mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml
@@ -13,7 +13,7 @@ information: "Portions Copyright [year] [name of copyright owner]". Copyright 2007-2010 Sun Microsystems, Inc. Portions Copyright 2011-2015 ForgeRock AS. Portions Copyright 2011-2016 ForgeRock AS. ! --> <adm:managed-object name="global" plural-name="globals" package="org.forgerock.opendj.server.config" @@ -884,4 +884,26 @@ </ldap:attribute> </adm:profile> </adm:property> <adm:property name="subordinate-base-dn" multi-valued="true"> <adm:synopsis> Specifies the set of naming contexts that are accessible using a subtree search from base DN "". </adm:synopsis> <adm:default-behavior> <adm:alias> <adm:synopsis> The set of all user-defined suffixes is used when searching from base DN "". </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:dn /> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:name>ds-cfg-subordinate-base-dn</ldap:name> </ldap:attribute> </adm:profile> </adm:property> </adm:managed-object> opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml
@@ -37,28 +37,6 @@ <ldap:superior>top</ldap:superior> </ldap:object-class> </adm:profile> <adm:property name="subordinate-base-dn" multi-valued="true"> <adm:synopsis> Specifies the set of base DNs used for singleLevel, wholeSubtree, and subordinateSubtree searches based at the root DSE. </adm:synopsis> <adm:default-behavior> <adm:alias> <adm:synopsis> The set of all user-defined suffixes is used. </adm:synopsis> </adm:alias> </adm:default-behavior> <adm:syntax> <adm:dn /> </adm:syntax> <adm:profile name="ldap"> <ldap:attribute> <ldap:name>ds-cfg-subordinate-base-dn</ldap:name> </ldap:attribute> </adm:profile> </adm:property> <adm:property name="show-all-attributes" mandatory="true"> <adm:synopsis> Indicates whether all attributes in the root DSE are to be treated opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java
@@ -37,8 +37,6 @@ import java.util.Map; import java.util.Set; import java.util.TreeSet; import java.util.concurrent.ConcurrentHashMap; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLParameters; @@ -55,7 +53,6 @@ import org.forgerock.opendj.server.config.server.RootDSEBackendCfg; import org.forgerock.util.Reject; import org.opends.server.api.LocalBackend; import org.opends.server.api.Backend; import org.opends.server.api.ClientConnection; import org.opends.server.core.AddOperation; import org.opends.server.core.BackendConfigManager; @@ -650,34 +647,7 @@ { boolean configIsAcceptable = true; try { Set<DN> subDNs = cfg.getSubordinateBaseDN(); if (subDNs.isEmpty()) { // This is fine -- we'll just use the set of user-defined suffixes. } else { for (DN baseDN : subDNs) { LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN); if (backend == null) { unacceptableReasons.add(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN)); configIsAcceptable = false; } } } } catch (Exception e) { logger.traceException(e); unacceptableReasons.add(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get( stackTraceToSingleLineString(e))); configIsAcceptable = false; } return configIsAcceptable; } @@ -686,47 +656,6 @@ public ConfigChangeResult applyConfigurationChange(RootDSEBackendCfg cfg) { final ConfigChangeResult ccr = new ConfigChangeResult(); // Check to see if we should apply a new set of base DNs. ConcurrentHashMap<DN, Backend<?>> subBases; try { Set<DN> subDNs = cfg.getSubordinateBaseDN(); if (subDNs.isEmpty()) { // This is fine -- we'll just use the set of user-defined suffixes. subBases = null; } else { subBases = new ConcurrentHashMap<>(); for (DN baseDN : subDNs) { LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN); if (backend == null) { // This is not fine. We can't use a suffix that doesn't exist. ccr.addMessage(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN)); ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode()); } else { subBases.put(baseDN, backend); } } } } catch (Exception e) { logger.traceException(e); ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode()); ccr.addMessage(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get( stackTraceToSingleLineString(e))); subBases = null; } boolean newShowAll = cfg.isShowAllAttributes(); // Check to see if there is a new set of user-defined attributes. opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java
@@ -529,6 +529,33 @@ } /** * Retrieves the set of local naming contexts that are subordinates of the naming context * that should be used to handle search operation on the specified entry. * <p> * The global option that restricts the subordinate DNs to search (when searching "") may * apply if the provided set is not empty. * * @param entryDN * The DN of the entry for which to retrieve the corresponding naming context. * @return The naming context or {@code null} if no appropriate naming context * is registered with the server. */ public Set<DN> findSubordinateLocalNamingContextsToSearchForEntry(DN entryDN) { // trigger the special behavior when searching "" if needed if (entryDN.isRootDN()) { Set<DN> subordinateBaseDNs = serverContext.getCoreConfigManager().getSubordinateBaseDNs(); if (!subordinateBaseDNs.isEmpty()) { return subordinateBaseDNs; } } // usual case return findSubordinateLocalNamingContextsForEntry(entryDN); } /** * Retrieves naming contexts corresponding to backends, filtered with the combination of * all provided filters. * opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java
@@ -17,8 +17,8 @@ package org.opends.server.core; import java.util.*; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.i18n.slf4j.LocalizedLogger; import org.forgerock.opendj.config.server.ConfigChangeResult; import org.forgerock.opendj.config.server.ConfigException; import org.forgerock.opendj.ldap.DN; @@ -30,24 +30,32 @@ import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior; import org.forgerock.opendj.server.config.server.GlobalCfg; import org.opends.server.api.AuthenticationPolicy; import org.opends.server.api.LocalBackend; import org.opends.server.loggers.CommonAudit; import org.opends.server.types.*; import static org.forgerock.opendj.ldap.schema.SchemaOptions.*; import static org.opends.messages.BackendMessages.WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE; import static org.opends.messages.BackendMessages.WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION; import static org.opends.messages.ConfigMessages.*; import static org.opends.server.core.DirectoryServer.*; import static org.opends.server.util.ServerConstants.*; import static org.opends.server.util.StaticUtils.stackTraceToSingleLineString; /** * This class defines a utility that will be used to manage the set of core * configuration attributes defined in the Directory Server. These * configuration attributes appear in the "cn=config" configuration entry. * Manages the set of core configuration attributes of the Directory Server. * <p> * These configuration attributes appear in the "cn=config" configuration entry. */ public class CoreConfigManager implements ConfigurationChangeListener<GlobalCfg> public class CoreConfigManager implements ConfigurationChangeListener<GlobalCfg> { private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass(); /** The server context. */ private final ServerContext serverContext; /** The core attributes. */ private volatile CoreAttributes coreAttributes; /** * Creates a new instance of this core config manager. * @@ -59,6 +67,79 @@ this.serverContext = serverContext; } /** Holder for all core attributes, allowing to switch as a whole. */ private static class CoreAttributes { /** Set of subordinates base DNs to restrict to when searching base DN "". */ private Set<DN> subordinateBaseDNs = Collections.emptySet(); /** Indicates whether the Directory Server should perform schema checking for update operations. */ private boolean checkSchema; /** The DN of the default password policy configuration entry. */ private DN defaultPasswordPolicyDN; /** * Indicates whether to automatically add missing RDN attributes to entries * during an add request. */ private boolean addMissingRDNAttributes; /** * Indicates whether to allow attribute name exceptions (i.e., attribute names * can contain underscores and may start with a digit). */ private boolean allowAttributeNameExceptions; /** The policy to use regarding syntax enforcement. */ private AcceptRejectWarn syntaxEnforcementPolicy; /** The result code that should be used for internal "server" errors. */ private ResultCode serverErrorResultCode; /** The policy to use regarding single structural objectclass enforcement. */ private AcceptRejectWarn singleStructuralClassPolicy; /** Indicates whether the server should send a response to operations that have been abandoned. */ private boolean notifyAbandonedOperations; /** * The maximum number of entries that should be returned for a search unless * overridden on a per-user basis. */ private int sizeLimit; /** * The maximum length of time in seconds that should be allowed for a search * unless overridden on a per-user basis. */ private int timeLimit; /** * The DN of the identity