org.opends.server.admin.std.client

Interface LDAPPassThroughAuthenticationPolicyCfgClient

All Superinterfaces:

AuthenticationPolicyCfgClient, ConfigurationClient

public interface LDAPPassThroughAuthenticationPolicyCfgClient
extends AuthenticationPolicyCfgClient

A client-side interface for reading and modifying LDAP Pass Through Authentication Policy settings.

An authentication policy for users whose credentials are managed by a remote LDAP directory service.

Method Summary

Methods

Modifier and Type	Method and Description
ManagedObjectDefinition<? extends LDAPPassThroughAuthenticationPolicyCfgClient,? extends LDAPPassThroughAuthenticationPolicyCfg>	definition() Get the configuration definition associated with this LDAP Pass Through Authentication Policy.
String	getCachedPasswordStorageScheme() Gets the "cached-password-storage-scheme" property.
long	getCachedPasswordTTL() Gets the "cached-password-ttl" property.
long	getConnectionTimeout() Gets the "connection-timeout" property.
String	getJavaClass() Gets the "java-class" property.
SortedSet<AttributeType>	getMappedAttribute() Gets the "mapped-attribute" property.
SortedSet<DN>	getMappedSearchBaseDN() Gets the "mapped-search-base-dn" property.
DN	getMappedSearchBindDN() Gets the "mapped-search-bind-dn" property.
String	getMappedSearchBindPassword() Gets the "mapped-search-bind-password" property.
String	getMappedSearchBindPasswordEnvironmentVariable() Gets the "mapped-search-bind-password-environment-variable" property.
String	getMappedSearchBindPasswordFile() Gets the "mapped-search-bind-password-file" property.
String	getMappedSearchBindPasswordProperty() Gets the "mapped-search-bind-password-property" property.
LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy	getMappingPolicy() Gets the "mapping-policy" property.
SortedSet<String>	getPrimaryRemoteLDAPServer() Gets the "primary-remote-ldap-server" property.
SortedSet<String>	getSecondaryRemoteLDAPServer() Gets the "secondary-remote-ldap-server" property.
InetAddress	getSourceAddress() Gets the "source-address" property.
SortedSet<String>	getSSLCipherSuite() Gets the "ssl-cipher-suite" property.
SortedSet<String>	getSSLProtocol() Gets the "ssl-protocol" property.
String	getTrustManagerProvider() Gets the "trust-manager-provider" property.
boolean	isUsePasswordCaching() Gets the "use-password-caching" property.
boolean	isUseSSL() Gets the "use-ssl" property.
boolean	isUseTCPKeepAlive() Gets the "use-tcp-keep-alive" property.
boolean	isUseTCPNoDelay() Gets the "use-tcp-no-delay" property.
void	setCachedPasswordStorageScheme(String value) Sets the "cached-password-storage-scheme" property.
void	setCachedPasswordTTL(Long value) Sets the "cached-password-ttl" property.
void	setConnectionTimeout(Long value) Sets the "connection-timeout" property.
void	setJavaClass(String value) Sets the "java-class" property.
void	setMappedAttribute(Collection<AttributeType> values) Sets the "mapped-attribute" property.
void	setMappedSearchBaseDN(Collection<DN> values) Sets the "mapped-search-base-dn" property.
void	setMappedSearchBindDN(DN value) Sets the "mapped-search-bind-dn" property.
void	setMappedSearchBindPassword(String value) Sets the "mapped-search-bind-password" property.
void	setMappedSearchBindPasswordEnvironmentVariable(String value) Sets the "mapped-search-bind-password-environment-variable" property.
void	setMappedSearchBindPasswordFile(String value) Sets the "mapped-search-bind-password-file" property.
void	setMappedSearchBindPasswordProperty(String value) Sets the "mapped-search-bind-password-property" property.
void	setMappingPolicy(LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy value) Sets the "mapping-policy" property.
void	setPrimaryRemoteLDAPServer(Collection<String> values) Sets the "primary-remote-ldap-server" property.
void	setSecondaryRemoteLDAPServer(Collection<String> values) Sets the "secondary-remote-ldap-server" property.
void	setSourceAddress(InetAddress value) Sets the "source-address" property.
void	setSSLCipherSuite(Collection<String> values) Sets the "ssl-cipher-suite" property.
void	setSSLProtocol(Collection<String> values) Sets the "ssl-protocol" property.
void	setTrustManagerProvider(String value) Sets the "trust-manager-provider" property.
void	setUsePasswordCaching(boolean value) Sets the "use-password-caching" property.
void	setUseSSL(Boolean value) Sets the "use-ssl" property.
void	setUseTCPKeepAlive(Boolean value) Sets the "use-tcp-keep-alive" property.
void	setUseTCPNoDelay(Boolean value) Sets the "use-tcp-no-delay" property.

