001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.opends.server.admin.std.server; 027 028 029 030import java.util.SortedSet; 031import org.opends.server.admin.Configuration; 032import org.opends.server.admin.server.ConfigurationChangeListener; 033import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege; 034import org.opends.server.admin.std.meta.GlobalCfgDefn.EtimeResolution; 035import org.opends.server.admin.std.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior; 036import org.opends.server.admin.std.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior; 037import org.opends.server.admin.std.meta.GlobalCfgDefn.WritabilityMode; 038import org.opends.server.types.DN; 039 040 041 042/** 043 * A server-side interface for querying Global Configuration settings. 044 * <p> 045 * The Global Configuration contains properties that affect the 046 * overall operation of the OpenDJ. 047 */ 048public interface GlobalCfg extends Configuration { 049 050 /** 051 * Gets the configuration class associated with this Global Configuration. 052 * 053 * @return Returns the configuration class associated with this Global Configuration. 054 */ 055 Class<? extends GlobalCfg> configurationClass(); 056 057 058 059 /** 060 * Register to be notified when this Global Configuration is changed. 061 * 062 * @param listener 063 * The Global Configuration configuration change listener. 064 */ 065 void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 066 067 068 069 /** 070 * Deregister an existing Global Configuration configuration change listener. 071 * 072 * @param listener 073 * The Global Configuration configuration change listener. 074 */ 075 void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener); 076 077 078 079 /** 080 * Gets the "add-missing-rdn-attributes" property. 081 * <p> 082 * Indicates whether the directory server should automatically add 083 * any attribute values contained in the entry's RDN into that entry 084 * when processing an add request. 085 * 086 * @return Returns the value of the "add-missing-rdn-attributes" property. 087 */ 088 boolean isAddMissingRDNAttributes(); 089 090 091 092 /** 093 * Gets the "allow-attribute-name-exceptions" property. 094 * <p> 095 * Indicates whether the directory server should allow underscores 096 * in attribute names and allow attribute names to begin with numeric 097 * digits (both of which are violations of the LDAP standards). 098 * 099 * @return Returns the value of the "allow-attribute-name-exceptions" property. 100 */ 101 boolean isAllowAttributeNameExceptions(); 102 103 104 105 /** 106 * Gets the "allowed-task" property. 107 * <p> 108 * Specifies the fully-qualified name of a Java class that may be 109 * invoked in the server. 110 * <p> 111 * Any attempt to invoke a task not included in the list of allowed 112 * tasks is rejected. 113 * 114 * @return Returns an unmodifiable set containing the values of the "allowed-task" property. 115 */ 116 SortedSet<String> getAllowedTask(); 117 118 119 120 /** 121 * Gets the "bind-with-dn-requires-password" property. 122 * <p> 123 * Indicates whether the directory server should reject any simple 124 * bind request that contains a DN but no password. 125 * <p> 126 * Although such bind requests are technically allowed by the LDAPv3 127 * specification (and should be treated as anonymous simple 128 * authentication), they may introduce security problems in 129 * applications that do not verify that the client actually provided 130 * a password. 131 * 132 * @return Returns the value of the "bind-with-dn-requires-password" property. 133 */ 134 boolean isBindWithDNRequiresPassword(); 135 136 137 138 /** 139 * Gets the "check-schema" property. 140 * <p> 141 * Indicates whether schema enforcement is active. 142 * <p> 143 * When schema enforcement is activated, the directory server 144 * ensures that all operations result in entries are valid according 145 * to the defined server schema. It is strongly recommended that this 146 * option be left enabled to prevent the inadvertent addition of 147 * invalid data into the server. 148 * 149 * @return Returns the value of the "check-schema" property. 150 */ 151 boolean isCheckSchema(); 152 153 154 155 /** 156 * Gets the "default-password-policy" property. 157 * <p> 158 * Specifies the name of the password policy that is in effect for 159 * users whose entries do not specify an alternate password policy 160 * (either via a real or virtual attribute). 161 * <p> 162 * In addition, the default password policy will be used for 163 * providing default parameters for sub-entry based password policies 164 * when not provided or supported by the sub-entry itself. This 165 * property must reference a password policy and no other type of 166 * authentication policy. 167 * 168 * @return Returns the value of the "default-password-policy" property. 169 */ 170 String getDefaultPasswordPolicy(); 171 172 173 174 /** 175 * Gets the "default-password-policy" property as a DN. 176 * <p> 177 * Specifies the name of the password policy that is in effect for 178 * users whose entries do not specify an alternate password policy 179 * (either via a real or virtual attribute). 