mapper that will be used to resolve authorization * IDs contained in the proxied authorization V2 control. */ private DN proxiedAuthorizationIdentityMapperDN; /** The writability mode for the Directory Server. */ private WritabilityMode writabilityMode; /** Indicates whether the server should reject unauthenticated requests. */ private boolean rejectUnauthenticatedRequests; /** Indicates whether a simple bind request containing a DN must also provide a password. */ private boolean bindWithDNRequiresPassword; /** The maximum number of candidates that should be check for matches during a search. */ private int lookthroughLimit; /** The sets of mail server properties. */ private List<Properties> mailServerPropertySets; /** The set of allowed task classes. */ private Set<String> allowedTasks; /** The set of disabled privileges. */ private Set<Privilege> disabledPrivileges; /** Indicates whether bind responses should include failure reason messages. */ private boolean returnBindErrorMessages; /** The idle time limit for the server. */ private long idleTimeLimit; /** Indicates whether to save a copy of the configuration on successful startup. */ private boolean saveConfigOnSuccessfulStartup; /** Whether to use collect operation processing times in nanosecond resolution. */ private boolean useNanoTime; /** The maximum number of connections that will be allowed at any given time. */ private long maxAllowedConnections; /** The maximum number of concurrent persistent searches. */ private int maxPSearches; /** The maximum size that internal buffers will be allowed to grow to until they are trimmed. */ private int maxInternalBufferSize = DEFAULT_MAX_INTERNAL_BUFFER_SIZE; } /** * Initializes the Directory Server's core configuration. This should only be * called at server startup. @@ -94,8 +175,11 @@ } } } applyGlobalConfiguration(globalConfig, serverContext); CoreAttributes coreAttrs = new CoreAttributes(); applyGlobalConfiguration(globalConfig, coreAttrs); applySubordinateDNsChange(globalConfig, coreAttrs); coreAttributes = coreAttrs; DirectoryServer.resetDefaultPasswordPolicy(); } /** @@ -103,37 +187,38 @@ * * @param globalConfig The configuration settings to be applied. */ private static void applyGlobalConfiguration(final GlobalCfg globalConfig, final ServerContext serverContext) private void applyGlobalConfiguration(final GlobalCfg globalConfig, final CoreAttributes core) throws ConfigException { setCheckSchema(globalConfig.isCheckSchema()); setDefaultPasswordPolicyDN(globalConfig.getDefaultPasswordPolicyDN()); setAddMissingRDNAttributes(globalConfig.isAddMissingRDNAttributes()); setAllowAttributeNameExceptions(globalConfig.isAllowAttributeNameExceptions()); setSyntaxEnforcementPolicy(convert(globalConfig.getInvalidAttributeSyntaxBehavior())); setServerErrorResultCode(ResultCode.valueOf(globalConfig.getServerErrorResultCode())); setSingleStructuralObjectClassPolicy(convert(globalConfig.getSingleStructuralObjectclassBehavior())); core.checkSchema = globalConfig.isCheckSchema(); core.defaultPasswordPolicyDN = globalConfig.getDefaultPasswordPolicyDN(); core.addMissingRDNAttributes = globalConfig.isAddMissingRDNAttributes(); core.allowAttributeNameExceptions = globalConfig.isAllowAttributeNameExceptions(); core.syntaxEnforcementPolicy = convert(globalConfig.getInvalidAttributeSyntaxBehavior()); core.serverErrorResultCode = ResultCode.valueOf(globalConfig.getServerErrorResultCode()); core.singleStructuralClassPolicy = convert(globalConfig.getSingleStructuralObjectclassBehavior()); setNotifyAbandonedOperations(globalConfig.isNotifyAbandonedOperations()); setSizeLimit(globalConfig.getSizeLimit()); setTimeLimit((int) globalConfig.getTimeLimit()); setProxiedAuthorizationIdentityMapperDN(globalConfig.getProxiedAuthorizationIdentityMapperDN()); setWritabilityMode(convert(globalConfig.getWritabilityMode())); setRejectUnauthenticatedRequests(globalConfig.isRejectUnauthenticatedRequests()); setBindWithDNRequiresPassword(globalConfig.isBindWithDNRequiresPassword()); setLookthroughLimit(globalConfig.getLookthroughLimit()); core.notifyAbandonedOperations = globalConfig.isNotifyAbandonedOperations(); core.sizeLimit = globalConfig.getSizeLimit(); core.timeLimit = (int) globalConfig.getTimeLimit(); core.proxiedAuthorizationIdentityMapperDN = globalConfig.getProxiedAuthorizationIdentityMapperDN(); core.writabilityMode = convert(globalConfig.getWritabilityMode()); core.rejectUnauthenticatedRequests = globalConfig.isRejectUnauthenticatedRequests(); core.bindWithDNRequiresPassword = globalConfig.isBindWithDNRequiresPassword(); core.lookthroughLimit = globalConfig.getLookthroughLimit(); setMailServerPropertySets(getMailServerProperties(globalConfig.getSMTPServer())); setAllowedTasks(globalConfig.getAllowedTask()); setDisabledPrivileges(convert(globalConfig.getDisabledPrivilege())); setReturnBindErrorMessages(globalConfig.isReturnBindErrorMessages()); setIdleTimeLimit(globalConfig.getIdleTimeLimit()); setSaveConfigOnSuccessfulStartup(globalConfig.isSaveConfigOnSuccessfulStartup()); core.mailServerPropertySets = getMailServerProperties(globalConfig.getSMTPServer()); core.allowedTasks = globalConfig.getAllowedTask(); core.disabledPrivileges = convert(globalConfig.getDisabledPrivilege()); core.returnBindErrorMessages = globalConfig.isReturnBindErrorMessages(); core.idleTimeLimit = globalConfig.getIdleTimeLimit(); core.saveConfigOnSuccessfulStartup = globalConfig.isSaveConfigOnSuccessfulStartup(); setUseNanoTime(globalConfig.getEtimeResolution() == GlobalCfgDefn.EtimeResolution.NANOSECONDS); setMaxAllowedConnections(globalConfig.getMaxAllowedClientConnections()); setMaxPersistentSearchLimit(globalConfig.getMaxPsearches()); setMaxInternalBufferSize((int) globalConfig.getMaxInternalBufferSize()); core.useNanoTime= globalConfig.getEtimeResolution() == GlobalCfgDefn.EtimeResolution.NANOSECONDS; long maxAllowedConnections = globalConfig.getMaxAllowedClientConnections(); core.maxAllowedConnections = (maxAllowedConnections > 0) ? maxAllowedConnections : -1; core.maxPSearches = globalConfig.getMaxPsearches(); core.maxInternalBufferSize = (int) globalConfig.getMaxInternalBufferSize(); // For tools, common audit may not be available CommonAudit commonAudit = serverContext.getCommonAudit(); @@ -302,7 +387,6 @@ List<LocalizableMessage> unacceptableReasons) { boolean configAcceptable = true; Set<String> smtpServers = configuration.getSMTPServer(); if (smtpServers != null) { @@ -335,22 +419,447 @@ configAcceptable = false; } if (!isSubordinateDNsAcceptable(configuration, unacceptableReasons)) { configAcceptable = false; } return configAcceptable; } private boolean isSubordinateDNsAcceptable(GlobalCfg configuration, List<LocalizableMessage> unacceptableReasons) { try { Set<DN> subDNs = configuration.getSubordinateBaseDN(); if (subDNs.isEmpty()) { // This is fine -- we'll just use the set of user-defined suffixes. } else { for (DN baseDN : subDNs) { LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN); if (backend == null) { unacceptableReasons.add(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN)); return false; } } } } catch (Exception e) { logger.traceException(e); unacceptableReasons.add(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(stackTraceToSingleLineString(e))); return false; } return true; } private void applySubordinateDNsChange(GlobalCfg cfg, CoreAttributes coreAttrs) throws ConfigException { try { Set<DN> subDNs = cfg.getSubordinateBaseDN(); if (subDNs.equals(coreAttrs.subordinateBaseDNs)) { // no change return; } if (subDNs.isEmpty()) { // This is fine -- we'll just use the set of user-defined suffixes. coreAttrs.subordinateBaseDNs = Collections.emptySet(); } else { Set<DN> newSubordinates = new HashSet<>(); for (DN baseDN : subDNs) { LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN); if (backend == null) { throw new ConfigException(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN)); } else { newSubordinates.add(baseDN); } } coreAttrs.subordinateBaseDNs = newSubordinates; } } catch (Exception e) { logger.traceException(e); throw new ConfigException(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(stackTraceToSingleLineString(e))); } } @Override public ConfigChangeResult applyConfigurationChange(GlobalCfg configuration) { final ConfigChangeResult ccr = new ConfigChangeResult(); final ConfigChangeResult changeResult = new ConfigChangeResult(); final CoreAttributes coreAttrs = new CoreAttributes(); try { applyGlobalConfiguration(configuration, serverContext); applyGlobalConfiguration(configuration, coreAttrs); applySubordinateDNsChange(configuration, coreAttrs); } catch (ConfigException e) { ccr.setResultCode(DirectoryServer.getServerErrorResultCode()); ccr.addMessage(e.getMessageObject()); changeResult.setResultCode(DirectoryServer.getServerErrorResultCode()); changeResult.addMessage(e.getMessageObject()); } return ccr; if (changeResult.getResultCode() == ResultCode.SUCCESS) { coreAttributes = coreAttrs; DirectoryServer.resetDefaultPasswordPolicy(); } return changeResult; } /** * Retrieves a set containing the names of