001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.server;
027
028
029
030import java.util.SortedSet;
031import org.opends.server.admin.Configuration;
032import org.opends.server.admin.server.ConfigurationChangeListener;
033import org.opends.server.admin.std.meta.GlobalCfgDefn.DisabledPrivilege;
034import org.opends.server.admin.std.meta.GlobalCfgDefn.EtimeResolution;
035import org.opends.server.admin.std.meta.GlobalCfgDefn.InvalidAttributeSyntaxBehavior;
036import org.opends.server.admin.std.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior;
037import org.opends.server.admin.std.meta.GlobalCfgDefn.WritabilityMode;
038import org.opends.server.types.DN;
039
040
041
042/**
043 * A server-side interface for querying Global Configuration settings.
044 * <p>
045 * The Global Configuration contains properties that affect the
046 * overall operation of the OpenDJ.
047 */
048public interface GlobalCfg extends Configuration {
049
050  /**
051   * Gets the configuration class associated with this Global Configuration.
052   *
053   * @return Returns the configuration class associated with this Global Configuration.
054   */
055  Class<? extends GlobalCfg> configurationClass();
056
057
058
059  /**
060   * Register to be notified when this Global Configuration is changed.
061   *
062   * @param listener
063   *          The Global Configuration configuration change listener.
064   */
065  void addChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
066
067
068
069  /**
070   * Deregister an existing Global Configuration configuration change listener.
071   *
072   * @param listener
073   *          The Global Configuration configuration change listener.
074   */
075  void removeChangeListener(ConfigurationChangeListener<GlobalCfg> listener);
076
077
078
079  /**
080   * Gets the "add-missing-rdn-attributes" property.
081   * <p>
082   * Indicates whether the directory server should automatically add
083   * any attribute values contained in the entry's RDN into that entry
084   * when processing an add request.
085   *
086   * @return Returns the value of the "add-missing-rdn-attributes" property.
087   */
088  boolean isAddMissingRDNAttributes();
089
090
091
092  /**
093   * Gets the "allow-attribute-name-exceptions" property.
094   * <p>
095   * Indicates whether the directory server should allow underscores
096   * in attribute names and allow attribute names to begin with numeric
097   * digits (both of which are violations of the LDAP standards).
098   *
099   * @return Returns the value of the "allow-attribute-name-exceptions" property.
100   */
101  boolean isAllowAttributeNameExceptions();
102
103
104
105  /**
106   * Gets the "allowed-task" property.
107   * <p>
108   * Specifies the fully-qualified name of a Java class that may be
109   * invoked in the server.
110   * <p>
111   * Any attempt to invoke a task not included in the list of allowed
112   * tasks is rejected.
113   *
114   * @return Returns an unmodifiable set containing the values of the "allowed-task" property.
115   */
116  SortedSet<String> getAllowedTask();
117
118
119
120  /**
121   * Gets the "bind-with-dn-requires-password" property.
122   * <p>
123   * Indicates whether the directory server should reject any simple
124   * bind request that contains a DN but no password.
125   * <p>
126   * Although such bind requests are technically allowed by the LDAPv3
127   * specification (and should be treated as anonymous simple
128   * authentication), they may introduce security problems in
129   * applications that do not verify that the client actually provided
130   * a password.
131   *
132   * @return Returns the value of the "bind-with-dn-requires-password" property.
133   */
134  boolean isBindWithDNRequiresPassword();
135
136
137
138  /**
139   * Gets the "check-schema" property.
140   * <p>
141   * Indicates whether schema enforcement is active.
142   * <p>
143   * When schema enforcement is activated, the directory server
144   * ensures that all operations result in entries are valid according
145   * to the defined server schema. It is strongly recommended that this
146   * option be left enabled to prevent the inadvertent addition of
147   * invalid data into the server.
148   *
149   * @return Returns the value of the "check-schema" property.
150   */
151  boolean isCheckSchema();
152
153
154
155  /**
156   * Gets the "default-password-policy" property.
157   * <p>
158   * Specifies the name of the password policy that is in effect for
159   * users whose entries do not specify an alternate password policy
160   * (either via a real or virtual attribute).
161   * <p>
162   * In addition, the default password policy will be used for
163   * providing default parameters for sub-entry based password policies
164   * when not provided or supported by the sub-entry itself. This
165   * property must reference a password policy and no other type of
166   * authentication policy.
167   *
168   * @return Returns the value of the "default-password-policy" property.
169   */
170  String getDefaultPasswordPolicy();
171
172
173
174  /**
175   * Gets the "default-password-policy" property as a DN.
176   * <p>
177   * Specifies the name of the password policy that is in effect for
178   * users whose entries do not specify an alternate password policy
179   * (either via a real or virtual attribute).
