task" property. 117 */ 118 SortedSet<String> getAllowedTask(); 119 120 121 122 /** 123 * Gets the "bind-with-dn-requires-password" property. 124 * <p> 125 * Indicates whether the Directory Server should reject any simple 126 * bind request that contains a DN but no password. 127 * <p> 128 * Although such bind requests are technically allowed by the LDAPv3 129 * specification (and should be treated as anonymous simple 130 * authentication), they may introduce security problems in 131 * applications that do not verify that the client actually provided 132 * a password. 133 * 134 * @return Returns the value of the "bind-with-dn-requires-password" property. 135 */ 136 boolean isBindWithDNRequiresPassword(); 137 138 139 140 /** 141 * Gets the "check-schema" property. 142 * <p> 143 * Indicates whether schema enforcement is active. 144 * <p> 145 * When schema enforcement is activated, the Directory Server 146 * ensures that all operations result in entries are valid according 147 * to the defined server schema. It is strongly recommended that this 148 * option be left enabled to prevent the inadvertent addition of 149 * invalid data into the server. 150 * 151 * @return Returns the value of the "check-schema" property. 152 */ 153 boolean isCheckSchema(); 154 155 156 157 /** 158 * Gets the "default-password-policy" property. 159 * <p> 160 * Specifies the name of the password policy that is in effect for 161 * users whose entries do not specify an alternate password policy 162 * (either via a real or virtual attribute). 163 * 164 * @return Returns the value of the "default-password-policy" property. 165 */ 166 String getDefaultPasswordPolicy(); 167 168 169 170 /** 171 * Gets the "default-password-policy" property as a DN. 172 * <p> 173 * Specifies the name of the password policy that is in effect for 174 * users whose entries do not specify an alternate password policy 175 * (either via a real or virtual attribute). 176 * 177 * @return Returns the DN value of the "default-password-policy" 178 * property. 179 */ 180 DN getDefaultPasswordPolicyDN(); 181 182 183 184 /** 185 * Gets the "disabled-privilege" property. 186 * <p> 187 * Specifies the name of a privilege that should not be evaluated by 188 * the server. 189 * <p> 190 * If a privilege is disabled, then it is assumed that all clients 191 * (including unauthenticated clients) have that privilege. 192 * 193 * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property. 194 */ 195 SortedSet<DisabledPrivilege> getDisabledPrivilege(); 196 197 198 199 /** 200 * Gets the "entry-cache-preload" property. 201 * <p> 202 * Indicates whether or not to preload the entry cache on startup. 203 * 204 * @return Returns the value of the "entry-cache-preload" property. 205 */ 206 boolean isEntryCachePreload(); 207 208 209 210 /** 211 * Gets the "etime-resolution" property. 212 * <p> 213 * Specifies the resolution to use for operation elapsed processing 214 * time (etime) measurements. 215 * 216 * @return Returns the value of the "etime-resolution" property. 217 */ 218 EtimeResolution getEtimeResolution(); 219 220 221 222 /** 223 * Gets the "idle-time-limit" property. 224 * <p> 225 * Specifies the maximum length of time that a client connection may 226 * remain established since its last completed operation. 227 * <p> 228 * A value of "0 seconds" indicates that no idle time limit is 229 * enforced. 230 * 231 * @return Returns the value of the "idle-time-limit" property. 232 */ 233 long getIdleTimeLimit(); 234 235 236 237 /** 238 * Gets the "invalid-attribute-syntax-behavior" property. 239 * <p> 240 * Specifies how the Directory Server should handle operations 241 * whenever an attribute value violates the associated attribute 242 * syntax. 243 * 244 * @return Returns the value of the "invalid-attribute-syntax-behavior" property. 245 */ 246 InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior(); 247 248 249 250 /** 251 * Gets the "lookthrough-limit" property. 252 * <p> 253 * Specifies the maximum number of entries that the Directory Server 254 * should "look through" in the course of processing a search 255 * request. 256 * <p> 257 * This includes any entry that the server must examine in the 258 * course of processing the request, regardless of whether it 259 * actually matches the search criteria. A value of 0 indicates that 260 * no lookthrough limit is enforced. Note that this is the default 261 * server-wide limit, but it may be overridden on a per-user basis 262 * using the ds-rlim-lookthrough-limit operational attribute. 263 * 264 * @return Returns the value of the "lookthrough-limit" property. 265 */ 266 int getLookthroughLimit(); 267 268 269 270 /** 271 * Gets the "notify-abandoned-operations" property. 272 * <p> 273 * Indicates whether the Directory Server should send a response to 274 * any operation that is interrupted via an abandon request. 275 * <p> 276 * The LDAP specification states that abandoned operations should 277 * not receive any response, but this may cause problems with client 278 * applications that always expect to receive a response to each 279 * request. 280 * 281 * @return Returns the value of the "notify-abandoned-operations" property. 282 */ 283 boolean isNotifyAbandonedOperations(); 284 285 286 287 /** 288 * Gets the "proxied-authorization-identity-mapper" property. 