the allowed tasks that may be * invoked in the server. * * @return A set containing the names of the allowed tasks that may be * invoked in the server. */ public Set<String> getAllowedTasks() { return coreAttributes.allowedTasks; } /** * Retrieves the DN of the configuration entry for the default password policy * for the Directory Server. * * @return The DN of the configuration entry for the default password policy * for the Directory Server. */ public DN getDefaultPasswordPolicyDN() { return coreAttributes.defaultPasswordPolicyDN; } /** * Retrieves the set of privileges that have been disabled. * * @return The set of privileges that have been disabled. */ public Set<Privilege> getDisabledPrivileges() { return coreAttributes.disabledPrivileges; } /** * Retrieves the idle time limit for the server. * * @return the idle time limit */ public long getIdleTimeLimit() { return coreAttributes.idleTimeLimit; } /** * Retrieves the default maximum number of entries that should checked for * matches during a search. * * @return The default maximum number of entries that should checked for * matches during a search. */ public int getLookthroughLimit() { return coreAttributes.lookthroughLimit; } /** * Retrieves the sets of information about the mail servers configured for use * by the Directory Server. * * @return The sets of information about the mail servers configured for use * by the Directory Server. */ public List<Properties> getMailServerPropertySets() { return coreAttributes.mailServerPropertySets; } /** * Retrieves the maximum number of connections that will be allowed at any given time. * * @return the max number of connections allowed */ public long getMaxAllowedConnections() { return coreAttributes.maxAllowedConnections; } /** * Returns the threshold capacity beyond which internal cached buffers used * for encoding and decoding entries and protocol messages will be trimmed * after use. * * @return The threshold capacity beyond which internal cached buffers used * for encoding and decoding entries and protocol messages will be * trimmed after use. */ public int getMaxInternalBufferSize() { return coreAttributes.maxInternalBufferSize; } /** * Retrieves the maximum number of concurrent persistent searches that will be allowed. * * @return the max number of persistent searches */ public int getMaxPSearches() { return coreAttributes.maxPSearches; } /** * Retrieves the DN of the configuration entry for the identity mapper that * should be used in conjunction with proxied authorization V2 controls. * * @return The DN of the configuration entry for the identity mapper that * should be used in conjunction with proxied authorization V2 * controls, or {@code null} if none is defined. */ public DN getProxiedAuthorizationIdentityMapperDN() { return coreAttributes.proxiedAuthorizationIdentityMapperDN; } /** * Retrieves the result code that should be used when the Directory Server * encounters an internal server error. * * @return The result code that should be used when the Directory Server * encounters an internal server error. */ public ResultCode getServerErrorResultCode() { return coreAttributes.serverErrorResultCode; } /** * Retrieves the policy that should be used regarding enforcement of a single * structural objectclass per entry. * * @return The policy that should be used regarding enforcement of a single * structural objectclass per entry. */ public AcceptRejectWarn getSingleStructuralObjectClassPolicy() { return coreAttributes.singleStructuralClassPolicy; } /** * Retrieves the default maximum number of entries that should be returned for * a search. * * @return The default maximum number of entries that should be returned for * a search. */ public int getSizeLimit() { return coreAttributes.sizeLimit; } /** * Retrieves the restricted set of subordinate base DNs to use when searching the root suffix "". * * @return the subordinate base DNs, which is empty if there is no restriction */ public Set<DN> getSubordinateBaseDNs() { return Collections.unmodifiableSet(coreAttributes.subordinateBaseDNs); } /** * Retrieves the policy that should be used when an attribute value is found * that is not valid according to the associated attribute syntax. * * @return The policy that should be used when an attribute value is found * that is not valid according to the associated attribute syntax. */ public AcceptRejectWarn getSyntaxEnforcementPolicy() { return coreAttributes.syntaxEnforcementPolicy; } /** * Retrieves the default maximum length of time in seconds that should be * allowed when processing a search. * * @return The default maximum length of time in seconds that should be * allowed when processing a search. */ public int getTimeLimit() { return coreAttributes.timeLimit; } /** * Retrieves the writability mode for the Directory Server. This will only * be applicable for user suffixes. * * @return The writability mode for the Directory Server. */ public WritabilityMode getWritabilityMode() { return coreAttributes.writabilityMode; } /** * Indicates whether the Directory Server should automatically add missing RDN * attributes to an entry whenever it is added. * * @return {@code true} if the Directory Server should automatically add * missing RDN attributes to an entry, or {@code false} if it * should return an error to the client. */ public boolean isAddMissingRDNAttributes() { return coreAttributes.addMissingRDNAttributes; } /** * Indicates whether to be more flexible in the set of characters allowed for * attribute names. The standard requires that only ASCII alphabetic letters, * numeric digits, and hyphens be allowed, and that the name start with a * letter. If attribute name exceptions are enabled, then underscores will * also be allowed, and the name will be allowed to start with a digit. * * @return {@code true} if the server should use a more flexible * syntax for attribute names, or {@code false} if not. * @deprecated The schema option SchemaOptions.ALLOW_MALFORMED_NAMES_AND_OPTIONS from the * schema should be used instead */ @Deprecated public boolean isAllowAttributeNameExceptions() { return coreAttributes.allowAttributeNameExceptions; } /** * Indicates whether simple bind requests that contain a bind DN will also be * required to have a password. * * @return <CODE>true</CODE> if simple bind requests containing a bind DN * will be required to have a password, or <CODE>false</CODE> if not * (and therefore will be treated as anonymous binds). */ public boolean isBindWithDNRequiresPassword() { return coreAttributes.bindWithDNRequiresPassword; } /** * Indicates whether the Directory Server should perform schema checking. * * @return {@code true} if the Directory Server should perform schema * checking, or {@code false} if not. */ public boolean isCheckSchema() { return coreAttributes.checkSchema; } /** * Indicates whether the specified privilege is disabled. * * @param privilege The privilege for which to make the determination. * * @return {@code true} if the specified privilege is disabled, or * {@code false} if not. */ public boolean isDisabled(Privilege privilege) { return coreAttributes.disabledPrivileges.contains(privilege); } /** * Indicates whether the Directory Server is configured with information about * one or more mail servers and may therefore be used to send e-mail messages. * * @return {@code true} if the Directory Server is configured to be able to * send e-mail messages, or {@code false} if not. */ public boolean isMailServerConfigured() { return coreAttributes.mailServerPropertySets != null && !coreAttributes.mailServerPropertySets.isEmpty(); } /** * Indicates whether the Directory Server should send a response to an * operation that has been abandoned. Sending such a response is technically * a violation of the LDAP protocol specification, but not doing so in that * case can cause problems with clients that are expecting a response and may * hang until they get one. * * @return <CODE>true</CODE> if the Directory Server should send a response * to an operation that has been abandoned, or <CODE>false</CODE> if * not. */ public boolean isNotifyAbandonedOperations() { return coreAttributes.notifyAbandonedOperations; } /** * Indicates whether unauthenticated requests should be rejected. * * @return {@code true} if unauthenticated request should be rejected, * {@code false} otherwise. */ public boolean isRejectUnauthenticatedRequests() { return coreAttributes.rejectUnauthenticatedRequests; } /** * Indicates whether responses to failed bind operations should include a * message explaining the reason for the failure. * * @return {@code true} if bind responses should include error messages, or * {@code false} if not. */ public boolean isReturnBindErrorMessages() { return coreAttributes.returnBindErrorMessages; } /** * Retrieves whether operation processing times should be collected with * nanosecond resolution. * * @return <code>true</code> if nanosecond resolution times are collected * or <code>false</code> if only millisecond resolution times are * being collected. */ public boolean isUseNanoTime() { return coreAttributes.useNanoTime; } /** * Indicates whether configuration should be saved on successful startup of the server. * * @return {@code true} if configuration should be saved, * {@code false} otherwise. */ public boolean isSaveConfigOnSuccessfulStartup() { return coreAttributes.saveConfigOnSuccessfulStartup; } } opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java
