From f973fdc23819af4e03dc7da46bf19744728a5b9d Mon Sep 17 00:00:00 2001
From: Nicolas Capponi <nicolas.capponi@forgerock.com>
Date: Mon, 21 Nov 2016 10:43:14 +0000
Subject: [PATCH] OPENDJ-3476 Move subordinate-base-dn property from RootDSEBackend config to Global config
---
opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java | 2
opendj-server-legacy/src/test/java/org/opends/server/core/DeleteOperationTestCase.java | 14
opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java | 528 ++-------------------
opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java | 71 --
opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java | 27 +
opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java | 7
opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java | 2
opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java | 69 +-
opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java | 14
opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java | 39 +
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml | 24
opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java | 591 ++++++++++++++++++++++-
opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml | 22
opendj-server-legacy/src/test/java/org/opends/server/types/EntrySchemaCheckingTestCase.java | 37 +
opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java | 34 +
15 files changed, 803 insertions(+), 678 deletions(-)
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml
index b7bf486..e208322 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/GlobalConfiguration.xml
@@ -13,7 +13,7 @@
information: "Portions Copyright [year] [name of copyright owner]".
Copyright 2007-2010 Sun Microsystems, Inc.
- Portions Copyright 2011-2015 ForgeRock AS.
+ Portions Copyright 2011-2016 ForgeRock AS.
! -->
<adm:managed-object name="global" plural-name="globals"
package="org.forgerock.opendj.server.config"
@@ -884,4 +884,26 @@
</ldap:attribute>
</adm:profile>
</adm:property>
+ <adm:property name="subordinate-base-dn" multi-valued="true">
+ <adm:synopsis>
+ Specifies the set of naming contexts that are accessible using a
+ subtree search from base DN "".
+ </adm:synopsis>
+ <adm:default-behavior>
+ <adm:alias>
+ <adm:synopsis>
+ The set of all user-defined suffixes is used when searching
+ from base DN "".
+ </adm:synopsis>
+ </adm:alias>
+ </adm:default-behavior>
+ <adm:syntax>
+ <adm:dn />
+ </adm:syntax>
+ <adm:profile name="ldap">
+ <ldap:attribute>
+ <ldap:name>ds-cfg-subordinate-base-dn</ldap:name>
+ </ldap:attribute>
+ </adm:profile>
+ </adm:property>
</adm:managed-object>
diff --git a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml
index 7a79dde..ab1a986 100644
--- a/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml
+++ b/opendj-maven-plugin/src/main/resources/config/xml/org/forgerock/opendj/server/config/RootDSEBackendConfiguration.xml
@@ -37,28 +37,6 @@
<ldap:superior>top</ldap:superior>
</ldap:object-class>
</adm:profile>
- <adm:property name="subordinate-base-dn" multi-valued="true">
- <adm:synopsis>
- Specifies the set of base DNs used for singleLevel,
- wholeSubtree, and subordinateSubtree searches based at the root
- DSE.
- </adm:synopsis>
- <adm:default-behavior>
- <adm:alias>
- <adm:synopsis>
- The set of all user-defined suffixes is used.
- </adm:synopsis>
- </adm:alias>
- </adm:default-behavior>
- <adm:syntax>
- <adm:dn />
- </adm:syntax>
- <adm:profile name="ldap">
- <ldap:attribute>
- <ldap:name>ds-cfg-subordinate-base-dn</ldap:name>
- </ldap:attribute>
- </adm:profile>
- </adm:property>
<adm:property name="show-all-attributes" mandatory="true">
<adm:synopsis>
Indicates whether all attributes in the root DSE are to be treated
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java b/opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java
index 30c8f66..24a1a36 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/backends/RootDSEBackend.java
@@ -37,8 +37,6 @@
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
-import java.util.concurrent.ConcurrentHashMap;
-
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
@@ -55,7 +53,6 @@
import org.forgerock.opendj.server.config.server.RootDSEBackendCfg;
import org.forgerock.util.Reject;
import org.opends.server.api.LocalBackend;
-import org.opends.server.api.Backend;
import org.opends.server.api.ClientConnection;
import org.opends.server.core.AddOperation;
import org.opends.server.core.BackendConfigManager;
@@ -650,34 +647,7 @@
{
boolean configIsAcceptable = true;
- try
- {
- Set<DN> subDNs = cfg.getSubordinateBaseDN();
- if (subDNs.isEmpty())
- {
- // This is fine -- we'll just use the set of user-defined suffixes.
- }
- else
- {
- for (DN baseDN : subDNs)
- {
- LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN);
- if (backend == null)
- {
- unacceptableReasons.add(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN));
- configIsAcceptable = false;
- }
- }
- }
- }
- catch (Exception e)
- {
- logger.traceException(e);
- unacceptableReasons.add(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(
- stackTraceToSingleLineString(e)));
- configIsAcceptable = false;
- }
return configIsAcceptable;
}
@@ -686,47 +656,6 @@
public ConfigChangeResult applyConfigurationChange(RootDSEBackendCfg cfg)
{
final ConfigChangeResult ccr = new ConfigChangeResult();
-
- // Check to see if we should apply a new set of base DNs.
- ConcurrentHashMap<DN, Backend<?>> subBases;
- try
- {
- Set<DN> subDNs = cfg.getSubordinateBaseDN();
- if (subDNs.isEmpty())
- {
- // This is fine -- we'll just use the set of user-defined suffixes.
- subBases = null;
- }
- else
- {
- subBases = new ConcurrentHashMap<>();
- for (DN baseDN : subDNs)
- {
- LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN);
- if (backend == null)
- {
- // This is not fine. We can't use a suffix that doesn't exist.
- ccr.addMessage(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN));
- ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode());
- }
- else
- {
- subBases.put(baseDN, backend);
- }
- }
- }
- }
- catch (Exception e)
- {
- logger.traceException(e);
-
- ccr.setResultCodeIfSuccess(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(
- stackTraceToSingleLineString(e)));
-
- subBases = null;
- }
-
boolean newShowAll = cfg.isShowAllAttributes();
// Check to see if there is a new set of user-defined attributes.
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java b/opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java
index e134eaf..696a036 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/BackendConfigManager.java
@@ -529,6 +529,33 @@
}
/**
+ * Retrieves the set of local naming contexts that are subordinates of the naming context
+ * that should be used to handle search operation on the specified entry.
+ * <p>
+ * The global option that restricts the subordinate DNs to search (when searching "") may
+ * apply if the provided set is not empty.
+ *
+ * @param entryDN
+ * The DN of the entry for which to retrieve the corresponding naming context.
+ * @return The naming context or {@code null} if no appropriate naming context
+ * is registered with the server.
