Package org.forgerock.opendj.server.config.client

Interface LdapConnectionHandlerCfgClient

All Superinterfaces:
ConfigurationClient, ConnectionHandlerCfgClient
public interface LdapConnectionHandlerCfgClient extends ConnectionHandlerCfgClient
A client-side interface for reading and modifying LDAP Connection Handler settings.

The LDAP Connection Handler is used to interact with clients using LDAP.

  • Method Details

    • definition

      ManagedObjectDefinition<? extends LdapConnectionHandlerCfgClient,? extends LdapConnectionHandlerCfg> definition()
      Get the configuration definition associated with this LDAP Connection Handler.
      Specified by:
      definition in interface ConfigurationClient
      Specified by:
      definition in interface ConnectionHandlerCfgClient
      Returns:
      Returns the configuration definition associated with this LDAP Connection Handler.

    • getAcceptBacklog

      ValueOrExpression<Integer> getAcceptBacklog()
      Gets the "accept-backlog" property.

      Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts.

      This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established.

      Default value: 128

      Returns:
      Returns the value of the "accept-backlog" property.

    • setAcceptBacklog

      void setAcceptBacklog(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "accept-backlog" property.

      Specifies the maximum number of pending connection attempts that are allowed to queue up in the accept backlog before the server starts rejecting new connection attempts.

      This is primarily an issue for cases in which a large number of connections are established to the server in a very short period of time (for example, a benchmark utility that creates a large number of client threads that each have their own connection to the server) and the connection handler is unable to keep up with the rate at which the new connections are established.

      Parameters:
      value - The value of the "accept-backlog" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getAdvertisedListenAddress

      @MandatoryProperty SortedSet<ValueOrExpression<com.forgerock.opendj.util.Host>> getAdvertisedListenAddress()
      Gets the "advertised-listen-address" property.

      The advertised address(es) which clients should use for connecting to this LDAP Connection Handler.

      Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted.

      Default value is inherited from another property

      Returns:
      Returns the values of the "advertised-listen-address" property.

    • setAdvertisedListenAddress

      @MandatoryProperty void setAdvertisedListenAddress(Collection<ValueOrExpression<com.forgerock.opendj.util.Host>> values) throws PropertyException
      Sets the "advertised-listen-address" property.

      The advertised address(es) which clients should use for connecting to this LDAP Connection Handler.

      Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted.

      Parameters:
      values - The values of the "advertised-listen-address" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • isAllowLdapV2

      ValueOrExpression<Boolean> isAllowLdapV2()
      Gets the "allow-ldap-v2" property.

      Indicates whether connections from LDAPv2 clients are allowed.

      If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client.

      Default value: true

      Returns:
      Returns the value of the "allow-ldap-v2" property.

    • setAllowLdapV2

      void setAllowLdapV2(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "allow-ldap-v2" property.

      Indicates whether connections from LDAPv2 clients are allowed.

      If LDAPv2 clients are allowed, then only a minimal degree of special support are provided for them to ensure that LDAPv3-specific protocol elements (for example, Configuration Guide 25 controls, extended response messages, intermediate response messages, referrals) are not sent to an LDAPv2 client.

      Parameters:
      value - The value of the "allow-ldap-v2" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isAllowStartTls

      ValueOrExpression<Boolean> isAllowStartTls()
      Gets the "allow-start-tls" property.

      Indicates whether clients are allowed to use StartTLS.

      If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider.

      Default value: false

      Returns:
      Returns the value of the "allow-start-tls" property.

    • setAllowStartTls

      void setAllowStartTls(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "allow-start-tls" property.

      Indicates whether clients are allowed to use StartTLS.

      If enabled, the LDAP Connection Handler allows clients to use the StartTLS extended operation to initiate secure communication over an otherwise insecure channel. Note that this is only allowed if the LDAP Connection Handler is not configured to use SSL, and if the server is configured with a valid key manager provider and a valid trust manager provider.

      Parameters:
      value - The value of the "allow-start-tls" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isAllowTcpReuseAddress

      ValueOrExpression<Boolean> isAllowTcpReuseAddress()
      Gets the "allow-tcp-reuse-address" property.

      Indicates whether the LDAP Connection Handler should reuse socket descriptors.

      If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system.

      Default value: true

      Returns:
      Returns the value of the "allow-tcp-reuse-address" property.

    • setAllowTcpReuseAddress

      void setAllowTcpReuseAddress(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "allow-tcp-reuse-address" property.

      Indicates whether the LDAP Connection Handler should reuse socket descriptors.