Methods inherited from interface org.opends.server.admin.ConfigurationClient

commit, properties

Method Detail

definition

ManagedObjectDefinition<? extends LDAPPassThroughAuthenticationPolicyCfgClient,? extends LDAPPassThroughAuthenticationPolicyCfg> definition()

Get the configuration definition associated with this LDAP Pass Through Authentication Policy.

Specified by:

definition in interface AuthenticationPolicyCfgClient

Specified by:

definition in interface ConfigurationClient

Returns:

Returns the configuration definition associated with this LDAP Pass Through Authentication Policy.

getCachedPasswordStorageScheme

String getCachedPasswordStorageScheme()

Gets the "cached-password-storage-scheme" property.

Specifies the name of a password storage scheme which should be used for encoding cached passwords.

Changing the password storage scheme will cause all existing cached passwords to be discarded.

Returns:

Returns the value of the "cached-password-storage-scheme" property.

setCachedPasswordStorageScheme

void setCachedPasswordStorageScheme(String value)
                                    throws PropertyException

Sets the "cached-password-storage-scheme" property.

Specifies the name of a password storage scheme which should be used for encoding cached passwords.

Changing the password storage scheme will cause all existing cached passwords to be discarded.

Parameters:

value - The value of the "cached-password-storage-scheme" property.

Throws:

PropertyException - If the new value is invalid.

getCachedPasswordTTL

long getCachedPasswordTTL()

Gets the "cached-password-ttl" property.

Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service.

This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service.

Returns:

Returns the value of the "cached-password-ttl" property.

setCachedPasswordTTL

void setCachedPasswordTTL(Long value)
                          throws PropertyException

Sets the "cached-password-ttl" property.

Specifies the maximum length of time that a locally cached password may be used for authentication before it is refreshed from the remote LDAP service.

This property represents a cache timeout. Increasing the timeout period decreases the frequency that bind operations are delegated to the remote LDAP service, but increases the risk of users authenticating using stale passwords. Note that authentication attempts which fail because the provided password does not match the locally cached password will always be retried against the remote LDAP service.

Parameters:

value - The value of the "cached-password-ttl" property.

Throws:

PropertyException - If the new value is invalid.

getConnectionTimeout

long getConnectionTimeout()

Gets the "connection-timeout" property.

Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests.

If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available.

Returns:

Returns the value of the "connection-timeout" property.

setConnectionTimeout

void setConnectionTimeout(Long value)
                          throws PropertyException

Sets the "connection-timeout" property.

Specifies the timeout used when connecting to remote LDAP directory servers, performing SSL negotiation, and for individual search and bind requests.

If the timeout expires then the current operation will be aborted and retried against another LDAP server if one is available.

Parameters:

value - The value of the "connection-timeout" property.

Throws:

PropertyException - If the new value is invalid.

getJavaClass

String getJavaClass()

Gets the "java-class" property.

Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation.