+ */
+ public Set<DN> findSubordinateLocalNamingContextsToSearchForEntry(DN entryDN)
+ {
+ // trigger the special behavior when searching "" if needed
+ if (entryDN.isRootDN())
+ {
+ Set<DN> subordinateBaseDNs = serverContext.getCoreConfigManager().getSubordinateBaseDNs();
+ if (!subordinateBaseDNs.isEmpty())
+ {
+ return subordinateBaseDNs;
+ }
+ }
+ // usual case
+ return findSubordinateLocalNamingContextsForEntry(entryDN);
+ }
+
+ /**
* Retrieves naming contexts corresponding to backends, filtered with the combination of
* all provided filters.
*
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java b/opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java
index c1ecbd1..889ce0e 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/CoreConfigManager.java
@@ -17,8 +17,8 @@
package org.opends.server.core;
import java.util.*;
-
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.i18n.slf4j.LocalizedLogger;
import org.forgerock.opendj.config.server.ConfigChangeResult;
import org.forgerock.opendj.config.server.ConfigException;
import org.forgerock.opendj.ldap.DN;
@@ -30,24 +30,32 @@
import org.forgerock.opendj.server.config.meta.GlobalCfgDefn.SingleStructuralObjectclassBehavior;
import org.forgerock.opendj.server.config.server.GlobalCfg;
import org.opends.server.api.AuthenticationPolicy;
+import org.opends.server.api.LocalBackend;
import org.opends.server.loggers.CommonAudit;
import org.opends.server.types.*;
import static org.forgerock.opendj.ldap.schema.SchemaOptions.*;
+import static org.opends.messages.BackendMessages.WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE;
+import static org.opends.messages.BackendMessages.WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION;
import static org.opends.messages.ConfigMessages.*;
-import static org.opends.server.core.DirectoryServer.*;
import static org.opends.server.util.ServerConstants.*;
+import static org.opends.server.util.StaticUtils.stackTraceToSingleLineString;
/**
- * This class defines a utility that will be used to manage the set of core
- * configuration attributes defined in the Directory Server. These
- * configuration attributes appear in the "cn=config" configuration entry.
+ * Manages the set of core configuration attributes of the Directory Server.
+ * <p>
+ * These configuration attributes appear in the "cn=config" configuration entry.
*/
-public class CoreConfigManager
- implements ConfigurationChangeListener<GlobalCfg>
+public class CoreConfigManager implements ConfigurationChangeListener<GlobalCfg>
{
+ private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
+
+ /** The server context. */
private final ServerContext serverContext;
+ /** The core attributes. */
+ private volatile CoreAttributes coreAttributes;
+
/**
* Creates a new instance of this core config manager.
*
@@ -59,6 +67,79 @@
this.serverContext = serverContext;
}
+ /** Holder for all core attributes, allowing to switch as a whole. */
+ private static class CoreAttributes
+ {
+ /** Set of subordinates base DNs to restrict to when searching base DN "". */
+ private Set<DN> subordinateBaseDNs = Collections.emptySet();
+ /** Indicates whether the Directory Server should perform schema checking for update operations. */
+ private boolean checkSchema;
+ /** The DN of the default password policy configuration entry. */
+ private DN defaultPasswordPolicyDN;
+ /**
+ * Indicates whether to automatically add missing RDN attributes to entries
+ * during an add request.
+ */
+ private boolean addMissingRDNAttributes;
+ /**
+ * Indicates whether to allow attribute name exceptions (i.e., attribute names
+ * can contain underscores and may start with a digit).
+ */
+ private boolean allowAttributeNameExceptions;
+ /** The policy to use regarding syntax enforcement. */
+ private AcceptRejectWarn syntaxEnforcementPolicy;
+ /** The result code that should be used for internal "server" errors. */
+ private ResultCode serverErrorResultCode;
+ /** The policy to use regarding single structural objectclass enforcement. */
+ private AcceptRejectWarn singleStructuralClassPolicy;
+ /** Indicates whether the server should send a response to operations that have been abandoned. */
+ private boolean notifyAbandonedOperations;
+ /**
+ * The maximum number of entries that should be returned for a search unless
+ * overridden on a per-user basis.
+ */
+ private int sizeLimit;
+ /**
+ * The maximum length of time in seconds that should be allowed for a search
+ * unless overridden on a per-user basis.
+ */
+ private int timeLimit;
+ /**
+ * The DN of the identity mapper that will be used to resolve authorization
+ * IDs contained in the proxied authorization V2 control.
+ */
+ private DN proxiedAuthorizationIdentityMapperDN;
+ /** The writability mode for the Directory Server. */
+ private WritabilityMode writabilityMode;
+ /** Indicates whether the server should reject unauthenticated requests. */
+ private boolean rejectUnauthenticatedRequests;
+ /** Indicates whether a simple bind request containing a DN must also provide a password. */
+ private boolean bindWithDNRequiresPassword;
+ /** The maximum number of candidates that should be check for matches during a search. */
+ private int lookthroughLimit;
+ /** The sets of mail server properties. */
+ private List<Properties> mailServerPropertySets;
+
+ /** The set of allowed task classes. */
+ private Set<String> allowedTasks;
+ /** The set of disabled privileges. */
+ private Set<Privilege> disabledPrivileges;
+ /** Indicates whether bind responses should include failure reason messages. */
+ private boolean returnBindErrorMessages;
+ /** The idle time limit for the server. */
+ private long idleTimeLimit;
+ /** Indicates whether to save a copy of the configuration on successful startup. */
+ private boolean saveConfigOnSuccessfulStartup;
+ /** Whether to use collect operation processing times in nanosecond resolution. */
+ private boolean useNanoTime;
+ /** The maximum number of connections that will be allowed at any given time. */
+ private long maxAllowedConnections;
+ /** The maximum number of concurrent persistent searches. */
+ private int maxPSearches;
+ /** The maximum size that internal buffers will be allowed to grow to until they are trimmed. */
+ private int maxInternalBufferSize = DEFAULT_MAX_INTERNAL_BUFFER_SIZE;
+ }
+
/**
* Initializes the Directory Server's core configuration. This should only be
* called at server startup.
@@ -94,8 +175,11 @@
}
}
}
-
- applyGlobalConfiguration(globalConfig, serverContext);
+ CoreAttributes coreAttrs = new CoreAttributes();
+ applyGlobalConfiguration(globalConfig, coreAttrs);
+ applySubordinateDNsChange(globalConfig, coreAttrs);
+ coreAttributes = coreAttrs;
+ DirectoryServer.resetDefaultPasswordPolicy();
}
/**
@@ -103,37 +187,38 @@
*
* @param globalConfig The configuration settings to be applied.