@@ -34,6 +34,7 @@ import java.lang.management.ManagementFactory; import java.net.InetAddress; import java.text.DecimalFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; @@ -217,11 +218,6 @@ /** Temporary context object, to provide instance methods instead of static methods. */ private final DirectoryServerContext serverContext; /** The policy to use regarding single structural objectclass enforcement. */ private AcceptRejectWarn singleStructuralClassPolicy; /** The policy to use regarding syntax enforcement. */ private AcceptRejectWarn syntaxEnforcementPolicy; /** The account status notification handler config manager for the server. */ private AccountStatusNotificationHandlerConfigManager accountStatusNotificationHandlerConfigManager; @@ -230,24 +226,6 @@ /** The configuration manager that will handle the server backends. */ private BackendConfigManager backendConfigManager; /** * Indicates whether to automatically add missing RDN attributes to entries * during an add request. */ private boolean addMissingRDNAttributes; /** * Indicates whether to allow attribute name exceptions (i.e., attribute names * can contain underscores and may start with a digit). */ private boolean allowAttributeNameExceptions; /** Indicates whether a simple bind request containing a DN must also provide a password. */ private boolean bindWithDNRequiresPassword; /** Indicates whether the Directory Server should perform schema checking for update operations. */ private boolean checkSchema; /** Indicates whether the server has been bootstrapped. */ private boolean isBootstrapped; /** Indicates whether the server is currently online. */ @@ -255,21 +233,9 @@ /** Indicates whether the server is currently in "lockdown mode". */ private boolean lockdownMode; /** Indicates whether the server should send a response to operations that have been abandoned. */ private boolean notifyAbandonedOperations; /** Indicates whether to save a copy of the configuration on successful startup. */ private boolean saveConfigOnSuccessfulStartup; /** Indicates whether the server is currently in the process of shutting down. */ private boolean shuttingDown; /** Indicates whether the server should reject unauthenticated requests. */ private boolean rejectUnauthenticatedRequests; /** Indicates whether bind responses should include failure reason messages. */ private boolean returnBindErrorMessages; /** The configuration manager that will handle the certificate mapper. */ private CertificateMapperConfigManager certificateMapperConfigManager; @@ -428,15 +394,6 @@ /** The shutdown hook that has been registered with the server. */ private DirectoryServerShutdownHook shutdownHook; /** The DN of the default password policy configuration entry. */ private DN defaultPasswordPolicyDN; /** * The DN of the identity mapper that will be used to resolve authorization * IDs contained in the proxied authorization V2 control. */ private DN proxiedAuthorizationIdentityMapperDN; /** The DN of the entry containing the server schema definitions. */ private DN schemaDN; @@ -464,38 +421,15 @@ /** The configuration manager for identity mappers. */ private IdentityMapperConfigManager identityMapperConfigManager; /** * The maximum number of entries that should be returned for a search unless * overridden on a per-user basis. */ private int sizeLimit; /** * The maximum length of time in seconds that should be allowed for a search * unless overridden on a per-user basis. */ private int timeLimit; /** The maximum number of candidates that should be check for matches during a search. */ private int lookthroughLimit; /** The current active persistent searches. */ private final AtomicInteger activePSearches = new AtomicInteger(0); /** The maximum number of concurrent persistent searches. */ private int maxPSearches; /** Whether to use collect operation processing times in nanosecond resolution. */ private boolean useNanoTime; /** The key manager provider configuration manager for the Directory Server. */ private KeyManagerProviderConfigManager keyManagerProviderConfigManager; /** The set of connections that are currently established. */ private Set<ClientConnection> establishedConnections; /** The sets of mail server properties. */ private List<Properties> mailServerPropertySets; /** The log rotation policy config manager for the Directory Server. */ private LogRotationPolicyConfigManager rotationPolicyConfigManager; @@ -510,8 +444,6 @@ /** The idle time limit for the server. */ private long idleTimeLimit; /** The maximum number of connections that will be allowed at any given time. */ private long maxAllowedConnections; /** The maximum number of connections established at one time. */ private long maxConnections; @@ -544,9 +476,6 @@ /** The plugin config manager for the Directory Server. */ private PluginConfigManager pluginConfigManager; /** The result code that should be used for internal "server" errors. */ private ResultCode serverErrorResultCode; /** The root DN config manager for the server. */ private RootDNConfigManager rootDNConfigManager; @@ -556,12 +485,6 @@ /** The schema handler provides management of the schema, including its memory and files representations. */ private SchemaHandler schemaHandler; /** The set of disabled privileges. */ private Set<Privilege> disabledPrivileges; /** The set of allowed task classes. */ private Set<String> allowedTasks; /** The time that the server was started, formatted in UTC time. */ private String startTimeUTC; @@ -604,9 +527,6 @@ /** The work queue that will be used to service client requests. */ private WorkQueue<?> workQueue; /** The writability mode for the Directory Server. */ private WritabilityMode writabilityMode; /** The memory reservation system. */ private final MemoryQuota memoryQuota; @@ -616,9 +536,6 @@ /** The lock manager which will be used for coordinating access to LDAP entries. */ private final LockManager lockManager = new LockManager(); /** The maximum size that internal buffers will be allowed to grow to until they are trimmed. */ private int maxInternalBufferSize = DEFAULT_MAX_INTERNAL_BUFFER_SIZE; /** The default timeout used to start the server in detach mode. */ public static final int DEFAULT_TIMEOUT = 200; @@ -1051,6 +968,13 @@ { return directoryServer.backendConfigManager; } @Override public CoreConfigManager getCoreConfigManager() { return directoryServer.coreConfigManager; } } /** @@ -1076,7 +1000,6 @@ isRunning = false; shuttingDown = false; lockdownMode = false; serverErrorResultCode = ResultCode.OTHER; operatingSystem = OperatingSystem.forName(System.getProperty("os.name")); serverContext = new DirectoryServerContext(); @@ -1175,9 +1098,6 @@ { synchronized (directoryServer) { // Set default values for variables that may be needed during schema processing. directoryServer.syntaxEnforcementPolicy = AcceptRejectWarn.REJECT; // Schema handler contains a default schema to start with directoryServer.schemaHandler = new SchemaHandler(); @@ -1198,7 +1118,6 @@ directoryServer.retentionPolicies = new ConcurrentHashMap<>(); directoryServer.certificateMappers = new ConcurrentHashMap<>(); directoryServer.authenticationPolicies = new ConcurrentHashMap<>(); directoryServer.defaultPasswordPolicyDN = null; directoryServer.defaultPasswordPolicy = null; directoryServer.monitorProviders = new ConcurrentHashMap<>(); directoryServer.initializationCompletedListeners = new CopyOnWriteArrayList<>(); @@ -1213,9 +1132,6 @@ directoryServer.restoreTaskListeners = new CopyOnWriteArrayList<>(); directoryServer.exportTaskListeners = new CopyOnWriteArrayList<>(); directoryServer.importTaskListeners = new CopyOnWriteArrayList<>(); directoryServer.allowedTasks = new LinkedHashSet<>(0); directoryServer.disabledPrivileges = new LinkedHashSet<>(0); directoryServer.returnBindErrorMessages = false; directoryServer.idleTimeLimit = 0L; // make sure the timer thread is started in case it was stopped before @@ -1581,7 +1497,7 @@ } // Write a copy of the config if needed. if (saveConfigOnSuccessfulStartup) if (coreConfigManager.isSaveConfigOnSuccessfulStartup()) { configurationHandler.writeSuccessfulStartupConfig(); } @@ -1671,22 +1587,7 @@ */ public static boolean mailServerConfigured() { return directoryServer.mailServerPropertySets != null && !directoryServer.mailServerPropertySets.isEmpty(); } /** * Specifies the set of mail server properties that should be used for SMTP * communication. * * @param mailServerPropertySets A list of {@code Properties} objects that * provide information that can be used to * communicate with SMTP servers. */ public static void setMailServerPropertySets(List<Properties> mailServerPropertySets) { directoryServer.mailServerPropertySets = mailServerPropertySets; return