001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.server; 027 028 029 030import org.opends.server.admin.server.ConfigurationChangeListener; 031import org.opends.server.admin.std.meta.GSSAPISASLMechanismHandlerCfgDefn.QualityOfProtection; 032import org.opends.server.types.DN; 033 034 035 036/** 037 * A server-side interface for querying GSSAPI SASL Mechanism Handler 038 * settings. 039 * <p> 040 * The GSSAPI SASL mechanism performs all processing related to SASL 041 * GSSAPI authentication using Kerberos V5. 042 */ 043public interface GSSAPISASLMechanismHandlerCfg extends SASLMechanismHandlerCfg { 044 045 /** 046 * Gets the configuration class associated with this GSSAPI SASL Mechanism Handler. 047 * 048 * @return Returns the configuration class associated with this GSSAPI SASL Mechanism Handler. 049 */ 050 Class<? extends GSSAPISASLMechanismHandlerCfg> configurationClass(); 051 052 053 054 /** 055 * Register to be notified when this GSSAPI SASL Mechanism Handler is changed. 056 * 057 * @param listener 058 * The GSSAPI SASL Mechanism Handler configuration change listener. 059 */ 060 void addGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener); 061 062 063 064 /** 065 * Deregister an existing GSSAPI SASL Mechanism Handler configuration change listener. 066 * 067 * @param listener 068 * The GSSAPI SASL Mechanism Handler configuration change listener. 069 */ 070 void removeGSSAPIChangeListener(ConfigurationChangeListener<GSSAPISASLMechanismHandlerCfg> listener); 071 072 073 074 /** 075 * Gets the "identity-mapper" property. 076 * <p> 077 * Specifies the name of the identity mapper that is to be used with 078 * this SASL mechanism handler to match the Kerberos principal 079 * included in the SASL bind request to the corresponding user in the 080 * directory. 081 * 082 * @return Returns the value of the "identity-mapper" property. 083 */ 084 String getIdentityMapper(); 085 086 087 088 /** 089 * Gets the "identity-mapper" property as a DN. 090 * <p> 091 * Specifies the name of the identity mapper that is to be used with 092 * this SASL mechanism handler to match the Kerberos principal 093 * included in the SASL bind request to the corresponding user in the 094 * directory. 095 * 096 * @return Returns the DN value of the "identity-mapper" property. 097 */ 098 DN getIdentityMapperDN(); 099 100 101 102 /** 103 * Gets the "java-class" property. 104 * <p> 105 * Specifies the fully-qualified name of the Java class that 106 * provides the SASL mechanism handler implementation. 107 * 108 * @return Returns the value of the "java-class" property. 109 */ 110 String getJavaClass(); 111 112 113 114 /** 115 * Gets the "kdc-address" property. 116 * <p> 117 * Specifies the address of the KDC that is to be used for Kerberos 118 * processing. 119 * <p> 120 * If provided, this property must be a fully-qualified 121 * DNS-resolvable name. If this property is not provided, then the 122 * server attempts to determine it from the system-wide Kerberos 123 * configuration. 124 * 125 * @return Returns the value of the "kdc-address" property. 126 */ 127 String getKdcAddress(); 128 129 130 131 /** 132 * Gets the "keytab" property. 133 * <p> 134 * Specifies the path to the keytab file that should be used for 135 * Kerberos processing. 136 * <p> 137 * If provided, this is either an absolute path or one that is 138 * relative to the server instance root. 139 * 140 * @return Returns the value of the "keytab" property. 141 */ 142 String getKeytab(); 143 144 145 146 /** 147 * Gets the "principal-name" property. 148 * <p> 149 * Specifies the principal name. 150 * <p> 151 * It can either be a simple user name or a service name such as 152 * host/example.com. If this property is not provided, then the 153 * server attempts to build the principal name by appending the fully 154 * qualified domain name to the string "ldap/". 155 * 156 * @return Returns the value of the "principal-name" property. 157 */ 158 String getPrincipalName(); 159 160 161 162 /** 163 * Gets the "quality-of-protection" property. 164 * <p> 165 * The name of a property that specifies the quality of protection 166 * the server will support. 167 * 168 * @return Returns the value of the "quality-of-protection" property. 169 */ 170 QualityOfProtection getQualityOfProtection(); 171 172 173 174 /** 175 * Gets the "realm" property. 176 * <p> 177 * Specifies the realm to be used for GSSAPI authentication. 178 * 179 * @return Returns the value of the "realm" property. 180 */ 181 String getRealm(); 182 183 184 185 /** 186 * Gets the "server-fqdn" property. 187 * <p> 188 * Specifies the DNS-resolvable fully-qualified domain name for the 189 * system. 190 * 191 * @return Returns the value of the "server-fqdn" property. 192 */ 193 String getServerFqdn(); 194 195}