*/
- private static void applyGlobalConfiguration(final GlobalCfg globalConfig, final ServerContext serverContext)
+ private void applyGlobalConfiguration(final GlobalCfg globalConfig, final CoreAttributes core)
throws ConfigException
{
- setCheckSchema(globalConfig.isCheckSchema());
- setDefaultPasswordPolicyDN(globalConfig.getDefaultPasswordPolicyDN());
- setAddMissingRDNAttributes(globalConfig.isAddMissingRDNAttributes());
- setAllowAttributeNameExceptions(globalConfig.isAllowAttributeNameExceptions());
- setSyntaxEnforcementPolicy(convert(globalConfig.getInvalidAttributeSyntaxBehavior()));
- setServerErrorResultCode(ResultCode.valueOf(globalConfig.getServerErrorResultCode()));
- setSingleStructuralObjectClassPolicy(convert(globalConfig.getSingleStructuralObjectclassBehavior()));
+ core.checkSchema = globalConfig.isCheckSchema();
+ core.defaultPasswordPolicyDN = globalConfig.getDefaultPasswordPolicyDN();
+ core.addMissingRDNAttributes = globalConfig.isAddMissingRDNAttributes();
+ core.allowAttributeNameExceptions = globalConfig.isAllowAttributeNameExceptions();
+ core.syntaxEnforcementPolicy = convert(globalConfig.getInvalidAttributeSyntaxBehavior());
+ core.serverErrorResultCode = ResultCode.valueOf(globalConfig.getServerErrorResultCode());
+ core.singleStructuralClassPolicy = convert(globalConfig.getSingleStructuralObjectclassBehavior());
- setNotifyAbandonedOperations(globalConfig.isNotifyAbandonedOperations());
- setSizeLimit(globalConfig.getSizeLimit());
- setTimeLimit((int) globalConfig.getTimeLimit());
- setProxiedAuthorizationIdentityMapperDN(globalConfig.getProxiedAuthorizationIdentityMapperDN());
- setWritabilityMode(convert(globalConfig.getWritabilityMode()));
- setRejectUnauthenticatedRequests(globalConfig.isRejectUnauthenticatedRequests());
- setBindWithDNRequiresPassword(globalConfig.isBindWithDNRequiresPassword());
- setLookthroughLimit(globalConfig.getLookthroughLimit());
+ core.notifyAbandonedOperations = globalConfig.isNotifyAbandonedOperations();
+ core.sizeLimit = globalConfig.getSizeLimit();
+ core.timeLimit = (int) globalConfig.getTimeLimit();
+ core.proxiedAuthorizationIdentityMapperDN = globalConfig.getProxiedAuthorizationIdentityMapperDN();
+ core.writabilityMode = convert(globalConfig.getWritabilityMode());
+ core.rejectUnauthenticatedRequests = globalConfig.isRejectUnauthenticatedRequests();
+ core.bindWithDNRequiresPassword = globalConfig.isBindWithDNRequiresPassword();
+ core.lookthroughLimit = globalConfig.getLookthroughLimit();
- setMailServerPropertySets(getMailServerProperties(globalConfig.getSMTPServer()));
- setAllowedTasks(globalConfig.getAllowedTask());
- setDisabledPrivileges(convert(globalConfig.getDisabledPrivilege()));
- setReturnBindErrorMessages(globalConfig.isReturnBindErrorMessages());
- setIdleTimeLimit(globalConfig.getIdleTimeLimit());
- setSaveConfigOnSuccessfulStartup(globalConfig.isSaveConfigOnSuccessfulStartup());
+ core.mailServerPropertySets = getMailServerProperties(globalConfig.getSMTPServer());
+ core.allowedTasks = globalConfig.getAllowedTask();
+ core.disabledPrivileges = convert(globalConfig.getDisabledPrivilege());
+ core.returnBindErrorMessages = globalConfig.isReturnBindErrorMessages();
+ core.idleTimeLimit = globalConfig.getIdleTimeLimit();
+ core.saveConfigOnSuccessfulStartup = globalConfig.isSaveConfigOnSuccessfulStartup();
- setUseNanoTime(globalConfig.getEtimeResolution() == GlobalCfgDefn.EtimeResolution.NANOSECONDS);
- setMaxAllowedConnections(globalConfig.getMaxAllowedClientConnections());
- setMaxPersistentSearchLimit(globalConfig.getMaxPsearches());
- setMaxInternalBufferSize((int) globalConfig.getMaxInternalBufferSize());
+ core.useNanoTime= globalConfig.getEtimeResolution() == GlobalCfgDefn.EtimeResolution.NANOSECONDS;
+ long maxAllowedConnections = globalConfig.getMaxAllowedClientConnections();
+ core.maxAllowedConnections = (maxAllowedConnections > 0) ? maxAllowedConnections : -1;
+ core.maxPSearches = globalConfig.getMaxPsearches();
+ core.maxInternalBufferSize = (int) globalConfig.getMaxInternalBufferSize();
// For tools, common audit may not be available
CommonAudit commonAudit = serverContext.getCommonAudit();
@@ -302,7 +387,6 @@
List<LocalizableMessage> unacceptableReasons)
{
boolean configAcceptable = true;
-
Set<String> smtpServers = configuration.getSMTPServer();
if (smtpServers != null)
{
@@ -335,22 +419,447 @@
configAcceptable = false;
}
+ if (!isSubordinateDNsAcceptable(configuration, unacceptableReasons))
+ {
+ configAcceptable = false;
+ }
+
return configAcceptable;
}
+ private boolean isSubordinateDNsAcceptable(GlobalCfg configuration, List<LocalizableMessage> unacceptableReasons)
+ {
+ try
+ {
+ Set<DN> subDNs = configuration.getSubordinateBaseDN();
+ if (subDNs.isEmpty())
+ {
+ // This is fine -- we'll just use the set of user-defined suffixes.
+ }
+ else
+ {
+ for (DN baseDN : subDNs)
+ {
+ LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN);
+ if (backend == null)
+ {
+ unacceptableReasons.add(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN));
+ return false;
+ }
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ logger.traceException(e);
+ unacceptableReasons.add(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(stackTraceToSingleLineString(e)));
+ return false;
+ }
+ return true;
+ }
+
+ private void applySubordinateDNsChange(GlobalCfg cfg, CoreAttributes coreAttrs)
+ throws ConfigException
+ {
+ try
+ {
+ Set<DN> subDNs = cfg.getSubordinateBaseDN();
+ if (subDNs.equals(coreAttrs.subordinateBaseDNs))
+ {
+ // no change
+ return;
+ }
+ if (subDNs.isEmpty())
+ {
+ // This is fine -- we'll just use the set of user-defined suffixes.