directoryServer.coreConfigManager != null && directoryServer.coreConfigManager.isMailServerConfigured(); } /** @@ -1698,7 +1599,8 @@ */ public static List<Properties> getMailServerPropertySets() { return directoryServer.mailServerPropertySets; return directoryServer.coreConfigManager != null ? directoryServer.coreConfigManager.getMailServerPropertySets() : new ArrayList<Properties>(0); } /** @@ -2607,7 +2509,7 @@ // Ensure default policy is synchronized. synchronized (directoryServer.authenticationPolicies) { if (directoryServer.defaultPasswordPolicyDN.equals(configEntryDN)) if (directoryServer.coreConfigManager.getDefaultPasswordPolicyDN().equals(configEntryDN)) { // The correct policy type is enforced by the core config manager. directoryServer.defaultPasswordPolicy = (PasswordPolicy) policy; @@ -2638,7 +2540,7 @@ // Ensure default policy is synchronized. synchronized (directoryServer.authenticationPolicies) { if (directoryServer.defaultPasswordPolicyDN.equals(configEntryDN)) if (directoryServer.coreConfigManager.getDefaultPasswordPolicyDN().equals(configEntryDN)) { directoryServer.defaultPasswordPolicy = null; } @@ -2663,27 +2565,18 @@ { synchronized (directoryServer.authenticationPolicies) { return directoryServer.defaultPasswordPolicyDN; return directoryServer.coreConfigManager.getDefaultPasswordPolicyDN(); } } /** * Specifies the DN of the configuration entry for the default authentication * policy for the Directory Server. This routine does not check the registered * authentication policies for the specified DN, since in the case of server * initialization, the authentication policy entries will not yet have been * loaded from the configuration backend. * * @param defaultPasswordPolicyDN * The DN of the configuration entry for the default authentication * policy for the Directory Server. * Resets the default password policy to null. */ public static void setDefaultPasswordPolicyDN(DN defaultPasswordPolicyDN) public static void resetDefaultPasswordPolicy() { // Ensure default policy is synchronized. synchronized (directoryServer.authenticationPolicies) { directoryServer.defaultPasswordPolicyDN = defaultPasswordPolicyDN; directoryServer.defaultPasswordPolicy = null; } } @@ -2701,20 +2594,20 @@ // Ensure default policy is synchronized. synchronized (directoryServer.authenticationPolicies) { DN defaultPasswordPolicyDN = directoryServer.coreConfigManager.getDefaultPasswordPolicyDN(); assert null != directoryServer.authenticationPolicies .get(directoryServer.defaultPasswordPolicyDN) : .get(defaultPasswordPolicyDN) : "Internal Error: no default password policy defined."; if (directoryServer.defaultPasswordPolicy == null && directoryServer.defaultPasswordPolicyDN != null) && defaultPasswordPolicyDN != null) { // The correct policy type is enforced by the core config manager. directoryServer.defaultPasswordPolicy = (PasswordPolicy) directoryServer.authenticationPolicies .get(directoryServer.defaultPasswordPolicyDN); .get(defaultPasswordPolicyDN); } assert directoryServer.authenticationPolicies .get(directoryServer.defaultPasswordPolicyDN) == assert directoryServer.authenticationPolicies.get(defaultPasswordPolicyDN) == directoryServer.defaultPasswordPolicy : "Internal Error: inconsistency between defaultPasswordPolicy" + " cache and value in authenticationPolicies map."; @@ -3162,20 +3055,8 @@ */ public static ResultCode getServerErrorResultCode() { return directoryServer.serverErrorResultCode; } /** * Specifies the result code that should be used when the Directory Server * encounters an internal server error. * * @param serverErrorResultCode The result code that should be used when the * Directory Server encounters an internal * server error. */ public static void setServerErrorResultCode(ResultCode serverErrorResultCode) { directoryServer.serverErrorResultCode = serverErrorResultCode; return directoryServer.coreConfigManager != null ? directoryServer.coreConfigManager.getServerErrorResultCode() : ResultCode.OTHER; } /** @@ -3188,21 +3069,7 @@ */ public static boolean addMissingRDNAttributes() { return directoryServer.addMissingRDNAttributes; } /** * Specifies whether the Directory Server should automatically add missing RDN * attributes to an entry whenever it is added. * * @param addMissingRDNAttributes Specifies whether the Directory Server * should automatically add missing RDN * attributes to an entry whenever it is * added. */ public static void setAddMissingRDNAttributes(boolean addMissingRDNAttributes) { directoryServer.addMissingRDNAttributes = addMissingRDNAttributes; return directoryServer.coreConfigManager.isAddMissingRDNAttributes(); } /** @@ -3220,21 +3087,8 @@ @Deprecated public static boolean allowAttributeNameExceptions() { return directoryServer.allowAttributeNameExceptions; } /** * Specifies whether to be more flexible in the set of characters allowed for * attribute names. * * @param allowAttributeNameExceptions Specifies whether to be more flexible * in the set of characters allowed for * attribute names. */ public static void setAllowAttributeNameExceptions( boolean allowAttributeNameExceptions) { directoryServer.allowAttributeNameExceptions = allowAttributeNameExceptions; return directoryServer.coreConfigManager != null && directoryServer.coreConfigManager.isAllowAttributeNameExceptions(); } /** @@ -3245,18 +3099,7 @@ */ public static boolean checkSchema() { return directoryServer.checkSchema; } /** * Specifies whether the Directory Server should perform schema checking. * * @param checkSchema Specifies whether the Directory Server should perform * schema checking. */ public static void setCheckSchema(boolean checkSchema) { directoryServer.checkSchema = checkSchema; return directoryServer.coreConfigManager.isCheckSchema(); } /** @@ -3268,21 +3111,7 @@ */ public static AcceptRejectWarn getSingleStructuralObjectClassPolicy() { return directoryServer.singleStructuralClassPolicy; } /** * Specifies the policy that should be used regarding enforcement of a single * structural objectclass per entry. * * @param singleStructuralClassPolicy The policy that should be used * regarding enforcement of a single * structural objectclass per entry. */ public static void setSingleStructuralObjectClassPolicy( AcceptRejectWarn singleStructuralClassPolicy) { directoryServer.singleStructuralClassPolicy = singleStructuralClassPolicy; return directoryServer.coreConfigManager.getSingleStructuralObjectClassPolicy(); } /** @@ -3294,22 +3123,8 @@ */ public static AcceptRejectWarn getSyntaxEnforcementPolicy() { return directoryServer.syntaxEnforcementPolicy; } /** * Retrieves the policy that should be used when an attribute value is found * that is not valid according to the associated attribute syntax. * * @param syntaxEnforcementPolicy The policy that should be used when an * attribute value is found that is not valid * according to the associated attribute * syntax. */ public static void setSyntaxEnforcementPolicy( AcceptRejectWarn syntaxEnforcementPolicy) { directoryServer.syntaxEnforcementPolicy = syntaxEnforcementPolicy; return directoryServer.coreConfigManager != null ? directoryServer.coreConfigManager.getSyntaxEnforcementPolicy() : AcceptRejectWarn.REJECT; } /** @@ -3325,24 +3140,7 @@ */ public static boolean notifyAbandonedOperations() { return directoryServer.notifyAbandonedOperations; } /** * Specifies whether the Directory Server should send a response to an * operation that has been abandoned. Sending such a response is technically * a violation of the LDAP protocol specification, but not doing so in that * case can cause problems with clients that are expecting a response and may * hang until they get one. * * @param notifyAbandonedOperations Indicates whether the Directory Server * should send a response to an operation * that has been abandoned. */ public static void setNotifyAbandonedOperations( boolean notifyAbandonedOperations) { directoryServer.notifyAbandonedOperations = notifyAbandonedOperations; return directoryServer.coreConfigManager.isNotifyAbandonedOperations(); } /** @@ -3745,36 +3543,6 @@ } /** * Retrieves the DN of the configuration entry for the identity mapper that * should be used in conjunction with proxied authorization V2 controls. * * @return The DN of the configuration entry for the identity mapper that * should be used in conjunction with proxied authorization V2 * controls, or {@code null} if none is defined. */ public static DN getProxiedAuthorizationIdentityMapperDN() { return directoryServer.proxiedAuthorizationIdentityMapperDN; } /** * Specifies the DN of the configuration entry for the identity mapper that * should be used in conjunction with proxied authorization V2 controls. * * @param proxiedAuthorizationIdentityMapperDN The DN of the configuration * entry for the identity mapper * that should be used in * conjunction with proxied * authorization V2 controls. */ public static void setProxiedAuthorizationIdentityMapperDN( DN proxiedAuthorizationIdentityMapperDN) { directoryServer.proxiedAuthorizationIdentityMapperDN = proxiedAuthorizationIdentityMapperDN; } /** * Retrieves the identity mapper that should be used to resolve authorization * IDs contained in proxied authorization V2 controls. * @@ -3784,7 +3552,7 @@ */ public static IdentityMapper<?