180   * <p>
181   * In addition, the default password policy will be used for
182   * providing default parameters for sub-entry based password policies
183   * when not provided or supported by the sub-entry itself. This
184   * property must reference a password policy and no other type of
185   * authentication policy.
186   *
187   * @return Returns the DN value of the "default-password-policy"
188   *         property.
189   */
190  DN getDefaultPasswordPolicyDN();
191
192
193
194  /**
195   * Gets the "disabled-privilege" property.
196   * <p>
197   * Specifies the name of a privilege that should not be evaluated by
198   * the server.
199   * <p>
200   * If a privilege is disabled, then it is assumed that all clients
201   * (including unauthenticated clients) have that privilege.
202   *
203   * @return Returns an unmodifiable set containing the values of the "disabled-privilege" property.
204   */
205  SortedSet<DisabledPrivilege> getDisabledPrivilege();
206
207
208
209  /**
210   * Gets the "etime-resolution" property.
211   * <p>
212   * Specifies the resolution to use for operation elapsed processing
213   * time (etime) measurements.
214   *
215   * @return Returns the value of the "etime-resolution" property.
216   */
217  EtimeResolution getEtimeResolution();
218
219
220
221  /**
222   * Gets the "idle-time-limit" property.
223   * <p>
224   * Specifies the maximum length of time that a client connection may
225   * remain established since its last completed operation.
226   * <p>
227   * A value of "0 seconds" indicates that no idle time limit is
228   * enforced.
229   *
230   * @return Returns the value of the "idle-time-limit" property.
231   */
232  long getIdleTimeLimit();
233
234
235
236  /**
237   * Gets the "invalid-attribute-syntax-behavior" property.
238   * <p>
239   * Specifies how the directory server should handle operations
240   * whenever an attribute value violates the associated attribute
241   * syntax.
242   *
243   * @return Returns the value of the "invalid-attribute-syntax-behavior" property.
244   */
245  InvalidAttributeSyntaxBehavior getInvalidAttributeSyntaxBehavior();
246
247
248
249  /**
250   * Gets the "lookthrough-limit" property.
251   * <p>
252   * Specifies the maximum number of entries that the directory server
253   * should "look through" in the course of processing a search
254   * request.
255   * <p>
256   * This includes any entry that the server must examine in the
257   * course of processing the request, regardless of whether it
258   * actually matches the search criteria. A value of 0 indicates that
259   * no lookthrough limit is enforced. Note that this is the default
260   * server-wide limit, but it may be overridden on a per-user basis
261   * using the ds-rlim-lookthrough-limit operational attribute.
262   *
263   * @return Returns the value of the "lookthrough-limit" property.
264   */
265  int getLookthroughLimit();
266
267
268
269  /**
270   * Gets the "max-allowed-client-connections" property.
271   * <p>
272   * Specifies the maximum number of client connections that may be
273   * established at any given time
274   * <p>
275   * A value of 0 indicates that unlimited client connection is
276   * allowed.
277   *
278   * @return Returns the value of the "max-allowed-client-connections" property.
279   */
280  int getMaxAllowedClientConnections();
281
282
283
284  /**
285   * Gets the "max-internal-buffer-size" property.
286   * <p>
287   * The threshold capacity beyond which internal cached buffers used
288   * for encoding and decoding entries and protocol messages will be
289   * trimmed after use.
290   * <p>
291   * Individual buffers may grow very large when encoding and decoding
292   * large entries and protocol messages and should be reduced in size
293   * when they are no longer needed. This setting specifies the
294   * threshold at which a buffer is determined to have grown too big
295   * and should be trimmed down after use.
296   *
297   * @return Returns the value of the "max-internal-buffer-size" property.
298   */
299  long getMaxInternalBufferSize();
300
301
302
303  /**
304   * Gets the "max-psearches" property.
305   * <p>
306   * Defines the maximum number of concurrent persistent searches that
307   * can be performed on directory server
308   * <p>
309   * The persistent search mechanism provides an active channel
310   * through which entries that change, and information about the
311   * changes that occur, can be communicated. Because each persistent
312   * search operation consumes resources, limiting the number of
313   * simultaneous persistent searches keeps the performance impact
314   * minimal. A value of -1 indicates that there is no limit on the
315   * persistent searches.
316   *
317   * @return Returns the value of the "max-psearches" property.
318   */
319  int getMaxPsearches();
320
321
322
323  /**
324   * Gets the "notify-abandoned-operations" property.
325   * <p>
326   * Indicates whether the directory server should send a response to
327   * any operation that is interrupted via an abandon request.
328   * <p>
329   * The LDAP specification states that abandoned operations should
330   * not receive any response, but this may cause problems with client
331   * applications that always expect to receive a response to each
332   * request.
333   *
334   * @return Returns the value of the "notify-abandoned-operations" property.
335   */
336  boolean isNotifyAbandonedOperations();
337
338
339
340  /**
341   * Gets the "proxied-authorization-identity-mapper" property.
