Package org.forgerock.opendj.server.config.client

Interface AdministrationConnectorCfgClient

  • All Superinterfaces:
    ConfigurationClient
    public interface AdministrationConnectorCfgClient
extends ConfigurationClient
    A client-side interface for reading and modifying Administration Connector settings.

    The Administration Connector is used to interact with administration tools using LDAP.

    • Method Detail

      • getAdvertisedListenAddress

        @MandatoryProperty
SortedSet<ValueOrExpression<com.forgerock.opendj.util.Host>> getAdvertisedListenAddress()
        Gets the "advertised-listen-address" property.

        The advertised address(es) which clients should use for connecting to this Administration Connector.

        Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted.

        Default value is inherited from another property

        Returns:
        Returns the values of the "advertised-listen-address" property.

      • setAdvertisedListenAddress

        @MandatoryProperty
void setAdvertisedListenAddress​(Collection<ValueOrExpression<com.forgerock.opendj.util.Host>> values)
                         throws PropertyException
        Sets the "advertised-listen-address" property.

        The advertised address(es) which clients should use for connecting to this Administration Connector.

        Multiple addresses may be provided as separate values for this attribute. The meta-address 0.0.0.0 is not permitted.

        Parameters:
        values - The values of the "advertised-listen-address" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getAllowedClient

        SortedSet<ValueOrExpression<AddressMask>> getAllowedClient()
        Gets the "allowed-client" property.

        A set of clients who will be allowed to establish connections to this Administration Connector.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Returns:
        Returns the values of the "allowed-client" property.

      • setAllowedClient

        void setAllowedClient​(Collection<ValueOrExpression<AddressMask>> values)
               throws PropertyException
        Sets the "allowed-client" property.

        A set of clients who will be allowed to establish connections to this Administration Connector.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Parameters:
        values - The values of the "allowed-client" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getDeniedClient

        SortedSet<ValueOrExpression<AddressMask>> getDeniedClient()
        Gets the "denied-client" property.

        A set of clients who are not allowed to establish connections to this Administration Connector.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Returns:
        Returns the values of the "denied-client" property.

      • setDeniedClient

        void setDeniedClient​(Collection<ValueOrExpression<AddressMask>> values)
              throws PropertyException
        Sets the "denied-client" property.

        A set of clients who are not allowed to establish connections to this Administration Connector.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. If both allowed and denied client masks are defined and a client connection matches one or more masks in both lists, then the connection is denied. If only a denied list is specified, then any client not matching a mask in that list is allowed. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Parameters:
        values - The values of the "denied-client" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getKeyManagerProvider

        @MandatoryProperty
ValueOrExpression<String> getKeyManagerProvider()
        Gets the "key-manager-provider" property.

        Specifies the name of the key manager that is used with the Administration Connector .

        Returns:
        Returns the value of the "key-manager-provider" property.

      • setKeyManagerProvider

        @MandatoryProperty
void setKeyManagerProvider​(ValueOrExpression<String> value)
                    throws PropertyException
        Sets the "key-manager-provider" property.

        Specifies the name of the key manager that is used with the Administration Connector .

        Parameters:
        value - The value of the "key-manager-provider" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getListenAddress

        SortedSet<ValueOrExpression<com.forgerock.opendj.util.Host>> getListenAddress()
        Gets the "listen-address" property.

        The network interface(s) on which this Administration Connector should listen for incoming client connections.

        Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces.

        Default value is inherited from another property

        Returns:
        Returns the values of the "listen-address" property.

      • setListenAddress

        void setListenAddress​(Collection<ValueOrExpression<com.forgerock.opendj.util.Host>> values)
               throws PropertyException
        Sets the "listen-address" property.

        The network interface(s) on which this Administration Connector should listen for incoming client connections.

        Multiple addresses may be provided as separate values for this attribute. If no values are provided, then the directory server will listen on all interfaces.

        Parameters:
        values - The values of the "listen-address" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getListenPort

        @MandatoryProperty
ValueOrExpression<Integer> getListenPort()
        Gets the "listen-port" property.

        Specifies the port number on which the Administration Connector will listen for connections from clients.

        Only a single port number may be provided.

        Returns:
        Returns the value of the "listen-port" property.

      • setListenPort

        @MandatoryProperty
void setListenPort​(ValueOrExpression<Integer> value)
            throws PropertyException
        Sets the "listen-port" property.

        Specifies the port number on which the Administration Connector will listen for connections from clients.