> getProxiedAuthorizationIdentityMapper() { DN dnMapper = directoryServer.proxiedAuthorizationIdentityMapperDN; DN dnMapper = directoryServer.coreConfigManager.getProxiedAuthorizationIdentityMapperDN(); return dnMapper != null ? directoryServer.identityMappers.get(dnMapper) : null; } @@ -3917,7 +3685,7 @@ ClientConnection clientConnection = operation.getClientConnection(); //Reject or accept the unauthenticated requests based on the configuration settings. if (!clientConnection.getAuthenticationInfo().isAuthenticated() && (directoryServer.rejectUnauthenticatedRequests || (directoryServer.coreConfigManager.isRejectUnauthenticatedRequests() || (directoryServer.lockdownMode && !isAllowedInLockDownMode))) { switch(operation.getOperationType()) @@ -4093,28 +3861,8 @@ */ public static Set<String> getAllowedTasks() { return directoryServer.allowedTasks; } /** * Specifies the set of allowed tasks that may be invoked in the server. * * @param allowedTasks A set containing the names of the allowed tasks that * may be invoked in the server. */ public static void setAllowedTasks(Set<String> allowedTasks) { directoryServer.allowedTasks = allowedTasks; } /** * Retrieves the set of privileges that have been disabled. * * @return The set of privileges that have been disabled. */ public static Set<Privilege> getDisabledPrivileges() { return directoryServer.disabledPrivileges; return directoryServer.coreConfigManager != null ? directoryServer.coreConfigManager.getAllowedTasks() : new HashSet<String>(0); } /** @@ -4127,18 +3875,8 @@ */ public static boolean isDisabled(Privilege privilege) { return directoryServer.disabledPrivileges.contains(privilege); } /** * Specifies the set of privileges that should be disabled in the server. * * @param disabledPrivileges The set of privileges that should be disabled * in the server. */ public static void setDisabledPrivileges(Set<Privilege> disabledPrivileges) { directoryServer.disabledPrivileges = disabledPrivileges; return directoryServer.coreConfigManager != null ? directoryServer.coreConfigManager.getDisabledPrivileges().contains(privilege) : false; } /** @@ -4150,20 +3888,7 @@ */ public static boolean returnBindErrorMessages() { return directoryServer.returnBindErrorMessages; } /** * Specifies whether responses to failed bind operations should include a * message explaining the reason for the failure. * * @param returnBindErrorMessages Specifies whether responses to failed bind * operations should include a message * explaining the reason for the failure. */ public static void setReturnBindErrorMessages(boolean returnBindErrorMessages) { directoryServer.returnBindErrorMessages = returnBindErrorMessages; return directoryServer.coreConfigManager.isReturnBindErrorMessages(); } /** @@ -4192,21 +3917,6 @@ } /** * Specifies whether the Directory Server should save a copy of its * configuration whenever it is started successfully. * * @param saveConfigOnSuccessfulStartup Specifies whether the server should * save a copy of its configuration * whenever it is started successfully. */ public static void setSaveConfigOnSuccessfulStartup( boolean saveConfigOnSuccessfulStartup) { directoryServer.saveConfigOnSuccessfulStartup = saveConfigOnSuccessfulStartup; } /** * Registers the provided backup task listener with the Directory Server. * * @param listener The backup task listener to register with the Directory @@ -4775,11 +4485,9 @@ */ private void destroy() { checkSchema = true; isBootstrapped = false; isRunning = false; lockdownMode = true; rejectUnauthenticatedRequests = true; shuttingDown = true; configFile = null; @@ -4872,26 +4580,6 @@ } /** * Specifies the maximum number of concurrent client connections that may be * established. A value that is less than or equal to zero will indicate that * no limit should be enforced. * * @param maxAllowedConnections The maximum number of concurrent client * connections that may be established. */ public static void setMaxAllowedConnections(long maxAllowedConnections) { if (maxAllowedConnections > 0) { directoryServer.maxAllowedConnections = maxAllowedConnections; } else { directoryServer.maxAllowedConnections = -1; } } /** * Indicates that a new connection has been accepted and increments the * associated counters. * @@ -4915,7 +4603,7 @@ } } final long maxAllowed = directoryServer.maxAllowedConnections; final long maxAllowed = directoryServer.coreConfigManager.getMaxAllowedConnections(); if (0 < maxAllowed && maxAllowed <= directoryServer.currentConnections) { return -1; @@ -5022,19 +4710,7 @@ */ public static int getSizeLimit() { return directoryServer.sizeLimit; } /** * Specifies the default maximum number of entries that should be returned for * a search. * * @param sizeLimit The default maximum number of entries that should be * returned for a search. */ public static void setSizeLimit(int sizeLimit) { directoryServer.sizeLimit = sizeLimit; return directoryServer.coreConfigManager.getSizeLimit(); } /** @@ -5046,31 +4722,7 @@ */ public static int getLookthroughLimit() { return directoryServer.lookthroughLimit; } /** * Specifies the default maximum number of entries that should be checked for * matches during a search. * * @param lookthroughLimit The default maximum number of entries that should * be check for matches during a search. */ public static void setLookthroughLimit(int lookthroughLimit) { directoryServer.lookthroughLimit = lookthroughLimit; } /** * Specifies the maximum number of simultaneous persistent * searches that are allowed. * * @param maxPSearches The maximum number of simultaneous persistent * searches that are allowed. */ public static void setMaxPersistentSearchLimit(int maxPSearches) { directoryServer.maxPSearches = maxPSearches; return directoryServer.coreConfigManager.getLookthroughLimit(); } /** @@ -5105,8 +4757,8 @@ public static boolean allowNewPersistentSearch() { //-1 indicates that there is no limit. return directoryServer.maxPSearches == -1 || directoryServer.activePSearches.get() < directoryServer.maxPSearches; int max = directoryServer.coreConfigManager.getMaxPSearches(); return max == -1 || directoryServer.activePSearches.get() < max; } /** @@ -5118,32 +4770,7 @@ */ public static int getTimeLimit() { return directoryServer.timeLimit; } /** * Specifies the default maximum length of time in seconds that should be * allowed when processing a search. * * @param timeLimit The default maximum length of time in seconds that * should be allowed when processing a search. */ public static void setTimeLimit(int timeLimit) { directoryServer.timeLimit = timeLimit; } /** * Specifies whether to collect nanosecond resolution processing times for * operations. * * @param useNanoTime <code>true</code> if nanosecond resolution times * should be collected or <code>false</code> to * only collect in millisecond resolution. */ public static void setUseNanoTime(boolean useNanoTime) { directoryServer.useNanoTime = useNanoTime; return directoryServer.coreConfigManager.getTimeLimit(); } /** @@ -5156,7 +4783,7 @@ */ public static boolean getUseNanoTime() { return directoryServer.useNanoTime; return directoryServer.coreConfigManager.isUseNanoTime(); } /** @@ -5167,19 +4794,7 @@ */ public static WritabilityMode getWritabilityMode() { return directoryServer.writabilityMode; } /** * Specifies the writability mode for the Directory Server. This will only * be applicable for user suffixes. * * @param writabilityMode Specifies the writability mode for the Directory * Server. */ public static void setWritabilityMode(WritabilityMode writabilityMode) { directoryServer.writabilityMode = writabilityMode; return directoryServer.coreConfigManager.getWritabilityMode(); } /** @@ -5192,35 +4807,7 @@ */ public static boolean bindWithDNRequiresPassword() { return directoryServer.bindWithDNRequiresPassword; } /** * Specifies whether simple bind requests that contain a bind DN will also be * required to have a password. * * @param bindWithDNRequiresPassword Indicates whether simple bind requests * that contain a bind DN will also be * required to have a password. */ public static void setBindWithDNRequiresPassword(boolean bindWithDNRequiresPassword) { directoryServer.bindWithDNRequiresPassword = bindWithDNRequiresPassword; } /** * Specifies whether an unauthenticated request should be rejected. * * @param rejectUnauthenticatedRequests Indicates whether an * unauthenticated request should * be rejected. */ public static void setRejectUnauthenticatedRequests(boolean rejectUnauthenticatedRequests) { directoryServer.rejectUnauthenticatedRequests = rejectUnauthenticatedRequests; return directoryServer.coreConfigManager.isBindWithDNRequiresPassword(); } /** @@ -5930,21 +5517,6 @@ } /** * Sets the threshold capacity beyond which internal cached buffers used for * encoding and decoding entries and protocol messages will be trimmed after * use. * * @param maxInternalBufferSize * The threshold capacity beyond which internal cached buffers used * for encoding and decoding entries and protocol messages will be * trimmed after use. */ public static void setMaxInternalBufferSize(int maxInternalBufferSize) { directoryServer.maxInternalBufferSize = maxInternalBufferSize; } /** * Returns the threshold capacity beyond which internal cached buffers used * for encoding and decoding entries and protocol messages will be trimmed * after use. @@ -5955,7 +5527,7 @@ */ public static int getMaxInternalBufferSize() { return directoryServer.maxInternalBufferSize; return directoryServer.coreConfigManager.getMaxInternalBufferSize(); } /** opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java