342   * <p>
343   * Specifies the name of the identity mapper to map authorization ID
344   * values (using the "u:" form) provided in the proxied authorization
345   * control to the corresponding user entry.
346   *
347   * @return Returns the value of the "proxied-authorization-identity-mapper" property.
348   */
349  String getProxiedAuthorizationIdentityMapper();
350
351
352
353  /**
354   * Gets the "proxied-authorization-identity-mapper" property as a
355   * DN.
356   * <p>
357   * Specifies the name of the identity mapper to map authorization ID
358   * values (using the "u:" form) provided in the proxied authorization
359   * control to the corresponding user entry.
360   *
361   * @return Returns the DN value of the
362   *         "proxied-authorization-identity-mapper" property.
363   */
364  DN getProxiedAuthorizationIdentityMapperDN();
365
366
367
368  /**
369   * Gets the "reject-unauthenticated-requests" property.
370   * <p>
371   * Indicates whether the directory server should reject any request
372   * (other than bind or StartTLS requests) received from a client that
373   * has not yet been authenticated, whose last authentication attempt
374   * was unsuccessful, or whose last authentication attempt used
375   * anonymous authentication.
376   *
377   * @return Returns the value of the "reject-unauthenticated-requests" property.
378   */
379  boolean isRejectUnauthenticatedRequests();
380
381
382
383  /**
384   * Gets the "return-bind-error-messages" property.
385   * <p>
386   * Indicates whether responses for failed bind operations should
387   * include a message string providing the reason for the
388   * authentication failure.
389   * <p>
390   * Note that these messages may include information that could
391   * potentially be used by an attacker. If this option is disabled,
392   * then these messages appears only in the server's access log.
393   *
394   * @return Returns the value of the "return-bind-error-messages" property.
395   */
396  boolean isReturnBindErrorMessages();
397
398
399
400  /**
401   * Gets the "save-config-on-successful-startup" property.
402   * <p>
403   * Indicates whether the directory server should save a copy of its
404   * configuration whenever the startup process completes successfully.
405   * <p>
406   * This ensures that the server provides a "last known good"
407   * configuration, which can be used as a reference (or copied into
408   * the active config) if the server fails to start with the current
409   * "active" configuration.
410   *
411   * @return Returns the value of the "save-config-on-successful-startup" property.
412   */
413  boolean isSaveConfigOnSuccessfulStartup();
414
415
416
417  /**
418   * Gets the "server-error-result-code" property.
419   * <p>
420   * Specifies the numeric value of the result code when request
421   * processing fails due to an internal server error.
422   *
423   * @return Returns the value of the "server-error-result-code" property.
424   */
425  int getServerErrorResultCode();
426
427
428
429  /**
430   * Gets the "single-structural-objectclass-behavior" property.
431   * <p>
432   * Specifies how the directory server should handle operations an
433   * entry does not contain a structural object class or contains
434   * multiple structural classes.
435   *
436   * @return Returns the value of the "single-structural-objectclass-behavior" property.
437   */
438  SingleStructuralObjectclassBehavior getSingleStructuralObjectclassBehavior();
439
440
441
442  /**
443   * Gets the "size-limit" property.
444   * <p>
445   * Specifies the maximum number of entries that can be returned to
446   * the client during a single search operation.
447   * <p>
448   * A value of 0 indicates that no size limit is enforced. Note that
449   * this is the default server-wide limit, but it may be overridden on
450   * a per-user basis using the ds-rlim-size-limit operational
451   * attribute.
452   *
453   * @return Returns the value of the "size-limit" property.
454   */
455  int getSizeLimit();
456
457
458
459  /**
460   * Gets the "smtp-server" property.
461   * <p>
462   * Specifies the address (and optional port number) for a mail
463   * server that can be used to send email messages via SMTP.
464   * <p>
465   * It may be an IP address or resolvable hostname, optionally
466   * followed by a colon and a port number.
467   *
468   * @return Returns an unmodifiable set containing the values of the "smtp-server" property.
469   */
470  SortedSet<String> getSMTPServer();
471
472
473
474  /**
475   * Gets the "time-limit" property.
476   * <p>
477   * Specifies the maximum length of time that should be spent
478   * processing a single search operation.
479   * <p>
480   * A value of 0 seconds indicates that no time limit is enforced.
481   * Note that this is the default server-wide time limit, but it may
482   * be overridden on a per-user basis using the ds-rlim-time-limit
483   * operational attribute.
484   *
485   * @return Returns the value of the "time-limit" property.
486   */
487  long getTimeLimit();
488
489
490
491  /**
492   * Gets the "writability-mode" property.
493   * <p>
494   * Specifies the kinds of write operations the directory server can
495   * process.
496   *
497   * @return Returns the value of the "writability-mode" property.
498   */
499  WritabilityMode getWritabilityMode();
500
501}