From b08bd4dd4b0d4d17d4907c605dba11020cf11922 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 28 Sep 2007 15:47:50 +0000
Subject: [PATCH] Add support for specifying arbitrary constraints in managed object definitions and use it within the LDAP and JMX connection handlers to enforce their SSL/StartTLS settings. This feature will be re-used for other managed object definitions as the need arises.

---
 opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml |   70 +++++++++++++++++++++++++++++++++++
 1 files changed, 70 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml
index a46d69c..e516200 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/LDAPConnectionHandlerConfiguration.xml
@@ -36,6 +36,76 @@
     is used to interact with clients using LDAP. In particular, it
     provides full support for LDAPv3 and limited support for LDAPv2.
   </adm:synopsis>
+  <adm:constraint>
+    <adm:synopsis>
+      A Key Manager Provider must be specified when this
+      <adm:user-friendly-name />
+      is configured to use SSL.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:implies>
+        <adm:contains property="use-ssl" value="true" />
+        <adm:is-present property="key-manager-provider" />
+      </adm:implies>
+    </adm:condition>
+  </adm:constraint>
+  <adm:constraint>
+    <adm:synopsis>
+      A Key Manager Provider must be specified when this
+      <adm:user-friendly-name />
+      is configured to allow StartTLS.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:implies>
+        <adm:contains property="allow-start-tls" value="true" />
+        <adm:is-present property="key-manager-provider" />
+      </adm:implies>
+    </adm:condition>
+  </adm:constraint>
+  <adm:constraint>
+    <adm:synopsis>
+      A Trust Manager Provider must be specified when this
+      <adm:user-friendly-name />
+      is configured to use SSL.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:implies>
+        <adm:contains property="use-ssl" value="true" />
+        <adm:is-present property="trust-manager-provider" />
+      </adm:implies>
+    </adm:condition>
+  </adm:constraint>
+  <adm:constraint>
+    <adm:synopsis>
+      A Trust Manager Provider must be specified when this
+      <adm:user-friendly-name />
+      is configured to allow StartTLS.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:implies>
+        <adm:contains property="allow-start-tls" value="true" />
+        <adm:is-present property="trust-manager-provider" />
+      </adm:implies>
+    </adm:condition>
+  </adm:constraint>
+  <adm:constraint>
+    <adm:synopsis>
+      A
+      <adm:user-friendly-name />
+      cannot be configured to support SSL and StartTLS at the same time.
+      Either SSL or StartTLS must be disabled in order for this
+      <adm:user-friendly-name />
+      to be used.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:not>
+        <adm:and>
+          <adm:contains property="use-ssl" value="true" />
+          <adm:contains property="allow-start-tls" value="true" />
+        </adm:and>
+      </adm:not>
+    </adm:condition>
+  </adm:constraint>
   <adm:profile name="ldap">
     <ldap:object-class>
       <ldap:name>ds-cfg-ldap-connection-handler</ldap:name>

--
Gitblit v1.10.0