@@ -117,7 +117,7 @@ // Now that all of the identity mappers are defined, see if the Directory // Server's proxied auth mapper is valid. If not, then log a warning // message. DN mapperDN = DirectoryServer.getProxiedAuthorizationIdentityMapperDN(); DN mapperDN = serverContext.getCoreConfigManager().getProxiedAuthorizationIdentityMapperDN(); if (mapperDN == null) { logger.error(ERR_CONFIG_IDMAPPER_NO_PROXY_MAPPER_DN); opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java
@@ -142,4 +142,11 @@ * @return backend manager */ BackendConfigManager getBackendConfigManager(); /** * Returns the manager of core configuration. * * @return core configuration manager */ CoreConfigManager getCoreConfigManager(); } opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
@@ -778,7 +778,7 @@ SearchResultCode searchResultCode = new SearchResultCode(searchOp.getResultCode(), searchOp.getErrorMessage()); DN originalBaseDN = searchOp.getBaseDN(); for (DN subordinateDN : getBackendManager().findSubordinateLocalNamingContextsForEntry(originalBaseDN)) for (DN subordinateDN : getBackendManager().findSubordinateLocalNamingContextsToSearchForEntry(originalBaseDN)) { // We have to change the operation request base DN to match the // subordinate workflow base DN. Otherwise the workflow will opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java
@@ -32,12 +32,15 @@ import java.util.Map; import org.forgerock.i18n.LocalizableMessage; import org.forgerock.opendj.config.client.ManagementContext; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DN; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.ldap.requests.AddRequest; import org.forgerock.opendj.ldap.schema.AttributeType; import org.forgerock.opendj.ldap.schema.ObjectClass; import org.forgerock.opendj.server.config.client.GlobalCfgClient; import org.forgerock.opendj.server.config.meta.GlobalCfgDefn; import org.opends.server.TestCaseUtils; import org.opends.server.api.LocalBackend; import org.opends.server.plugins.DisconnectClientPlugin; @@ -809,7 +812,7 @@ { TestCaseUtils.initializeTestBackend(true); DirectoryServer.setAddMissingRDNAttributes(false); setAddMissingRDNAttribute(false); Entry entry = TestCaseUtils.makeEntry( "dn: ou=People,o=test", @@ -819,7 +822,17 @@ AddOperation addOperation = getRootConnection().processAdd(entry); assertNotEquals(addOperation.getResultCode(), ResultCode.SUCCESS); DirectoryServer.setAddMissingRDNAttributes(true); setAddMissingRDNAttribute(true); } private void setAddMissingRDNAttribute(boolean value) throws Exception { try (ManagementContext conf = getServer().getConfiguration()) { GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration(); globalCfg.setAddMissingRDNAttributes(value); globalCfg.commit(); } } /** @@ -1108,12 +1121,22 @@ "cn: Test User", "userPassword: password"); DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED); AddOperation addOperation = getRootConnection().processAdd(entry); assertNotEquals(addOperation.getResultCode(), ResultCode.SUCCESS); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } static void setWritabilityMode(GlobalCfgDefn.WritabilityMode mode) throws Exception { try (ManagementContext conf = getServer().getConfiguration()) { GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration(); globalCfg.setWritabilityMode(mode); globalCfg.commit(); } } /** @@ -1139,13 +1162,13 @@ "cn: Test User", "userPassword: password"); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); AddOperation addOperation = getRootConnection().processAdd(entry); assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS); retrieveCompletedOperationElements(addOperation); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } /** @@ -1163,7 +1186,7 @@ { conn.bind("cn=Directory Manager", "password"); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); long addRequests = ldapStatistics.getAddRequests(); long addResponses = ldapStatistics.getAddResponses(); @@ -1177,7 +1200,7 @@ assertEquals(ldapStatistics.getAddRequests(), addRequests+1); waitForAddResponsesStat(addResponses+1); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } }
@@ -24,6 +24,7 @@ import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DN; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.meta.GlobalCfgDefn; import org.opends.server.TestCaseUtils; import org.opends.server.api.LocalBackend; import org.opends.server.plugins.DisconnectClientPlugin; @@ -43,6 +44,7 @@ import org.testng.annotations.Test; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.core.AddOperationTestCase.setWritabilityMode; import static org.opends.server.protocols.internal.InternalClientConnection.*; import static org.opends.server.protocols.ldap.LDAPConstants.*; import static org.opends.server.types.NullOutputStream.nullPrintStream; @@ -507,12 +509,12 @@ { TestCaseUtils.initializeTestBackend(true); DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED); DeleteOperation deleteOperation = processDeleteRaw("o=test"); assertNotEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } @@ -528,12 +530,12 @@ { TestCaseUtils.initializeTestBackend(true); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); DeleteOperation deleteOperation = processDeleteRaw("o=test"); assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } @@ -549,12 +551,12 @@ { TestCaseUtils.initializeTestBackend(true); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); String[] args = getArgs("o=test"); assertFalse(LDAPDelete.run(nullPrintStream(), nullPrintStream(), args) == 0); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); }
@@ -22,6 +22,7 @@ import static org.forgerock.opendj.ldap.requests.Requests.*; import static org.forgerock.opendj.ldap.schema.CoreSchema.*; import static org.opends.server.TestCaseUtils.*; import static org.opends.server.core.AddOperationTestCase.setWritabilityMode; import static org.opends.server.protocols.internal.InternalClientConnection.*; import static org.opends.server.protocols.internal.Requests.newSearchRequest; import static org.opends.server.protocols.ldap.LDAPConstants.*; @@ -44,6 +45,7 @@ import org.forgerock.opendj.ldap.requests.ModifyRequest; import org.forgerock.opendj.ldap.requests.Requests; import org.forgerock.opendj.ldap.schema.AttributeType; import org.forgerock.opendj.server.config.meta.GlobalCfgDefn; import org.opends.server.TestCaseUtils; import org.opends.server.api.LocalBackend; import org.opends.server.plugins.DisconnectClientPlugin; @@ -2305,14 +2307,14 @@ "mail: foo", "employeeNumber: 1"); DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED); RawModification mod = newRawModification(ADD, "objectClass", "extensibleObject"); ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN, mod); assertNotEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS); retrieveFailedOperationElements(modifyOperation); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } @@ -2342,14 +2344,14 @@ "mail: foo", "employeeNumber: 1"); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); RawModification mod = newRawModification(ADD, "objectClass", "extensibleObject"); ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN, mod); assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS); retrieveSuccessfulOperationElements(modifyOperation); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } @@ -2379,7 +2381,7 @@ "mail: foo", "employeeNumber: 1"); DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY); setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY); try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort())) { @@ -2398,7 +2400,7 @@ assertEquals(ldapStatistics.getModifyRequests(), modifyRequests + 1); waitForModifyResponsesStat(modifyResponses + 1); DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED); setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED); } }