289 * <p> 290 * Specifies the name of the identity mapper to map authorization ID 291 * values (using the "u:" form) provided in the proxied authorization 292 * control to the corresponding user entry. 293 * 294 * @return Returns the value of the "proxied-authorization-identity-mapper" property. 295 */ 296 String getProxiedAuthorizationIdentityMapper(); 297 298 299 300 /** 301 * Gets the "proxied-authorization-identity-mapper" property as a 302 * DN. 303 * <p> 304 * Specifies the name of the identity mapper to map authorization ID 305 * values (using the "u:" form) provided in the proxied authorization 306 * control to the corresponding user entry. 307 * 308 * @return Returns the DN value of the 309 * "proxied-authorization-identity-mapper" property. 310 */ 311 DN getProxiedAuthorizationIdentityMapperDN(); 312 313 314 315 /** 316 * Gets the "reject-unauthenticated-requests" property. 317 * <p> 318 * Indicates whether the Directory Server should reject any request 319 * (other than bind or StartTLS requests) received from a client that 320 * has not yet been authenticated, whose last authentication attempt 321 * was unsuccessful, or whose last authentication attempt used 322 * anonymous authentication. 323 * 324 * @return Returns the value of the "reject-unauthenticated-requests" property. 325 */ 326 boolean isRejectUnauthenticatedRequests(); 327 328 329 330 /** 331 * Gets the "return-bind-error-messages" property. 332 * <p> 333 * Indicates whether responses for failed bind operations should 334 * include a message string providing the reason for the 335 * authentication failure. 336 * <p> 337 * Note that these messages may include information that could 338 * potentially be used by an attacker. If this option is disabled, 339 * then these messages appears only in the server's access log. 340 * 341 * @return Returns the value of the "return-bind-error-messages" property. 342 */ 343 boolean isReturnBindErrorMessages(); 344 345 346 347 /** 348 * Gets the "save-config-on-successful-startup" property. 349 * <p> 350 * Indicates whether the Directory Server should save a copy of its 351 * configuration whenever the startup process completes successfully. 352 * <p> 353 * This ensures that the server provides a "last known good" 354 * configuration, which can be used as a reference (or copied into 355 * the active config) if the server fails to start with the current 356 * "active" configuration. 357 * 358 * @return Returns the value of the "save-config-on-successful-startup" property. 359 */ 360 boolean isSaveConfigOnSuccessfulStartup(); 361 362 363 364 /** 365 * Gets the "server-error-result-code" property. 366 * <p> 367 * Specifies the numeric value of the result code when request 368 * processing fails due to an internal server error. 369 * 370 * @return Returns the value of the "server-error-result-code" property. 371 */ 372 int getServerErrorResultCode(); 373 374 375 376 /** 377 * Gets the "single-structural-objectclass-behavior" property. 378 * <p> 379 * Specifies how the Directory Server should handle operations an 380 * entry does not contain a structural object class or contains 381 * multiple structural classes. 382 * 383 * @return Returns the value of the "single-structural-objectclass-behavior" property. 384 */ 385 SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior(); 386 387 388 389 /** 390 * Gets the "size-limit" property. 391 * <p> 392 * Specifies the maximum number of entries that the Directory Server 393 * should return to the client durin a search operation. 394 * <p> 395 * A value of 0 indicates that no size limit is enforced. Note that 396 * this is the default server-wide limit, but it may be overridden on 397 * a per-user basis using the ds-rlim-size-limit operational 398 * attribute. 399 * 400 * @return Returns the value of the "size-limit" property. 401 */ 402 int getSizeLimit(); 403 404 405 406 /** 407 * Gets the "smtp-server" property. 408 * <p> 409 * Specifies the address (and optional port number) for a mail 410 * server that can be used to send email messages via SMTP. 411 * <p> 412 * It may be an IP address or resolvable hostname, optionally 413 * followed by a colon and a port number. 414 * 415 * @return Returns an unmodifiable set containing the values of the "smtp-server" property. 416 */ 417 SortedSet<String> getSMTPServer(); 418 419 420 421 /** 422 * Gets the "time-limit" property. 423 * <p> 424 * Specifies the maximum length of time that the Directory Server 425 * should spend processing a search operation. 426 * <p> 427 * A value of 0 seconds indicates that no time limit is enforced. 428 * Note that this is the default server-wide time limit, but it may 429 * be overridden on a per-user basis using the ds-rlim-time-limit 430 * operational attribute. 431 * 432 * @return Returns the value of the "time-limit" property. 433 */ 434 long getTimeLimit(); 435 436 437 438 /** 439 * Gets the "workflow-configuration-mode" property. 440 * <p> 441 * Specifies the workflow configuration mode (auto vs. manual). 442 * 443 * @return Returns the value of the "workflow-configuration-mode" property. 444 */ 445 WorkflowConfigurationMode getWorkflowConfigurationMode(); 446 447 448 449 /** 450 * Gets the "writability-mode" property. 451 * <p> 452 * Specifies the kinds of write operations the Directory Server can 453 * process. 454 * 455 * @return Returns the value of the "writability-mode" property. 456 */ 457 WritabilityMode getWritabilityMode(); 458 459 }