      If enabled, the SO_REUSEADDR socket option is used on the server listen socket to potentially allow the reuse of socket descriptors for clients in a TIME_WAIT state. This may help the server avoid temporarily running out of socket descriptors in cases in which a very large number of short-lived connections have been established from the same client system.

      Parameters:
      value - The value of the "allow-tcp-reuse-address" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getBufferSize

      ValueOrExpression<Long> getBufferSize()
      Gets the "buffer-size" property.

      Specifies the size in bytes of the LDAP response message write buffer.

      This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing.

      Default value: 4096 bytes

      Returns:
      Returns the value of the "buffer-size" property.

    • setBufferSize

      void setBufferSize(ValueOrExpression<Long> value) throws PropertyException
      Sets the "buffer-size" property.

      Specifies the size in bytes of the LDAP response message write buffer.

      This property specifies write buffer size allocated by the server for each client connection and used to buffer LDAP response messages data when writing.

      Parameters:
      value - The value of the "buffer-size" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getJavaClass

      @MandatoryProperty ValueOrExpression<String> getJavaClass()
      Gets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation.

      Default value: org.opends.server.protocols.ldap.LDAPConnectionHandler

      Specified by:
      getJavaClass in interface ConnectionHandlerCfgClient
      Returns:
      Returns the value of the "java-class" property.

    • setJavaClass

      @MandatoryProperty void setJavaClass(ValueOrExpression<String> value) throws PropertyException
      Sets the "java-class" property.

      Specifies the fully-qualified name of the Java class that provides the LDAP Connection Handler implementation.

      Specified by:
      setJavaClass in interface ConnectionHandlerCfgClient
      Parameters:
      value - The value of the "java-class" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isKeepStats

      ValueOrExpression<Boolean> isKeepStats()
      Gets the "keep-stats" property.

      Indicates whether the LDAP Connection Handler should keep statistics.

      If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received.

      Default value: true

      Returns:
      Returns the value of the "keep-stats" property.

    • setKeepStats

      void setKeepStats(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "keep-stats" property.

      Indicates whether the LDAP Connection Handler should keep statistics.

      If enabled, the LDAP Connection Handler maintains statistics about the number and types of operations requested over LDAP and the amount of data sent and received.

      Parameters:
      value - The value of the "keep-stats" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getKeyManagerProvider

      ValueOrExpression<String> getKeyManagerProvider()
      Gets the "key-manager-provider" property.

      Specifies the name of the key manager that should be used with this LDAP Connection Handler .

      Default value is undefined

      Returns:
      Returns the value of the "key-manager-provider" property.

    • setKeyManagerProvider

      void setKeyManagerProvider(ValueOrExpression<String> value) throws PropertyException
      Sets the "key-manager-provider" property.

      Specifies the name of the key manager that should be used with this LDAP Connection Handler .

      Parameters:
      value - The value of the "key-manager-provider" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getListenAddress

      SortedSet<ValueOrExpression<com.forgerock.opendj.util.Host>> getListenAddress()
      Gets the "listen-address" property.

      The network interface(s) on which this LDAP Connection Handler should listen for incoming client connections.

      Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces.

      Default value is inherited from another property

      Returns:
      Returns the values of the "listen-address" property.

    • setListenAddress

      void setListenAddress(Collection<ValueOrExpression<com.forgerock.opendj.util.Host>> values) throws PropertyException
      Sets the "listen-address" property.

      The network interface(s) on which this LDAP Connection Handler should listen for incoming client connections.

      Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces.

      Parameters:
      values - The values of the "listen-address" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getListenPort

      @MandatoryProperty ValueOrExpression<Integer> getListenPort()
      Gets the "listen-port" property.

      Specifies the port number on which the LDAP Connection Handler will listen for connections from clients.

      Only a single port number may be provided.

      Returns:
      Returns the value of the "listen-port" property.

    • setListenPort

      @MandatoryProperty void setListenPort(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "listen-port" property.

      Specifies the port number on which the LDAP Connection Handler will listen for connections from clients.

      Only a single port number may be provided.

      Parameters:
      value - The value of the "listen-port" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getMaxBlockedWriteTimeLimit

      ValueOrExpression<Long> getMaxBlockedWriteTimeLimit()
      Gets the "max-blocked-write-time-limit" property.

      Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block.

      If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated.

      Default value: 2 minutes

      Returns:
      Returns the value of the "max-blocked-write-time-limit" property.

    • setMaxBlockedWriteTimeLimit

      void setMaxBlockedWriteTimeLimit(ValueOrExpression<Long> value) throws PropertyException
      Sets the "max-blocked-write-time-limit" property.

      Specifies the maximum length of time that attempts to write data to LDAP clients should be allowed to block.