@@ -19,9 +19,12 @@ import java.util.ArrayList; import com.forgerock.opendj.ldap.tools.LDAPCompare; import org.forgerock.opendj.config.client.ManagementContext; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.DN; import org.forgerock.opendj.ldap.ResultCode; import org.forgerock.opendj.server.config.client.GlobalCfgClient; import org.opends.server.TestCaseUtils; import org.opends.server.protocols.internal.InternalClientConnection; import org.opends.server.tools.LDAPAuthenticationHandler; @@ -245,20 +248,30 @@ * settings for "ds-cfg-reject-unauthenticated-requests". */ @Test public void testAuthSearchDefCfg() public void testAuthSearchDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.SIMPLE)), 0); } private void setRejectUnauthenticatedRequests(boolean value) throws Exception { try (ManagementContext conf = getServer().getConfiguration()) { GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration(); globalCfg.setRejectUnauthenticatedRequests(value); globalCfg.commit(); } } /** * Tests whether an unauthenticated SEARCH request will be allowed with the default configuration * settings for "ds-cfg-reject-unauthenticated-requests". */ @Test public void testUnauthSearchDefCfg() public void testUnauthSearchDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.ANONYMOUS)), 0); } @@ -268,9 +281,9 @@ * "ds-cfg-reject-unauthenticated-requests" . */ @Test public void testAuthBindDefCfg() public void testAuthBindDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo()); ByteString user = ByteString.valueOfUtf8("cn=Directory Manager"); @@ -287,9 +300,9 @@ * "ds-cfg-reject-unauthenticated-requests". */ @Test public void testUnauthBindDefCfg() public void testUnauthBindDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo()); BindOperation bindOperation = conn.processSimpleBind(DN.rootDN(), null); @@ -309,7 +322,7 @@ @Test public void testAuthWAIDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort())) { @@ -336,7 +349,7 @@ @Test public void testUnauthWAIDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort())) { @@ -359,7 +372,7 @@ @Test public void testStartTLSUnauthDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0); } @@ -373,7 +386,7 @@ @Test public void testOtherOpsAuthDefCfg() throws Exception { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); assertEquals(performAddOperation(true), 0); assertEquals(performModifyOperation(true), 0); @@ -412,18 +425,18 @@ * "ds-cfg-reject-unauthenticated-requests" . */ @Test public void testSearchNewCfg() public void testSearchNewCfg() throws Exception { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); assertFalse(LDAPSearch.run(nullPrintStream(), nullPrintStream(), searchArgs(Auth.ANONYMOUS)) == 0); assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0); } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -433,11 +446,11 @@ * "ds-cfg-reject-unauthenticated-requests" . */ @Test public void testBindNewCfg() public void testBindNewCfg() throws Exception { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo()); ByteString user = ByteString.valueOfUtf8("cn=Directory Manager"); @@ -451,7 +464,7 @@ } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -470,12 +483,12 @@ { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0); } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -494,7 +507,7 @@ { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); ExtendedOperation extOp = getRootConnection().processExtendedOperation(OID_WHO_AM_I_REQUEST, null); assertEquals(extOp.getResultCode(), ResultCode.SUCCESS); @@ -502,7 +515,7 @@ } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -518,7 +531,7 @@ { try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort())) { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler(); try @@ -536,7 +549,7 @@ } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -554,7 +567,7 @@ { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); assertEquals(performAddOperation(true), 0); assertEquals(performModifyOperation(true), 0); @@ -564,7 +577,7 @@ } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } @@ -582,7 +595,7 @@ { try { DirectoryServer.setRejectUnauthenticatedRequests(true); setRejectUnauthenticatedRequests(true); assertNotEquals(performAddOperation(false), 0); assertNotEquals(performModifyOperation(false), 0); @@ -592,7 +605,7 @@ } finally { DirectoryServer.setRejectUnauthenticatedRequests(false); setRejectUnauthenticatedRequests(false); } } } opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java
@@ -12,20 +12,24 @@ * information: "Portions Copyright [year] [name of copyright owner]". * * Copyright 2006-2008 Sun Microsystems, Inc. * Portions Copyright 2014-2015 ForgeRock AS. * Portions Copyright 2014-2016 ForgeRock AS. */ package org.opends.server.schema; import org.forgerock.opendj.config.client.ManagementContext; import org.forgerock.opendj.ldap.Assertion; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.ConditionResult; import org.forgerock.opendj.ldap.DecodeException; import org.forgerock.opendj.ldap.schema.MatchingRule; import org.forgerock.opendj.server.config.client.GlobalCfgClient; import org.forgerock.opendj.server.config.meta.GlobalCfgDefn; import org.opends.server.core.DirectoryServer; import org.opends.server.types.AcceptRejectWarn; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import static org.opends.server.TestCaseUtils.getServer; import static org.testng.Assert.*; /** @@ -77,14 +81,38 @@ throws Exception { AcceptRejectWarn accept = DirectoryServer.getSyntaxEnforcementPolicy(); DirectoryServer.setSyntaxEnforcementPolicy(AcceptRejectWarn.WARN); setSyntaxEnforcementPolicy(GlobalCfgDefn.InvalidAttributeSyntaxBehavior.WARN); try { testValuesMatch(value1, value2, result); } finally { DirectoryServer.setSyntaxEnforcementPolicy(accept); setSyntaxEnforcementPolicy(convertAccept(accept)); } } private static GlobalCfgDefn.InvalidAttributeSyntaxBehavior convertAccept(AcceptRejectWarn accept) { switch (accept) { case ACCEPT: return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.ACCEPT; case WARN: return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.WARN; case REJECT: default: return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.REJECT; } } private void setSyntaxEnforcementPolicy(GlobalCfgDefn.InvalidAttributeSyntaxBehavior value) throws Exception { try (ManagementContext conf = getServer().getConfiguration()) { GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration(); globalCfg.setInvalidAttributeSyntaxBehavior(value); globalCfg.commit(); } }
@@ -16,18 +16,20 @@ */ package org.opends.server.types; import static org.opends.server.types.AcceptRejectWarn.*; import static org.opends.server.TestCaseUtils.getServer; import static org.opends.server.types.NullOutputStream.nullPrintStream; import static org.testng.Assert.*; import java.util.LinkedList; import org.forgerock.i18n.LocalizableMessageBuilder; import org.forgerock.opendj.config.client.ManagementContext; import org.forgerock.opendj.ldap.ByteString; import org.forgerock.opendj.ldap.schema.AttributeType; import org.forgerock.opendj.ldap.schema.CoreSchema; import org.forgerock.opendj.server.config.client.GlobalCfgClient; import org.forgerock.opendj.server.config.meta.GlobalCfgDefn; import org.opends.server.TestCaseUtils; import org.opends.server.core.DirectoryServer; import com.forgerock.opendj.ldap.tools.LDAPModify; import org.testng.annotations.Test; @@ -45,26 +47,37 @@ * * @param e The entry to be tested. */ private void failOnlyForStrictEvaluation(Entry e) private void failOnlyForStrictEvaluation(Entry e) throws Exception { try { LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder(); DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT); assertFalse(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation succeeded with REJECT policy"); DirectoryServer.setSingleStructuralObjectClassPolicy(WARN); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.WARN); assertTrue(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation failed with WARN policy: " + invalidReason); DirectoryServer.setSingleStructuralObjectClassPolicy(ACCEPT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.ACCEPT); assertTrue(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation failed with ACCEPT policy: " + invalidReason); } finally { DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT); } } private void setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior policy) throws Exception { try (ManagementContext conf = getServer().getConfiguration()) { GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration(); globalCfg.setSingleStructuralObjectclassBehavior(policy); globalCfg.commit(); } } @@ -75,26 +88,26 @@ * * @param e The entry to be tested. */ private void failAlwaysStrictEvaluation(Entry e) private void failAlwaysStrictEvaluation(Entry e) throws Exception { try { LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder(); DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT); assertFalse(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation succeeded with REJECT policy"); DirectoryServer.setSingleStructuralObjectClassPolicy(WARN); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.WARN); assertFalse(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation failed with WARN policy: " + invalidReason); DirectoryServer.setSingleStructuralObjectClassPolicy(ACCEPT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.ACCEPT); assertFalse(e.conformsToSchema(null, false, true, true, invalidReason), "Entry validation failed with ACCEPT policy: " + invalidReason); } finally { DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT); setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT); } }