Specified by:

getJavaClass in interface AuthenticationPolicyCfgClient

Returns:

Returns the value of the "java-class" property.

setJavaClass

void setJavaClass(String value)
                  throws PropertyException

Sets the "java-class" property.

Specifies the fully-qualified name of the Java class which provides the LDAP Pass Through Authentication Policy implementation.

Specified by:

setJavaClass in interface AuthenticationPolicyCfgClient

Parameters:

value - The value of the "java-class" property.

Throws:

PropertyException - If the new value is invalid.

getMappedAttribute

SortedSet<AttributeType> getMappedAttribute()

Gets the "mapped-attribute" property.

Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies.

At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy.

Returns:

Returns the values of the "mapped-attribute" property.

setMappedAttribute

void setMappedAttribute(Collection<AttributeType> values)
                        throws PropertyException

Sets the "mapped-attribute" property.

Specifies one or more attributes in the user's entry whose value(s) will determine the bind DN used when authenticating to the remote LDAP directory service. This property is mandatory when using the "mapped-bind" or "mapped-search" mapping policies.

At least one value must be provided. All values must refer to the name or OID of an attribute type defined in the directory server schema. At least one of the named attributes must exist in a user's local entry in order for authentication to proceed. When multiple attributes or values are found in the user's entry then the behavior is determined by the mapping policy.

Parameters:

values - The values of the "mapped-attribute" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getMappedSearchBaseDN

SortedSet<DN> getMappedSearchBaseDN()

Gets the "mapped-search-base-dn" property.

Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy.

If multiple values are given, searches are performed below all specified base DNs.

Returns:

Returns the values of the "mapped-search-base-dn" property.

setMappedSearchBaseDN

void setMappedSearchBaseDN(Collection<DN> values)
                           throws PropertyException

Sets the "mapped-search-base-dn" property.

Specifies the set of base DNs below which to search for users in the remote LDAP directory service. This property is mandatory when using the "mapped-search" mapping policy.

If multiple values are given, searches are performed below all specified base DNs.

Parameters:

values - The values of the "mapped-search-base-dn" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getMappedSearchBindDN

DN getMappedSearchBindDN()

Gets the "mapped-search-bind-dn" property.

Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service.

Returns:

Returns the value of the "mapped-search-bind-dn" property.

setMappedSearchBindDN

void setMappedSearchBindDN(DN value)
                           throws PropertyException

Sets the "mapped-search-bind-dn" property.

Specifies the bind DN which should be used to perform user searches in the remote LDAP directory service.

Parameters:

value - The value of the "mapped-search-bind-dn" property.

Throws:

PropertyException - If the new value is invalid.

getMappedSearchBindPassword

String getMappedSearchBindPassword()

Gets the "mapped-search-bind-password" property.

Specifies the bind password which should be used to perform user searches in the remote LDAP directory service.

Returns:

Returns the value of the "mapped-search-bind-password" property.

setMappedSearchBindPassword

void setMappedSearchBindPassword(String value)
                                 throws PropertyException

Sets the "mapped-search-bind-password" property.

Specifies the bind password which should be used to perform user searches in the remote LDAP directory service.

Parameters:

value - The value of the "mapped-search-bind-password" property.

Throws:

PropertyException - If the new value is invalid.

getMappedSearchBindPasswordEnvironmentVariable

String getMappedSearchBindPasswordEnvironmentVariable()

Gets the "mapped-search-bind-password-environment-variable" property.

Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Returns:

Returns the value of the "mapped-search-bind-password-environment-variable" property.

setMappedSearchBindPasswordEnvironmentVariable

void setMappedSearchBindPasswordEnvironmentVariable(String value)
                                                    throws PropertyException

Sets the "mapped-search-bind-password-environment-variable" property.

Specifies the name of an environment variable containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Parameters:

value - The value of the "mapped-search-bind-password-environment-variable" property.

Throws:

PropertyException - If the new value is invalid.

getMappedSearchBindPasswordFile

String getMappedSearchBindPasswordFile()

Gets the "mapped-search-bind-password-file" property.

Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Returns:

Returns the value of the "mapped-search-bind-password-file" property.

setMappedSearchBindPasswordFile

void setMappedSearchBindPasswordFile(String value)
                                     throws PropertyException

Sets the "mapped-search-bind-password-file" property.

Specifies the name of a file containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Parameters:

value - The value of the "mapped-search-bind-password-file" property.

Throws:

PropertyException - If the new value is invalid.

getMappedSearchBindPasswordProperty

String getMappedSearchBindPasswordProperty()

Gets the "mapped-search-bind-password-property" property.

Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Returns:

Returns the value of the "mapped-search-bind-password-property" property.

setMappedSearchBindPasswordProperty

void setMappedSearchBindPasswordProperty(String value)
                                         throws PropertyException

Sets the "mapped-search-bind-password-property" property.

Specifies the name of a Java property containing the bind password which should be used to perform user searches in the remote LDAP directory service.

Parameters:

value - The value of the "mapped-search-bind-password-property" property.

Throws:

PropertyException - If the new value is invalid.

getMappingPolicy

LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy getMappingPolicy()

Gets the "mapping-policy" property.

Specifies the mapping algorithm for obtaining the bind DN from the user's entry.

Returns:

Returns the value of the "mapping-policy" property.

setMappingPolicy

void setMappingPolicy(LDAPPassThroughAuthenticationPolicyCfgDefn.MappingPolicy value)
                      throws PropertyException

Sets the "mapping-policy" property.

Specifies the mapping algorithm for obtaining the bind DN from the user's entry.

Parameters:

value - The value of the "mapping-policy" property.

Throws:

PropertyException - If the new value is invalid.

getPrimaryRemoteLDAPServer

SortedSet<String> getPrimaryRemoteLDAPServer()

Gets the "primary-remote-ldap-server" property.

Specifies the primary list of remote LDAP servers which should be used for pass through authentication.

If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined.

Returns:

Returns the values of the "primary-remote-ldap-server" property.

setPrimaryRemoteLDAPServer

void setPrimaryRemoteLDAPServer(Collection<String> values)
                                throws PropertyException

Sets the "primary-remote-ldap-server" property.

Specifies the primary list of remote LDAP servers which should be used for pass through authentication.

If more than one LDAP server is specified then operations may be distributed across them. If all of the primary LDAP servers are unavailable then operations will fail-over to the set of secondary LDAP servers, if defined.

Parameters:

values - The values of the "primary-remote-ldap-server" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getSecondaryRemoteLDAPServer

SortedSet<String> getSecondaryRemoteLDAPServer()

Gets the "secondary-remote-ldap-server" property.

Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable.

If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available.

Returns:

Returns the values of the "secondary-remote-ldap-server" property.

setSecondaryRemoteLDAPServer

void setSecondaryRemoteLDAPServer(Collection<String> values)
                                  throws PropertyException

Sets the "secondary-remote-ldap-server" property.

Specifies the secondary list of remote LDAP servers which should be used for pass through authentication in the event that the primary LDAP servers are unavailable.

If more than one LDAP server is specified then operations may be distributed across them. Operations will be rerouted to the primary LDAP servers as soon as they are determined to be available.

Parameters:

values - The values of the "secondary-remote-ldap-server" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getSourceAddress

InetAddress getSourceAddress()

Gets the "source-address" property.

If specified, the server will bind to the address before connecting to the remote server.

The address must be one assigned to an existing network interface.

Returns:

Returns the value of the "source-address" property.

setSourceAddress

void setSourceAddress(InetAddress value)
                      throws PropertyException

Sets the "source-address" property.

If specified, the server will bind to the address before connecting to the remote server.

The address must be one assigned to an existing network interface.

Parameters:

value - The value of the "source-address" property.