+ coreAttrs.subordinateBaseDNs = Collections.emptySet();
+ }
+ else
+ {
+ Set<DN> newSubordinates = new HashSet<>();
+ for (DN baseDN : subDNs)
+ {
+ LocalBackend<?> backend = serverContext.getBackendConfigManager().findLocalBackendForEntry(baseDN);
+ if (backend == null)
+ {
+ throw new ConfigException(WARN_ROOTDSE_NO_BACKEND_FOR_SUBORDINATE_BASE.get(baseDN));
+ }
+ else
+ {
+ newSubordinates.add(baseDN);
+ }
+ }
+ coreAttrs.subordinateBaseDNs = newSubordinates;
+ }
+ }
+ catch (Exception e)
+ {
+ logger.traceException(e);
+ throw new ConfigException(WARN_ROOTDSE_SUBORDINATE_BASE_EXCEPTION.get(stackTraceToSingleLineString(e)));
+ }
+ }
+
@Override
public ConfigChangeResult applyConfigurationChange(GlobalCfg configuration)
{
- final ConfigChangeResult ccr = new ConfigChangeResult();
+ final ConfigChangeResult changeResult = new ConfigChangeResult();
+ final CoreAttributes coreAttrs = new CoreAttributes();
try
{
- applyGlobalConfiguration(configuration, serverContext);
+ applyGlobalConfiguration(configuration, coreAttrs);
+ applySubordinateDNsChange(configuration, coreAttrs);
}
catch (ConfigException e)
{
- ccr.setResultCode(DirectoryServer.getServerErrorResultCode());
- ccr.addMessage(e.getMessageObject());
+ changeResult.setResultCode(DirectoryServer.getServerErrorResultCode());
+ changeResult.addMessage(e.getMessageObject());
}
- return ccr;
+
+ if (changeResult.getResultCode() == ResultCode.SUCCESS)
+ {
+ coreAttributes = coreAttrs;
+ DirectoryServer.resetDefaultPasswordPolicy();
+ }
+ return changeResult;
}
+
+ /**
+ * Retrieves a set containing the names of the allowed tasks that may be
+ * invoked in the server.
+ *
+ * @return A set containing the names of the allowed tasks that may be
+ * invoked in the server.
+ */
+ public Set<String> getAllowedTasks()
+ {
+ return coreAttributes.allowedTasks;
+ }
+
+ /**
+ * Retrieves the DN of the configuration entry for the default password policy
+ * for the Directory Server.
+ *
+ * @return The DN of the configuration entry for the default password policy
+ * for the Directory Server.
+ */
+ public DN getDefaultPasswordPolicyDN()
+ {
+ return coreAttributes.defaultPasswordPolicyDN;
+ }
+
+ /**
+ * Retrieves the set of privileges that have been disabled.
+ *
+ * @return The set of privileges that have been disabled.
+ */
+ public Set<Privilege> getDisabledPrivileges()
+ {
+ return coreAttributes.disabledPrivileges;
+ }
+
+ /**
+ * Retrieves the idle time limit for the server.
+ *
+ * @return the idle time limit
+ */
+ public long getIdleTimeLimit()
+ {
+ return coreAttributes.idleTimeLimit;
+ }
+
+ /**
+ * Retrieves the default maximum number of entries that should checked for
+ * matches during a search.
+ *
+ * @return The default maximum number of entries that should checked for
+ * matches during a search.
+ */
+ public int getLookthroughLimit()
+ {
+ return coreAttributes.lookthroughLimit;
+ }
+
+ /**
+ * Retrieves the sets of information about the mail servers configured for use
+ * by the Directory Server.
+ *
+ * @return The sets of information about the mail servers configured for use
+ * by the Directory Server.
+ */
+ public List<Properties> getMailServerPropertySets()
+ {
+ return coreAttributes.mailServerPropertySets;
+ }
+
+ /**
+ * Retrieves the maximum number of connections that will be allowed at any given time.
+ *
+ * @return the max number of connections allowed
+ */
+ public long getMaxAllowedConnections()
+ {
+ return coreAttributes.maxAllowedConnections;
+ }
+
+ /**
+ * Returns the threshold capacity beyond which internal cached buffers used
+ * for encoding and decoding entries and protocol messages will be trimmed
+ * after use.
+ *
+ * @return The threshold capacity beyond which internal cached buffers used
+ * for encoding and decoding entries and protocol messages will be
+ * trimmed after use.
+ */
+ public int getMaxInternalBufferSize()
+ {
+ return coreAttributes.maxInternalBufferSize;
+ }
+
+ /**
+ * Retrieves the maximum number of concurrent persistent searches that will be allowed.
+ *
+ * @return the max number of persistent searches
+ */
+ public int getMaxPSearches()
+ {
+ return coreAttributes.maxPSearches;
+ }
+
+ /**
+ * Retrieves the DN of the configuration entry for the identity mapper that
+ * should be used in conjunction with proxied authorization V2 controls.
+ *
+ * @return The DN of the configuration entry for the identity mapper that
+ * should be used in conjunction with proxied authorization V2
+ * controls, or {@code null} if none is defined.
+ */
+ public DN getProxiedAuthorizationIdentityMapperDN()
+ {
+ return coreAttributes.proxiedAuthorizationIdentityMapperDN;
+ }
+
+ /**
+ * Retrieves the result code that should be used when the Directory Server
+ * encounters an internal server error.
+ *
+ * @return The result code that should be used when the Directory Server
+ * encounters an internal server error.
+ */
+ public ResultCode getServerErrorResultCode()
+ {
+ return coreAttributes.serverErrorResultCode;
+ }
+
+ /**
+ * Retrieves the policy that should be used regarding enforcement of a single
+ * structural objectclass per entry.
+ *
+ * @return The policy that should be used regarding enforcement of a single
+ * structural objectclass per entry.
+ */
+ public AcceptRejectWarn getSingleStructuralObjectClassPolicy()
+ {
+ return coreAttributes.singleStructuralClassPolicy;
+ }
+
+ /**
+ * Retrieves the default maximum number of entries that should be returned for
+ * a search.
+ *
+ * @return The default maximum number of entries that should be returned for
+ * a search.
+ */
+ public int getSizeLimit()
+ {
+ return coreAttributes.sizeLimit;
+ }
+
+ /**
+ * Retrieves the restricted set of subordinate base DNs to use when searching the root suffix "".