        Only a single port number may be provided.

        Parameters:
        value - The value of the "listen-port" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getRestrictedClient

        SortedSet<ValueOrExpression<AddressMask>> getRestrictedClient()
        Gets the "restricted-client" property.

        A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Returns:
        Returns the values of the "restricted-client" property.

      • setRestrictedClient

        void setRestrictedClient​(Collection<ValueOrExpression<AddressMask>> values)
                  throws PropertyException
        Sets the "restricted-client" property.

        A set of clients who will be limited to the maximum number of connections specified by the "restricted-client-connection-limit" property.

        Valid values include a host name, a fully qualified domain name, a domain name, an IP address, or a subnetwork with subnetwork mask. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Parameters:
        values - The values of the "restricted-client" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getRestrictedClientConnectionLimit

        ValueOrExpression<Integer> getRestrictedClientConnectionLimit()
        Gets the "restricted-client-connection-limit" property.

        Specifies the maximum number of connections a restricted client can open at the same time to this Administration Connector.

        Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Default value: 100

        Returns:
        Returns the value of the "restricted-client-connection-limit" property.

      • setRestrictedClientConnectionLimit

        void setRestrictedClientConnectionLimit​(ValueOrExpression<Integer> value)
                                 throws PropertyException
        Sets the "restricted-client-connection-limit" property.

        Specifies the maximum number of connections a restricted client can open at the same time to this Administration Connector.

        Once Directory Server accepts the specified number of connections from a client specified in restricted-client, any additional connection will be rejected. The number of connections is maintained by IP address. Specifying a value for this property in a connection handler will override any value set in the global configuration.

        Parameters:
        value - The value of the "restricted-client-connection-limit" property.
        Throws:
        PropertyException - If the new value is invalid.

      • getSslCertNickname

        SortedSet<ValueOrExpression<String>> getSslCertNickname()
        Gets the "ssl-cert-nickname" property.

        Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication.

        The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Administration Connector is configured to use SSL.

        Returns:
        Returns the values of the "ssl-cert-nickname" property.

      • setSslCertNickname

        void setSslCertNickname​(Collection<ValueOrExpression<String>> values)
                 throws PropertyException
        Sets the "ssl-cert-nickname" property.

        Specifies the nicknames (also called the aliases) of the keys or key pairs that the Administration Connector should use when performing SSL communication.

        The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Administration Connector is configured to use SSL.

        Parameters:
        values - The values of the "ssl-cert-nickname" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getSslCipherSuite

        SortedSet<ValueOrExpression<String>> getSslCipherSuite()
        Gets the "ssl-cipher-suite" property.

        Specifies the names of the SSL cipher suites that are allowed for use in SSL communication.

        Returns:
        Returns the values of the "ssl-cipher-suite" property.

      • setSslCipherSuite

        void setSslCipherSuite​(Collection<ValueOrExpression<String>> values)
                throws PropertyException
        Sets the "ssl-cipher-suite" property.

        Specifies the names of the SSL cipher suites that are allowed for use in SSL communication.

        Parameters:
        values - The values of the "ssl-cipher-suite" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getSslProtocol

        SortedSet<ValueOrExpression<String>> getSslProtocol()
        Gets the "ssl-protocol" property.

        Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

        Returns:
        Returns the values of the "ssl-protocol" property.

      • setSslProtocol

        void setSslProtocol​(Collection<ValueOrExpression<String>> values)
             throws PropertyException
        Sets the "ssl-protocol" property.

        Specifies the names of the SSL protocols that are allowed for use in SSL or StartTLS communication.

        Parameters:
        values - The values of the "ssl-protocol" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.

      • getTrustManagerProvider

        @MandatoryProperty
SortedSet<ValueOrExpression<String>> getTrustManagerProvider()
        Gets the "trust-manager-provider" property.

        Specifies the name(s) of the trust manager(s) that is used with the Administration Connector .

        Default value is undefined

        Returns:
        Returns the values of the "trust-manager-provider" property.

      • setTrustManagerProvider

        @MandatoryProperty
void setTrustManagerProvider​(Collection<ValueOrExpression<String>> values)
                      throws PropertyException
        Sets the "trust-manager-provider" property.

        Specifies the name(s) of the trust manager(s) that is used with the Administration Connector .

        Parameters:
        values - The values of the "trust-manager-provider" property.
        Throws:
        PropertyException - If one or more of the new values are invalid.