      If an attempt to write data to a client takes longer than this length of time, then the client connection is terminated.

      Parameters:
      value - The value of the "max-blocked-write-time-limit" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getMaxRequestSize

      ValueOrExpression<Long> getMaxRequestSize()
      Gets the "max-request-size" property.

      Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler.

      This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory.

      Default value: 5 megabytes

      Returns:
      Returns the value of the "max-request-size" property.

    • setMaxRequestSize

      void setMaxRequestSize(ValueOrExpression<Long> value) throws PropertyException
      Sets the "max-request-size" property.

      Specifies the size in bytes of the largest LDAP request message that will be allowed by this LDAP Connection handler.

      This property is analogous to the maxBERSize configuration attribute of the Sun Java System Directory Server. This can help prevent denial-of-service attacks by clients that indicate they send extremely large requests to the server causing it to attempt to allocate large amounts of memory.

      Parameters:
      value - The value of the "max-request-size" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getNumRequestHandlers

      ValueOrExpression<Integer> getNumRequestHandlers()
      Gets the "num-request-handlers" property.

      Specifies the number of request handlers that are used to read requests from clients.

      The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time.

      Returns:
      Returns the value of the "num-request-handlers" property.

    • setNumRequestHandlers

      void setNumRequestHandlers(ValueOrExpression<Integer> value) throws PropertyException
      Sets the "num-request-handlers" property.

      Specifies the number of request handlers that are used to read requests from clients.

      The LDAP Connection Handler uses one thread to accept new connections from clients, but uses one or more additional threads to read requests from existing client connections. This ensures that new requests are read efficiently and that the connection handler itself does not become a bottleneck when the server is under heavy load from many clients at the same time.

      Parameters:
      value - The value of the "num-request-handlers" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getProxyProtocolAllowedClient

      SortedSet<ValueOrExpression<AddressMask>> getProxyProtocolAllowedClient()
      Gets the "proxy-protocol-allowed-client" property.

      When the proxy protocol is enabled, this property represents the set of clients who will be allowed to establish connections to this LDAP Connection Handler and will be required to use proxy protocol.

      Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

      Default value is inherited from another property

      Returns:
      Returns the values of the "proxy-protocol-allowed-client" property.

    • setProxyProtocolAllowedClient

      void setProxyProtocolAllowedClient(Collection<ValueOrExpression<AddressMask>> values) throws PropertyException
      Sets the "proxy-protocol-allowed-client" property.

      When the proxy protocol is enabled, this property represents the set of clients who will be allowed to establish connections to this LDAP Connection Handler and will be required to use proxy protocol.

      Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

      Parameters:
      values - The values of the "proxy-protocol-allowed-client" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • isProxyProtocolEnabled

      ValueOrExpression<Boolean> isProxyProtocolEnabled()
      Gets the "proxy-protocol-enabled" property.

      Indicates whether the proxy protocol is enabled.

      If enabled, the LDAP Connection Handler makes the server use proxy protocol for connections with a source IP address matching an address in the proxy-protocol-allowed-client list.

      Default value is inherited from another property

      Returns:
      Returns the value of the "proxy-protocol-enabled" property.

    • setProxyProtocolEnabled

      void setProxyProtocolEnabled(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "proxy-protocol-enabled" property.

      Indicates whether the proxy protocol is enabled.

      If enabled, the LDAP Connection Handler makes the server use proxy protocol for connections with a source IP address matching an address in the proxy-protocol-allowed-client list.

      Parameters:
      value - The value of the "proxy-protocol-enabled" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getSslCertNickname

      SortedSet<ValueOrExpression<String>> getSslCertNickname()
      Gets the "ssl-cert-nickname" property.

      Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication.

      The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL.

      Returns:
      Returns the values of the "ssl-cert-nickname" property.

    • setSslCertNickname

      void setSslCertNickname(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "ssl-cert-nickname" property.

      Specifies the nicknames (also called the aliases) of the keys or key pairs that the LDAP Connection Handler should use when performing SSL communication.

      The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the LDAP Connection Handler is configured to use SSL.

      Parameters:
      values - The values of the "ssl-cert-nickname" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getSslCipherSuite

      SortedSet<ValueOrExpression<String>> getSslCipherSuite()
      Gets the "ssl-cipher-suite" property.

      Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication.

      Returns:
      Returns the values of the "ssl-cipher-suite" property.

    • setSslCipherSuite

      void setSslCipherSuite(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "ssl-cipher-suite" property.

      Specifies the names of the SSL cipher suites that are allowed for use in SSL or StartTLS communication.