+ *
+ * @return the subordinate base DNs, which is empty if there is no restriction
+ */
+ public Set<DN> getSubordinateBaseDNs()
+ {
+ return Collections.unmodifiableSet(coreAttributes.subordinateBaseDNs);
+ }
+
+ /**
+ * Retrieves the policy that should be used when an attribute value is found
+ * that is not valid according to the associated attribute syntax.
+ *
+ * @return The policy that should be used when an attribute value is found
+ * that is not valid according to the associated attribute syntax.
+ */
+ public AcceptRejectWarn getSyntaxEnforcementPolicy()
+ {
+ return coreAttributes.syntaxEnforcementPolicy;
+ }
+
+ /**
+ * Retrieves the default maximum length of time in seconds that should be
+ * allowed when processing a search.
+ *
+ * @return The default maximum length of time in seconds that should be
+ * allowed when processing a search.
+ */
+ public int getTimeLimit()
+ {
+ return coreAttributes.timeLimit;
+ }
+
+ /**
+ * Retrieves the writability mode for the Directory Server. This will only
+ * be applicable for user suffixes.
+ *
+ * @return The writability mode for the Directory Server.
+ */
+ public WritabilityMode getWritabilityMode()
+ {
+ return coreAttributes.writabilityMode;
+ }
+
+ /**
+ * Indicates whether the Directory Server should automatically add missing RDN
+ * attributes to an entry whenever it is added.
+ *
+ * @return {@code true} if the Directory Server should automatically add
+ * missing RDN attributes to an entry, or {@code false} if it
+ * should return an error to the client.
+ */
+ public boolean isAddMissingRDNAttributes()
+ {
+ return coreAttributes.addMissingRDNAttributes;
+ }
+
+ /**
+ * Indicates whether to be more flexible in the set of characters allowed for
+ * attribute names. The standard requires that only ASCII alphabetic letters,
+ * numeric digits, and hyphens be allowed, and that the name start with a
+ * letter. If attribute name exceptions are enabled, then underscores will
+ * also be allowed, and the name will be allowed to start with a digit.
+ *
+ * @return {@code true} if the server should use a more flexible
+ * syntax for attribute names, or {@code false} if not.
+ * @deprecated The schema option SchemaOptions.ALLOW_MALFORMED_NAMES_AND_OPTIONS from the
+ * schema should be used instead
+ */
+ @Deprecated
+ public boolean isAllowAttributeNameExceptions()
+ {
+ return coreAttributes.allowAttributeNameExceptions;
+ }
+
+ /**
+ * Indicates whether simple bind requests that contain a bind DN will also be
+ * required to have a password.
+ *
+ * @return <CODE>true</CODE> if simple bind requests containing a bind DN
+ * will be required to have a password, or <CODE>false</CODE> if not
+ * (and therefore will be treated as anonymous binds).
+ */
+ public boolean isBindWithDNRequiresPassword()
+ {
+ return coreAttributes.bindWithDNRequiresPassword;
+ }
+
+ /**
+ * Indicates whether the Directory Server should perform schema checking.
+ *
+ * @return {@code true} if the Directory Server should perform schema
+ * checking, or {@code false} if not.
+ */
+ public boolean isCheckSchema()
+ {
+ return coreAttributes.checkSchema;
+ }
+
+ /**
+ * Indicates whether the specified privilege is disabled.
+ *
+ * @param privilege The privilege for which to make the determination.
+ *
+ * @return {@code true} if the specified privilege is disabled, or
+ * {@code false} if not.
+ */
+ public boolean isDisabled(Privilege privilege)
+ {
+ return coreAttributes.disabledPrivileges.contains(privilege);
+ }
+
+ /**
+ * Indicates whether the Directory Server is configured with information about
+ * one or more mail servers and may therefore be used to send e-mail messages.
+ *
+ * @return {@code true} if the Directory Server is configured to be able to
+ * send e-mail messages, or {@code false} if not.
+ */
+ public boolean isMailServerConfigured()
+ {
+ return coreAttributes.mailServerPropertySets != null && !coreAttributes.mailServerPropertySets.isEmpty();
+ }
+
+ /**
+ * Indicates whether the Directory Server should send a response to an
+ * operation that has been abandoned. Sending such a response is technically
+ * a violation of the LDAP protocol specification, but not doing so in that
+ * case can cause problems with clients that are expecting a response and may
+ * hang until they get one.
+ *
+ * @return <CODE>true</CODE> if the Directory Server should send a response
+ * to an operation that has been abandoned, or <CODE>false</CODE> if
+ * not.
+ */
+ public boolean isNotifyAbandonedOperations()
+ {
+ return coreAttributes.notifyAbandonedOperations;
+ }
+
+ /**
+ * Indicates whether unauthenticated requests should be rejected.
+ *
+ * @return {@code true} if unauthenticated request should be rejected,
+ * {@code false} otherwise.
+ */
+ public boolean isRejectUnauthenticatedRequests()
+ {
+ return coreAttributes.rejectUnauthenticatedRequests;
+ }
+
+ /**
+ * Indicates whether responses to failed bind operations should include a
+ * message explaining the reason for the failure.
+ *
+ * @return {@code true} if bind responses should include error messages, or
+ * {@code false} if not.
+ */
+ public boolean isReturnBindErrorMessages()
+ {
+ return coreAttributes.returnBindErrorMessages;
+ }
+
+ /**
+ * Retrieves whether operation processing times should be collected with
+ * nanosecond resolution.
+ *
+ * @return <code>true</code> if nanosecond resolution times are collected
+ * or <code>false</code> if only millisecond resolution times are
+ * being collected.
+ */
+ public boolean isUseNanoTime()
+ {
+ return coreAttributes.useNanoTime;
+ }
+
+ /**
+ * Indicates whether configuration should be saved on successful startup of the server.
+ *
+ * @return {@code true} if configuration should be saved,
+ * {@code false} otherwise.
+ */
+ public boolean isSaveConfigOnSuccessfulStartup()
+ {
+ return coreAttributes.saveConfigOnSuccessfulStartup;
+ }
+
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java b/opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java
index 748cd8c..3b7bf8f 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/DirectoryServer.java
@@ -34,6 +34,7 @@
import java.lang.management.ManagementFactory;
import java.net.InetAddress;
import java.text.DecimalFormat;
+import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
@@ -217,11 +218,6 @@
/** Temporary context object, to provide instance methods instead of static methods. */
private final DirectoryServerContext serverContext;
- /** The policy to use regarding single structural objectclass enforcement. */
- private AcceptRejectWarn singleStructuralClassPolicy;
- /** The policy to use regarding syntax enforcement. */
- private AcceptRejectWarn syntaxEnforcementPolicy;
-
/** The account status notification handler config manager for the server. */
private AccountStatusNotificationHandlerConfigManager accountStatusNotificationHandlerConfigManager;
@@ -230,24 +226,6 @@
/** The configuration manager that will handle the server backends. */
private BackendConfigManager backendConfigManager;
- /**
- * Indicates whether to automatically add missing RDN attributes to entries
- * during an add request.
