001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.server;
027
028
029
030import org.opends.server.admin.server.ConfigurationChangeListener;
031import org.opends.server.admin.std.meta.GSSAPISASLMechanismHandlerCfgDefn.QualityOfProtection;
032import org.opends.server.types.DN;
033
034
035
036/**
037 * A server-side interface for querying GSSAPI SASL Mechanism Handler
038 * settings.
039 * <p>
040 * The GSSAPI SASL mechanism performs all processing related to SASL
041 * GSSAPI authentication using Kerberos V5.
042 */
043public interface GSSAPISASLMechanismHandlerCfg extends SASLMechanismHandlerCfg {
044
045  /**
046   * Gets the configuration class associated with this GSSAPI SASL Mechanism Handler.
047   *
048   * @return Returns the configuration class associated with this GSSAPI SASL Mechanism Handler.
049   */
050  Class<? extends GSSAPISASLMechanismHandlerCfg> configurationClass();
051
052
053
054  /**
055   * Register to be notified when this GSSAPI SASL Mechanism Handler is changed.
056   *
057   * @param listener
058   *          The GSSAPI SASL Mechanism Handler configuration change listener.
059   */
060  void addGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener);
061
062
063
064  /**
065   * Deregister an existing GSSAPI SASL Mechanism Handler configuration change listener.
066   *
067   * @param listener
068   *          The GSSAPI SASL Mechanism Handler configuration change listener.
069   */
070  void removeGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener);
071
072
073
074  /**
075   * Gets the "identity-mapper" property.
076   * <p>
077   * Specifies the name of the identity mapper that is to be used with
078   * this SASL mechanism handler to match the Kerberos principal
079   * included in the SASL bind request to the corresponding user in the
080   * directory.
081   *
082   * @return Returns the value of the "identity-mapper" property.
083   */
084  String getIdentityMapper();
085
086
087
088  /**
089   * Gets the "identity-mapper" property as a DN.
090   * <p>
091   * Specifies the name of the identity mapper that is to be used with
092   * this SASL mechanism handler to match the Kerberos principal
093   * included in the SASL bind request to the corresponding user in the
094   * directory.
095   *
096   * @return Returns the DN value of the "identity-mapper" property.
097   */
098  DN getIdentityMapperDN();
099
100
101
102  /**
103   * Gets the "java-class" property.
104   * <p>
105   * Specifies the fully-qualified name of the Java class that
106   * provides the SASL mechanism handler implementation.
107   *
108   * @return Returns the value of the "java-class" property.
109   */
110  String getJavaClass();
111
112
113
114  /**
115   * Gets the "kdc-address" property.
116   * <p>
117   * Specifies the address of the KDC that is to be used for Kerberos
118   * processing.
119   * <p>
120   * If provided, this property must be a fully-qualified
121   * DNS-resolvable name. If this property is not provided, then the
122   * server attempts to determine it from the system-wide Kerberos
123   * configuration.
124   *
125   * @return Returns the value of the "kdc-address" property.
126   */
127  String getKdcAddress();
128
129
130
131  /**
132   * Gets the "keytab" property.
133   * <p>
134   * Specifies the path to the keytab file that should be used for
135   * Kerberos processing.
136   * <p>
137   * If provided, this is either an absolute path or one that is
138   * relative to the server instance root.
139   *
140   * @return Returns the value of the "keytab" property.
141   */
142  String getKeytab();
143
144
145
146  /**
147   * Gets the "principal-name" property.
148   * <p>
149   * Specifies the principal name.
150   * <p>
151   * It can either be a simple user name or a service name such as
152   * host/example.com. If this property is not provided, then the
153   * server attempts to build the principal name by appending the fully
154   * qualified domain name to the string "ldap/".
155   *
156   * @return Returns the value of the "principal-name" property.
157   */
158  String getPrincipalName();
159
160
161
162  /**
163   * Gets the "quality-of-protection" property.
164   * <p>
165   * The name of a property that specifies the quality of protection
166   * the server will support.
167   *
168   * @return Returns the value of the "quality-of-protection" property.
169   */
170  QualityOfProtection getQualityOfProtection();
171
172
173
174  /**
175   * Gets the "realm" property.
176   * <p>
177   * Specifies the realm to be used for GSSAPI authentication.
178   *
179   * @return Returns the value of the "realm" property.
180   */
181  String getRealm();
182
183
184
185  /**
186   * Gets the "server-fqdn" property.
187   * <p>
188   * Specifies the DNS-resolvable fully-qualified domain name for the
189   * system.
190   *
191   * @return Returns the value of the "server-fqdn" property.
192   */
193  String getServerFqdn();
194
195}