      Parameters:
      values - The values of the "ssl-cipher-suite" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getSslClientAuthPolicy

      ValueOrExpression<LdapConnectionHandlerCfgDefn.SslClientAuthPolicy> getSslClientAuthPolicy()
      Gets the "ssl-client-auth-policy" property.

      Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required".

      This is only applicable if clients are allowed to use SSL.

      Default value: optional

      Returns:
      Returns the value of the "ssl-client-auth-policy" property.

    • setSslClientAuthPolicy

      void setSslClientAuthPolicy(ValueOrExpression<LdapConnectionHandlerCfgDefn.SslClientAuthPolicy> value) throws PropertyException
      Sets the "ssl-client-auth-policy" property.

      Specifies the policy that the LDAP Connection Handler should use regarding client SSL certificates. Clients can use the SASL EXTERNAL mechanism only if the policy is set to "optional" or "required".

      This is only applicable if clients are allowed to use SSL.

      Parameters:
      value - The value of the "ssl-client-auth-policy" property.
      Throws:
      PropertyException - If the new value is invalid.

    • getSslProtocol

      SortedSet<ValueOrExpression<String>> getSslProtocol()
      Gets the "ssl-protocol" property.

      Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

      Returns:
      Returns the values of the "ssl-protocol" property.

    • setSslProtocol

      void setSslProtocol(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "ssl-protocol" property.

      Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

      Parameters:
      values - The values of the "ssl-protocol" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • getTrustManagerProvider

      SortedSet<ValueOrExpression<String>> getTrustManagerProvider()
      Gets the "trust-manager-provider" property.

      Specifies the name(s) of the trust manager(s) that should be used with the LDAP Connection Handler .

      Default value is undefined

      Returns:
      Returns the values of the "trust-manager-provider" property.

    • setTrustManagerProvider

      void setTrustManagerProvider(Collection<ValueOrExpression<String>> values) throws PropertyException
      Sets the "trust-manager-provider" property.

      Specifies the name(s) of the trust manager(s) that should be used with the LDAP Connection Handler .

      Parameters:
      values - The values of the "trust-manager-provider" property.
      Throws:
      PropertyException - If one or more of the new values are invalid.

    • isUseSsl

      ValueOrExpression<Boolean> isUseSsl()
      Gets the "use-ssl" property.

      Indicates whether the LDAP Connection Handler should use SSL.

      If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients.

      Default value: false

      Returns:
      Returns the value of the "use-ssl" property.

    • setUseSsl

      void setUseSsl(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "use-ssl" property.

      Indicates whether the LDAP Connection Handler should use SSL.

      If enabled, the LDAP Connection Handler will use SSL to encrypt communication with the clients.

      Parameters:
      value - The value of the "use-ssl" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isUseTcpKeepAlive

      ValueOrExpression<Boolean> isUseTcpKeepAlive()
      Gets the "use-tcp-keep-alive" property.

      Indicates whether the LDAP Connection Handler should use TCP keep-alive.

      If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

      Default value: true

      Returns:
      Returns the value of the "use-tcp-keep-alive" property.

    • setUseTcpKeepAlive

      void setUseTcpKeepAlive(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "use-tcp-keep-alive" property.

      Indicates whether the LDAP Connection Handler should use TCP keep-alive.

      If enabled, the SO_KEEPALIVE socket option is used to indicate that TCP keepalive messages should periodically be sent to the client to verify that the associated connection is still valid. This may also help prevent cases in which intermediate network hardware could silently drop an otherwise idle client connection, provided that the keepalive interval configured in the underlying operating system is smaller than the timeout enforced by the network hardware.

      Parameters:
      value - The value of the "use-tcp-keep-alive" property.
      Throws:
      PropertyException - If the new value is invalid.

    • isUseTcpNoDelay

      ValueOrExpression<Boolean> isUseTcpNoDelay()
      Gets the "use-tcp-no-delay" property.

      Indicates whether the LDAP Connection Handler should use TCP no-delay.

      If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

      Default value: true

      Returns:
      Returns the value of the "use-tcp-no-delay" property.

    • setUseTcpNoDelay

      void setUseTcpNoDelay(ValueOrExpression<Boolean> value) throws PropertyException
      Sets the "use-tcp-no-delay" property.

      Indicates whether the LDAP Connection Handler should use TCP no-delay.

      If enabled, the TCP_NODELAY socket option is used to ensure that response messages to the client are sent immediately rather than potentially waiting to determine whether additional response messages can be sent in the same packet. In most cases, using the TCP_NODELAY socket option provides better performance and lower response times, but disabling it may help for some cases in which the server sends a large number of entries to a client in response to a search request.

      Parameters:
      value - The value of the "use-tcp-no-delay" property.
      Throws:
      PropertyException - If the new value is invalid.