- */
- private boolean addMissingRDNAttributes;
-
- /**
- * Indicates whether to allow attribute name exceptions (i.e., attribute names
- * can contain underscores and may start with a digit).
- */
- private boolean allowAttributeNameExceptions;
-
- /** Indicates whether a simple bind request containing a DN must also provide a password. */
- private boolean bindWithDNRequiresPassword;
-
- /** Indicates whether the Directory Server should perform schema checking for update operations. */
- private boolean checkSchema;
-
/** Indicates whether the server has been bootstrapped. */
private boolean isBootstrapped;
/** Indicates whether the server is currently online. */
@@ -255,21 +233,9 @@
/** Indicates whether the server is currently in "lockdown mode". */
private boolean lockdownMode;
- /** Indicates whether the server should send a response to operations that have been abandoned. */
- private boolean notifyAbandonedOperations;
-
- /** Indicates whether to save a copy of the configuration on successful startup. */
- private boolean saveConfigOnSuccessfulStartup;
-
/** Indicates whether the server is currently in the process of shutting down. */
private boolean shuttingDown;
- /** Indicates whether the server should reject unauthenticated requests. */
- private boolean rejectUnauthenticatedRequests;
-
- /** Indicates whether bind responses should include failure reason messages. */
- private boolean returnBindErrorMessages;
-
/** The configuration manager that will handle the certificate mapper. */
private CertificateMapperConfigManager certificateMapperConfigManager;
@@ -428,15 +394,6 @@
/** The shutdown hook that has been registered with the server. */
private DirectoryServerShutdownHook shutdownHook;
- /** The DN of the default password policy configuration entry. */
- private DN defaultPasswordPolicyDN;
-
- /**
- * The DN of the identity mapper that will be used to resolve authorization
- * IDs contained in the proxied authorization V2 control.
- */
- private DN proxiedAuthorizationIdentityMapperDN;
-
/** The DN of the entry containing the server schema definitions. */
private DN schemaDN;
@@ -464,38 +421,15 @@
/** The configuration manager for identity mappers. */
private IdentityMapperConfigManager identityMapperConfigManager;
- /**
- * The maximum number of entries that should be returned for a search unless
- * overridden on a per-user basis.
- */
- private int sizeLimit;
-
- /**
- * The maximum length of time in seconds that should be allowed for a search
- * unless overridden on a per-user basis.
- */
- private int timeLimit;
- /** The maximum number of candidates that should be check for matches during a search. */
- private int lookthroughLimit;
-
/** The current active persistent searches. */
private final AtomicInteger activePSearches = new AtomicInteger(0);
- /** The maximum number of concurrent persistent searches. */
- private int maxPSearches;
-
- /** Whether to use collect operation processing times in nanosecond resolution. */
- private boolean useNanoTime;
-
/** The key manager provider configuration manager for the Directory Server. */
private KeyManagerProviderConfigManager keyManagerProviderConfigManager;
/** The set of connections that are currently established. */
private Set<ClientConnection> establishedConnections;
- /** The sets of mail server properties. */
- private List<Properties> mailServerPropertySets;
-
/** The log rotation policy config manager for the Directory Server. */
private LogRotationPolicyConfigManager rotationPolicyConfigManager;
@@ -510,8 +444,6 @@
/** The idle time limit for the server. */
private long idleTimeLimit;
- /** The maximum number of connections that will be allowed at any given time. */
- private long maxAllowedConnections;
/** The maximum number of connections established at one time. */
private long maxConnections;
@@ -544,9 +476,6 @@
/** The plugin config manager for the Directory Server. */
private PluginConfigManager pluginConfigManager;
- /** The result code that should be used for internal "server" errors. */
- private ResultCode serverErrorResultCode;
-
/** The root DN config manager for the server. */
private RootDNConfigManager rootDNConfigManager;
@@ -556,12 +485,6 @@
/** The schema handler provides management of the schema, including its memory and files representations. */
private SchemaHandler schemaHandler;
- /** The set of disabled privileges. */
- private Set<Privilege> disabledPrivileges;
-
- /** The set of allowed task classes. */
- private Set<String> allowedTasks;
-
/** The time that the server was started, formatted in UTC time. */
private String startTimeUTC;
@@ -604,9 +527,6 @@
/** The work queue that will be used to service client requests. */
private WorkQueue<?> workQueue;
- /** The writability mode for the Directory Server. */
- private WritabilityMode writabilityMode;
-
/** The memory reservation system. */
private final MemoryQuota memoryQuota;
@@ -616,9 +536,6 @@
/** The lock manager which will be used for coordinating access to LDAP entries. */
private final LockManager lockManager = new LockManager();
- /** The maximum size that internal buffers will be allowed to grow to until they are trimmed. */
- private int maxInternalBufferSize = DEFAULT_MAX_INTERNAL_BUFFER_SIZE;
-
/** The default timeout used to start the server in detach mode. */
public static final int DEFAULT_TIMEOUT = 200;
@@ -1051,6 +968,13 @@
{
return directoryServer.backendConfigManager;
}
+
+ @Override
+ public CoreConfigManager getCoreConfigManager()
+ {
+ return directoryServer.coreConfigManager;
+ }
+
}
/**
@@ -1076,7 +1000,6 @@
isRunning = false;
shuttingDown = false;
lockdownMode = false;
- serverErrorResultCode = ResultCode.OTHER;
operatingSystem = OperatingSystem.forName(System.getProperty("os.name"));
serverContext = new DirectoryServerContext();
@@ -1175,9 +1098,6 @@
{
synchronized (directoryServer)
{
- // Set default values for variables that may be needed during schema processing.
- directoryServer.syntaxEnforcementPolicy = AcceptRejectWarn.REJECT;
-
// Schema handler contains a default schema to start with
directoryServer.schemaHandler = new SchemaHandler();
@@ -1198,7 +1118,6 @@
directoryServer.retentionPolicies = new ConcurrentHashMap<>();
directoryServer.certificateMappers = new ConcurrentHashMap<>();
directoryServer.authenticationPolicies = new ConcurrentHashMap<>();
- directoryServer.defaultPasswordPolicyDN = null;
directoryServer.defaultPasswordPolicy = null;
directoryServer.monitorProviders = new ConcurrentHashMap<>();
directoryServer.initializationCompletedListeners = new CopyOnWriteArrayList<>();
@@ -1213,9 +1132,6 @@
directoryServer.restoreTaskListeners = new CopyOnWriteArrayList<>();
directoryServer.exportTaskListeners = new CopyOnWriteArrayList<>();
directoryServer.importTaskListeners = new CopyOnWriteArrayList<>();
- directoryServer.allowedTasks = new LinkedHashSet<>(0);
- directoryServer.disabledPrivileges = new LinkedHashSet<>(0);
- directoryServer.returnBindErrorMessages = false;
directoryServer.idleTimeLimit = 0L;
// make sure the timer thread is started in case it was stopped before
@@ -1581,7 +1497,7 @@
}
// Write a copy of the config if needed.