180 * <p> 181 * In addition, the default password policy will be used for 182 * providing default parameters for sub-entry based password policies 183 * when not provided or supported by the sub-entry itself. This 184 * property must reference a password policy and no other type of 185 * authentication policy. 186 * 187 * @return Returns the DN value of the "default-password-policy" 188 * property. 189 */ 190 DN getDefaultPasswordPolicyDN(); 191 192 193 194 /** 195 * Gets the "disabled-privilege" property. 196 * <p> 197 * Specifies the name of a privilege that should not be evaluated by 198 * the server. 199 * <p> 200 * If a privilege is disabled, then it is assumed that all clients 201 * (including unauthenticated clients) have that privilege. 202 * 203 * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property. 204 */ 205 SortedSet<DisabledPrivilege> getDisabledPrivilege(); 206 207 208 209 /** 210 * Gets the "etime-resolution" property. 211 * <p> 212 * Specifies the resolution to use for operation elapsed processing 213 * time (etime) measurements. 214 * 215 * @return Returns the value of the "etime-resolution" property. 216 */ 217 EtimeResolution getEtimeResolution(); 218 219 220 221 /** 222 * Gets the "idle-time-limit" property. 223 * <p> 224 * Specifies the maximum length of time that a client connection may 225 * remain established since its last completed operation. 226 * <p> 227 * A value of "0 seconds" indicates that no idle time limit is 228 * enforced. 229 * 230 * @return Returns the value of the "idle-time-limit" property. 231 */ 232 long getIdleTimeLimit(); 233 234 235 236 /** 237 * Gets the "invalid-attribute-syntax-behavior" property. 238 * <p> 239 * Specifies how the directory server should handle operations 240 * whenever an attribute value violates the associated attribute 241 * syntax. 242 * 243 * @return Returns the value of the "invalid-attribute-syntax-behavior" property. 244 */ 245 InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior(); 246 247 248 249 /** 250 * Gets the "lookthrough-limit" property. 251 * <p> 252 * Specifies the maximum number of entries that the directory server 253 * should "look through" in the course of processing a search 254 * request. 255 * <p> 256 * This includes any entry that the server must examine in the 257 * course of processing the request, regardless of whether it 258 * actually matches the search criteria. A value of 0 indicates that 259 * no lookthrough limit is enforced. Note that this is the default 260 * server-wide limit, but it may be overridden on a per-user basis 261 * using the ds-rlim-lookthrough-limit operational attribute. 262 * 263 * @return Returns the value of the "lookthrough-limit" property. 264 */ 265 int getLookthroughLimit(); 266 267 268 269 /** 270 * Gets the "max-allowed-client-connections" property. 271 * <p> 272 * Specifies the maximum number of client connections that may be 273 * established at any given time 274 * <p> 275 * A value of 0 indicates that unlimited client connection is 276 * allowed. 277 * 278 * @return Returns the value of the "max-allowed-client-connections" property. 279 */ 280 int getMaxAllowedClientConnections(); 281 282 283 284 /** 285 * Gets the "max-internal-buffer-size" property. 286 * <p> 287 * The threshold capacity beyond which internal cached buffers used 288 * for encoding and decoding entries and protocol messages will be 289 * trimmed after use. 290 * <p> 291 * Individual buffers may grow very large when encoding and decoding 292 * large entries and protocol messages and should be reduced in size 293 * when they are no longer needed. This setting specifies the 294 * threshold at which a buffer is determined to have grown too big 295 * and should be trimmed down after use. 296 * 297 * @return Returns the value of the "max-internal-buffer-size" property. 298 */ 299 long getMaxInternalBufferSize(); 300 301 302 303 /** 304 * Gets the "max-psearches" property. 305 * <p> 306 * Defines the maximum number of concurrent persistent searches that 307 * can be performed on directory server 308 * <p> 309 * The persistent search mechanism provides an active channel 310 * through which entries that change, and information about the 311 * changes that occur, can be communicated. Because each persistent 312 * search operation consumes resources, limiting the number of 313 * simultaneous persistent searches keeps the performance impact 314 * minimal. A value of -1 indicates that there is no limit on the 315 * persistent searches. 316 * 317 * @return Returns the value of the "max-psearches" property. 318 */ 319 int getMaxPsearches(); 320 321 322 323 /** 324 * Gets the "notify-abandoned-operations" property. 325 * <p> 326 * Indicates whether the directory server should send a response to 327 * any operation that is interrupted via an abandon request. 328 * <p> 329 * The LDAP specification states that abandoned operations should 330 * not receive any response, but this may cause problems with client 331 * applications that always expect to receive a response to each 332 * request. 333 * 334 * @return Returns the value of the "notify-abandoned-operations" property. 335 */ 336 boolean isNotifyAbandonedOperations(); 337 338 339 340 /** 341 * Gets the "proxied-authorization-identity-mapper" property. 