Throws:

PropertyException - If the new value is invalid.

getSSLCipherSuite

SortedSet<String> getSSLCipherSuite()

Gets the "ssl-cipher-suite" property.

Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections.

Returns:

Returns the values of the "ssl-cipher-suite" property.

setSSLCipherSuite

void setSSLCipherSuite(Collection<String> values)
                       throws PropertyException

Sets the "ssl-cipher-suite" property.

Specifies the names of the SSL cipher suites that are allowed for use in SSL based LDAP connections.

Parameters:

values - The values of the "ssl-cipher-suite" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getSSLProtocol

SortedSet<String> getSSLProtocol()

Gets the "ssl-protocol" property.

Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections.

Returns:

Returns the values of the "ssl-protocol" property.

setSSLProtocol

void setSSLProtocol(Collection<String> values)
                    throws PropertyException

Sets the "ssl-protocol" property.

Specifies the names of the SSL protocols which are allowed for use in SSL based LDAP connections.

Parameters:

values - The values of the "ssl-protocol" property.

Throws:

PropertyException - If one or more of the new values are invalid.

getTrustManagerProvider

String getTrustManagerProvider()

Gets the "trust-manager-provider" property.

Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers.

Returns:

Returns the value of the "trust-manager-provider" property.

setTrustManagerProvider

void setTrustManagerProvider(String value)
                             throws PropertyException

Sets the "trust-manager-provider" property.

Specifies the name of the trust manager that should be used when negotiating SSL connections with remote LDAP directory servers.

Parameters:

value - The value of the "trust-manager-provider" property.

Throws:

PropertyException - If the new value is invalid.

isUsePasswordCaching

boolean isUsePasswordCaching()

Gets the "use-password-caching" property.

Indicates whether passwords should be cached locally within the user's entry.

Returns:

Returns the value of the "use-password-caching" property.

setUsePasswordCaching

void setUsePasswordCaching(boolean value)
                           throws PropertyException

Sets the "use-password-caching" property.

Indicates whether passwords should be cached locally within the user's entry.

Parameters:

value - The value of the "use-password-caching" property.

Throws:

PropertyException - If the new value is invalid.

isUseSSL

boolean isUseSSL()

Gets the "use-ssl" property.

Indicates whether the LDAP Pass Through Authentication Policy should use SSL.

If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients.

Returns:

Returns the value of the "use-ssl" property.

setUseSSL

void setUseSSL(Boolean value)
               throws PropertyException

Sets the "use-ssl" property.

Indicates whether the LDAP Pass Through Authentication Policy should use SSL.

If enabled, the LDAP Pass Through Authentication Policy will use SSL to encrypt communication with the clients.

Parameters:

value - The value of the "use-ssl" property.

Throws:

PropertyException - If the new value is invalid.

isUseTCPKeepAlive

boolean isUseTCPKeepAlive()

Gets the "use-tcp-keep-alive" property.

Indicates whether LDAP connections should use TCP keep-alive.

If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

Returns:

Returns the value of the "use-tcp-keep-alive" property.

setUseTCPKeepAlive

void setUseTCPKeepAlive(Boolean value)
                        throws PropertyException

Sets the "use-tcp-keep-alive" property.

Indicates whether LDAP connections should use TCP keep-alive.

If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

Parameters:

value - The value of the "use-tcp-keep-alive" property.

Throws:

PropertyException - If the new value is invalid.

isUseTCPNoDelay

boolean isUseTCPNoDelay()

Gets the "use-tcp-no-delay" property.

Indicates whether LDAP connections should use TCP no-delay.

If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

Returns:

Returns the value of the "use-tcp-no-delay" property.

setUseTCPNoDelay

void setUseTCPNoDelay(Boolean value)
                      throws PropertyException

Sets the "use-tcp-no-delay" property.

Indicates whether LDAP connections should use TCP no-delay.

If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

Parameters:

value - The value of the "use-tcp-no-delay" property.

Throws:

PropertyException - If the new value is invalid.