- if (saveConfigOnSuccessfulStartup)
+ if (coreConfigManager.isSaveConfigOnSuccessfulStartup())
{
configurationHandler.writeSuccessfulStartupConfig();
}
@@ -1671,22 +1587,7 @@
*/
public static boolean mailServerConfigured()
{
- return directoryServer.mailServerPropertySets != null
- && !directoryServer.mailServerPropertySets.isEmpty();
- }
-
- /**
- * Specifies the set of mail server properties that should be used for SMTP
- * communication.
- *
- * @param mailServerPropertySets A list of {@code Properties} objects that
- * provide information that can be used to
- * communicate with SMTP servers.
- */
- public static void setMailServerPropertySets(List<Properties>
- mailServerPropertySets)
- {
- directoryServer.mailServerPropertySets = mailServerPropertySets;
+ return directoryServer.coreConfigManager != null && directoryServer.coreConfigManager.isMailServerConfigured();
}
/**
@@ -1698,7 +1599,8 @@
*/
public static List<Properties> getMailServerPropertySets()
{
- return directoryServer.mailServerPropertySets;
+ return directoryServer.coreConfigManager != null ?
+ directoryServer.coreConfigManager.getMailServerPropertySets() : new ArrayList<Properties>(0);
}
/**
@@ -2607,7 +2509,7 @@
// Ensure default policy is synchronized.
synchronized (directoryServer.authenticationPolicies)
{
- if (directoryServer.defaultPasswordPolicyDN.equals(configEntryDN))
+ if (directoryServer.coreConfigManager.getDefaultPasswordPolicyDN().equals(configEntryDN))
{
// The correct policy type is enforced by the core config manager.
directoryServer.defaultPasswordPolicy = (PasswordPolicy) policy;
@@ -2638,7 +2540,7 @@
// Ensure default policy is synchronized.
synchronized (directoryServer.authenticationPolicies)
{
- if (directoryServer.defaultPasswordPolicyDN.equals(configEntryDN))
+ if (directoryServer.coreConfigManager.getDefaultPasswordPolicyDN().equals(configEntryDN))
{
directoryServer.defaultPasswordPolicy = null;
}
@@ -2663,27 +2565,18 @@
{
synchronized (directoryServer.authenticationPolicies)
{
- return directoryServer.defaultPasswordPolicyDN;
+ return directoryServer.coreConfigManager.getDefaultPasswordPolicyDN();
}
}
/**
- * Specifies the DN of the configuration entry for the default authentication
- * policy for the Directory Server. This routine does not check the registered
- * authentication policies for the specified DN, since in the case of server
- * initialization, the authentication policy entries will not yet have been
- * loaded from the configuration backend.
- *
- * @param defaultPasswordPolicyDN
- * The DN of the configuration entry for the default authentication
- * policy for the Directory Server.
+ * Resets the default password policy to null.
*/
- public static void setDefaultPasswordPolicyDN(DN defaultPasswordPolicyDN)
+ public static void resetDefaultPasswordPolicy()
{
// Ensure default policy is synchronized.
synchronized (directoryServer.authenticationPolicies)
{
- directoryServer.defaultPasswordPolicyDN = defaultPasswordPolicyDN;
directoryServer.defaultPasswordPolicy = null;
}
}
@@ -2701,21 +2594,21 @@
// Ensure default policy is synchronized.
synchronized (directoryServer.authenticationPolicies)
{
+ DN defaultPasswordPolicyDN = directoryServer.coreConfigManager.getDefaultPasswordPolicyDN();
assert null != directoryServer.authenticationPolicies
- .get(directoryServer.defaultPasswordPolicyDN) :
+ .get(defaultPasswordPolicyDN) :
"Internal Error: no default password policy defined.";
if (directoryServer.defaultPasswordPolicy == null
- && directoryServer.defaultPasswordPolicyDN != null)
+ && defaultPasswordPolicyDN != null)
{
// The correct policy type is enforced by the core config manager.
directoryServer.defaultPasswordPolicy = (PasswordPolicy)
directoryServer.authenticationPolicies
- .get(directoryServer.defaultPasswordPolicyDN);
+ .get(defaultPasswordPolicyDN);
}
- assert directoryServer.authenticationPolicies
- .get(directoryServer.defaultPasswordPolicyDN) ==
- directoryServer.defaultPasswordPolicy :
+ assert directoryServer.authenticationPolicies.get(defaultPasswordPolicyDN) ==
+ directoryServer.defaultPasswordPolicy :
"Internal Error: inconsistency between defaultPasswordPolicy"
+ " cache and value in authenticationPolicies map.";
return directoryServer.defaultPasswordPolicy;
@@ -3162,20 +3055,8 @@
*/
public static ResultCode getServerErrorResultCode()
{
- return directoryServer.serverErrorResultCode;
- }
-
- /**
- * Specifies the result code that should be used when the Directory Server
- * encounters an internal server error.
- *
- * @param serverErrorResultCode The result code that should be used when the
- * Directory Server encounters an internal
- * server error.
- */
- public static void setServerErrorResultCode(ResultCode serverErrorResultCode)
- {
- directoryServer.serverErrorResultCode = serverErrorResultCode;
+ return directoryServer.coreConfigManager != null ?
+ directoryServer.coreConfigManager.getServerErrorResultCode() : ResultCode.OTHER;
}
/**
@@ -3188,21 +3069,7 @@
*/
public static boolean addMissingRDNAttributes()
{
- return directoryServer.addMissingRDNAttributes;
- }
-
- /**
- * Specifies whether the Directory Server should automatically add missing RDN
- * attributes to an entry whenever it is added.
- *
- * @param addMissingRDNAttributes Specifies whether the Directory Server
- * should automatically add missing RDN
- * attributes to an entry whenever it is
- * added.