342 * <p> 343 * Specifies the name of the identity mapper to map authorization ID 344 * values (using the "u:" form) provided in the proxied authorization 345 * control to the corresponding user entry. 346 * 347 * @return Returns the value of the "proxied-authorization-identity-mapper" property. 348 */ 349 String getProxiedAuthorizationIdentityMapper(); 350 351 352 353 /** 354 * Gets the "proxied-authorization-identity-mapper" property as a 355 * DN. 356 * <p> 357 * Specifies the name of the identity mapper to map authorization ID 358 * values (using the "u:" form) provided in the proxied authorization 359 * control to the corresponding user entry. 360 * 361 * @return Returns the DN value of the 362 * "proxied-authorization-identity-mapper" property. 363 */ 364 DN getProxiedAuthorizationIdentityMapperDN(); 365 366 367 368 /** 369 * Gets the "reject-unauthenticated-requests" property. 370 * <p> 371 * Indicates whether the directory server should reject any request 372 * (other than bind or StartTLS requests) received from a client that 373 * has not yet been authenticated, whose last authentication attempt 374 * was unsuccessful, or whose last authentication attempt used 375 * anonymous authentication. 376 * 377 * @return Returns the value of the "reject-unauthenticated-requests" property. 378 */ 379 boolean isRejectUnauthenticatedRequests(); 380 381 382 383 /** 384 * Gets the "return-bind-error-messages" property. 385 * <p> 386 * Indicates whether responses for failed bind operations should 387 * include a message string providing the reason for the 388 * authentication failure. 389 * <p> 390 * Note that these messages may include information that could 391 * potentially be used by an attacker. If this option is disabled, 392 * then these messages appears only in the server's access log. 393 * 394 * @return Returns the value of the "return-bind-error-messages" property. 395 */ 396 boolean isReturnBindErrorMessages(); 397 398 399 400 /** 401 * Gets the "save-config-on-successful-startup" property. 402 * <p> 403 * Indicates whether the directory server should save a copy of its 404 * configuration whenever the startup process completes successfully. 405 * <p> 406 * This ensures that the server provides a "last known good" 407 * configuration, which can be used as a reference (or copied into 408 * the active config) if the server fails to start with the current 409 * "active" configuration. 410 * 411 * @return Returns the value of the "save-config-on-successful-startup" property. 412 */ 413 boolean isSaveConfigOnSuccessfulStartup(); 414 415 416 417 /** 418 * Gets the "server-error-result-code" property. 419 * <p> 420 * Specifies the numeric value of the result code when request 421 * processing fails due to an internal server error. 422 * 423 * @return Returns the value of the "server-error-result-code" property. 424 */ 425 int getServerErrorResultCode(); 426 427 428 429 /** 430 * Gets the "single-structural-objectclass-behavior" property. 431 * <p> 432 * Specifies how the directory server should handle operations an 433 * entry does not contain a structural object class or contains 434 * multiple structural classes. 435 * 436 * @return Returns the value of the "single-structural-objectclass-behavior" property. 437 */ 438 SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior(); 439 440 441 442 /** 443 * Gets the "size-limit" property. 444 * <p> 445 * Specifies the maximum number of entries that can be returned to 446 * the client during a single search operation. 447 * <p> 448 * A value of 0 indicates that no size limit is enforced. Note that 449 * this is the default server-wide limit, but it may be overridden on 450 * a per-user basis using the ds-rlim-size-limit operational 451 * attribute. 452 * 453 * @return Returns the value of the "size-limit" property. 454 */ 455 int getSizeLimit(); 456 457 458 459 /** 460 * Gets the "smtp-server" property. 461 * <p> 462 * Specifies the address (and optional port number) for a mail 463 * server that can be used to send email messages via SMTP. 464 * <p> 465 * It may be an IP address or resolvable hostname, optionally 466 * followed by a colon and a port number. 467 * 468 * @return Returns an unmodifiable set containing the values of the "smtp-server" property. 469 */ 470 SortedSet<String> getSMTPServer(); 471 472 473 474 /** 475 * Gets the "time-limit" property. 476 * <p> 477 * Specifies the maximum length of time that should be spent 478 * processing a single search operation. 479 * <p> 480 * A value of 0 seconds indicates that no time limit is enforced. 481 * Note that this is the default server-wide time limit, but it may 482 * be overridden on a per-user basis using the ds-rlim-time-limit 483 * operational attribute. 484 * 485 * @return Returns the value of the "time-limit" property. 486 */ 487 long getTimeLimit(); 488 489 490 491 /** 492 * Gets the "writability-mode" property. 493 * <p> 494 * Specifies the kinds of write operations the directory server can 495 * process. 496 * 497 * @return Returns the value of the "writability-mode" property. 498 */ 499 WritabilityMode getWritabilityMode(); 500 501}