Package org.forgerock.opendj.server.config.client

Interface GssapiSaslMechanismHandlerCfgClient

All Superinterfaces:
ConfigurationClient, SaslMechanismHandlerCfgClient
public interface GssapiSaslMechanismHandlerCfgClient extends SaslMechanismHandlerCfgClient
A client-side interface for reading and modifying GSSAPI SASL Mechanism Handler settings.

The GSSAPI SASL mechanism performs all processing related to SASL GSSAPI authentication using Kerberos V5.

  • Method Details

    • definition

      ManagedObjectDefinition<? extends GssapiSaslMechanismHandlerCfgClient,? extends GssapiSaslMechanismHandlerCfg> definition()
      Get the configuration definition associated with this GSSAPI SASL Mechanism Handler.
      Specified by:
      definition in interface ConfigurationClient
      Specified by:
      definition in interface SaslMechanismHandlerCfgClient
      Returns:
      Returns the configuration definition associated with this GSSAPI SASL Mechanism Handler.

    • isBindToServerFqdn

      ValueOrExpression<Boolean> isBindToServerFqdn()
      Gets the "bind-to-server-fqdn" property.

      Specifies if the server should bind to the server-fqdn or whether to try to run "unbound".

      The SASL server usually binds to the server-fqdn. By setting GSSAPI SASL Mechanism Handler to false, the server will not bind to a server name. Some SASL implementations are likely to also require the principal name to be "*" and have no realm specified, or may not support running "unbound" altogether.

      Default value: true

      Returns:
      Returns the value of the "bind-to-server-fqdn" property.

    • setBindToServerFqdn

      void setBindToServerFqdn(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "bind-to-server-fqdn" property.

      Specifies if the server should bind to the server-fqdn or whether to try to run "unbound".

      The SASL server usually binds to the server-fqdn. By setting GSSAPI SASL Mechanism Handler to false, the server will not bind to a server name. Some SASL implementations are likely to also require the principal name to be "*" and have no realm specified, or may not support running "unbound" altogether.

      Parameters:
      value - The value of the "bind-to-server-fqdn" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getIdentityMapper

      @MandatoryProperty SortedSet<ValueOrExpression<String>> getIdentityMapper()
      Gets the "identity-mapper" property.

      Specifies the name(s) of the identity mapper(s) that are to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory.

      Returns:
      Returns the values of the "identity-mapper" property.

    • setIdentityMapper

      @MandatoryProperty void setIdentityMapper(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "identity-mapper" property.

      Specifies the name(s) of the identity mapper(s) that are to be used with this SASL mechanism handler to match the Kerberos principal included in the SASL bind request to the corresponding user in the directory.

      Parameters:
      values - The values of the "identity-mapper" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getJavaClass

      @MandatoryProperty ValueOrExpression<String> getJavaClass()
      Gets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

      Default value: org.opends.server.extensions.GSSAPISASLMechanismHandler

      Specified by:
      getJavaClass in interface SaslMechanismHandlerCfgClient
      Returns:
      Returns the value of the "java-class" property.

    • setJavaClass

      @MandatoryProperty void setJavaClass(ValueOrExpression<String> value) throws PropertyException
      Sets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the SASL mechanism handler implementation.

      Specified by:
      setJavaClass in interface SaslMechanismHandlerCfgClient
      Parameters:
      value - The value of the "java-class" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKdcAddress

      ValueOrExpression<String> getKdcAddress()
      Gets the "kdc-address" property.

      Specifies the address of the KDC that is to be used for Kerberos processing.

      If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration.

      Returns:
      Returns the value of the "kdc-address" property.

    • setKdcAddress

      void setKdcAddress(ValueOrExpression<String> value) throws PropertyException
      Sets the "kdc-address" property.

      Specifies the address of the KDC that is to be used for Kerberos processing.

      If provided, this property must be a fully-qualified DNS-resolvable name. If this property is not provided, then the server attempts to determine it from the system-wide Kerberos configuration.

      Parameters:
      value - The value of the "kdc-address" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeytab

      ValueOrExpression<String> getKeytab()
      Gets the "keytab" property.

      Specifies the path to the keytab file that should be used for Kerberos processing.

      If provided, this is either an absolute path or one that is relative to the server instance root.

      Returns:
      Returns the value of the "keytab" property.

    • setKeytab

      void setKeytab(ValueOrExpression<String> value) throws PropertyException
      Sets the "keytab" property.

      Specifies the path to the keytab file that should be used for Kerberos processing.

      If provided, this is either an absolute path or one that is relative to the server instance root.

      Parameters:
      value - The value of the "keytab" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getPrincipalName

      ValueOrExpression<String> getPrincipalName()
      Gets the "principal-name" property.

      Specifies the principal name.

      It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/".

      Returns:
      Returns the value of the "principal-name" property.

    • setPrincipalName

      void setPrincipalName(ValueOrExpression<String> value) throws PropertyException
      Sets the "principal-name" property.

      Specifies the principal name.

      It can either be a simple user name or a service name such as host/example.com. If this property is not provided, then the server attempts to build the principal name by appending the fully qualified domain name to the string "ldap/".

      Parameters:
      value - The value of the "principal-name" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getQualityOfProtection

      ValueOrExpression<GssapiSaslMechanismHandlerCfgDefn.QualityOfProtection> getQualityOfProtection()
      Gets the "quality-of-protection" property.

      The name of a property that specifies the quality of protection the server will support.

      Default value: none

      Returns:
      Returns the value of the "quality-of-protection" property.

    • setQualityOfProtection

      void setQualityOfProtection(ValueOrExpression<GssapiSaslMechanismHandlerCfgDefn.QualityOfProtection> value) throws PropertyException
      Sets the "quality-of-protection" property.

      The name of a property that specifies the quality of protection the server will support.

      Parameters:
      value - The value of the "quality-of-protection" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getRealm

      ValueOrExpression<String> getRealm()
      Gets the "realm" property.

      Specifies the realm to be used for GSSAPI authentication.

      Returns:
      Returns the value of the "realm" property.

    • setRealm

      void setRealm(ValueOrExpression<String> value) throws PropertyException
      Sets the "realm" property.

      Specifies the realm to be used for GSSAPI authentication.

      Parameters:
      value - The value of the "realm" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getServerFqdn

      ValueOrExpression<String> getServerFqdn()
      Gets the "server-fqdn" property.

      Specifies the DNS-resolvable fully-qualified domain name for the system.

      Returns:
      Returns the value of the "server-fqdn" property.

    • setServerFqdn

      void setServerFqdn(ValueOrExpression<String> value) throws PropertyException
      Sets the "server-fqdn" property.

      Specifies the DNS-resolvable fully-qualified domain name for the system.

      Parameters:
      value - The value of the "server-fqdn" property.
      Throws:
      PropertyException - If the new value is invalid.