- */
- public static void setAddMissingRDNAttributes(boolean addMissingRDNAttributes)
- {
- directoryServer.addMissingRDNAttributes = addMissingRDNAttributes;
+ return directoryServer.coreConfigManager.isAddMissingRDNAttributes();
}
/**
@@ -3220,21 +3087,8 @@
@Deprecated
public static boolean allowAttributeNameExceptions()
{
- return directoryServer.allowAttributeNameExceptions;
- }
-
- /**
- * Specifies whether to be more flexible in the set of characters allowed for
- * attribute names.
- *
- * @param allowAttributeNameExceptions Specifies whether to be more flexible
- * in the set of characters allowed for
- * attribute names.
- */
- public static void setAllowAttributeNameExceptions(
- boolean allowAttributeNameExceptions)
- {
- directoryServer.allowAttributeNameExceptions = allowAttributeNameExceptions;
+ return directoryServer.coreConfigManager != null
+ && directoryServer.coreConfigManager.isAllowAttributeNameExceptions();
}
/**
@@ -3245,18 +3099,7 @@
*/
public static boolean checkSchema()
{
- return directoryServer.checkSchema;
- }
-
- /**
- * Specifies whether the Directory Server should perform schema checking.
- *
- * @param checkSchema Specifies whether the Directory Server should perform
- * schema checking.
- */
- public static void setCheckSchema(boolean checkSchema)
- {
- directoryServer.checkSchema = checkSchema;
+ return directoryServer.coreConfigManager.isCheckSchema();
}
/**
@@ -3268,21 +3111,7 @@
*/
public static AcceptRejectWarn getSingleStructuralObjectClassPolicy()
{
- return directoryServer.singleStructuralClassPolicy;
- }
-
- /**
- * Specifies the policy that should be used regarding enforcement of a single
- * structural objectclass per entry.
- *
- * @param singleStructuralClassPolicy The policy that should be used
- * regarding enforcement of a single
- * structural objectclass per entry.
- */
- public static void setSingleStructuralObjectClassPolicy(
- AcceptRejectWarn singleStructuralClassPolicy)
- {
- directoryServer.singleStructuralClassPolicy = singleStructuralClassPolicy;
+ return directoryServer.coreConfigManager.getSingleStructuralObjectClassPolicy();
}
/**
@@ -3294,22 +3123,8 @@
*/
public static AcceptRejectWarn getSyntaxEnforcementPolicy()
{
- return directoryServer.syntaxEnforcementPolicy;
- }
-
- /**
- * Retrieves the policy that should be used when an attribute value is found
- * that is not valid according to the associated attribute syntax.
- *
- * @param syntaxEnforcementPolicy The policy that should be used when an
- * attribute value is found that is not valid
- * according to the associated attribute
- * syntax.
- */
- public static void setSyntaxEnforcementPolicy(
- AcceptRejectWarn syntaxEnforcementPolicy)
- {
- directoryServer.syntaxEnforcementPolicy = syntaxEnforcementPolicy;
+ return directoryServer.coreConfigManager != null ?
+ directoryServer.coreConfigManager.getSyntaxEnforcementPolicy() : AcceptRejectWarn.REJECT;
}
/**
@@ -3325,24 +3140,7 @@
*/
public static boolean notifyAbandonedOperations()
{
- return directoryServer.notifyAbandonedOperations;
- }
-
- /**
- * Specifies whether the Directory Server should send a response to an
- * operation that has been abandoned. Sending such a response is technically
- * a violation of the LDAP protocol specification, but not doing so in that
- * case can cause problems with clients that are expecting a response and may
- * hang until they get one.
- *
- * @param notifyAbandonedOperations Indicates whether the Directory Server
- * should send a response to an operation
- * that has been abandoned.
- */
- public static void setNotifyAbandonedOperations(
- boolean notifyAbandonedOperations)
- {
- directoryServer.notifyAbandonedOperations = notifyAbandonedOperations;
+ return directoryServer.coreConfigManager.isNotifyAbandonedOperations();
}
/**
@@ -3745,36 +3543,6 @@
}
/**
- * Retrieves the DN of the configuration entry for the identity mapper that
- * should be used in conjunction with proxied authorization V2 controls.
- *
- * @return The DN of the configuration entry for the identity mapper that
- * should be used in conjunction with proxied authorization V2
- * controls, or {@code null} if none is defined.
- */
- public static DN getProxiedAuthorizationIdentityMapperDN()
- {
- return directoryServer.proxiedAuthorizationIdentityMapperDN;
- }
-
- /**
- * Specifies the DN of the configuration entry for the identity mapper that
- * should be used in conjunction with proxied authorization V2 controls.
- *
- * @param proxiedAuthorizationIdentityMapperDN The DN of the configuration
- * entry for the identity mapper
- * that should be used in
- * conjunction with proxied
- * authorization V2 controls.
- */
- public static void setProxiedAuthorizationIdentityMapperDN(
- DN proxiedAuthorizationIdentityMapperDN)
- {
- directoryServer.proxiedAuthorizationIdentityMapperDN =
- proxiedAuthorizationIdentityMapperDN;
- }
-
- /**
* Retrieves the identity mapper that should be used to resolve authorization
* IDs contained in proxied authorization V2 controls.
*
@@ -3784,7 +3552,7 @@
*/
public static IdentityMapper<?> getProxiedAuthorizationIdentityMapper()
{
- DN dnMapper = directoryServer.proxiedAuthorizationIdentityMapperDN;
+ DN dnMapper = directoryServer.coreConfigManager.getProxiedAuthorizationIdentityMapperDN();
return dnMapper != null ? directoryServer.identityMappers.get(dnMapper) : null;
}
@@ -3917,7 +3685,7 @@
ClientConnection clientConnection = operation.getClientConnection();
//Reject or accept the unauthenticated requests based on the configuration settings.
if (!clientConnection.getAuthenticationInfo().isAuthenticated() &&
- (directoryServer.rejectUnauthenticatedRequests ||
+ (directoryServer.coreConfigManager.isRejectUnauthenticatedRequests() ||
(directoryServer.lockdownMode && !isAllowedInLockDownMode)))
{
switch(operation.getOperationType())
@@ -4093,28 +3861,8 @@
*/
public static Set<String> getAllowedTasks()
{
- return directoryServer.allowedTasks;
- }
-
- /**
- * Specifies the set of allowed tasks that may be invoked in the server.
- *
- * @param allowedTasks A set containing the names of the allowed tasks that
- * may be invoked in the server.
- */
- public static void setAllowedTasks(Set<String> allowedTasks)
- {
- directoryServer.allowedTasks = allowedTasks;
- }
-
- /**
- * Retrieves the set of privileges that have been disabled.
- *
- * @return The set of privileges that have been disabled.
- */
- public static Set<Privilege> getDisabledPrivileges()
- {
- return directoryServer.disabledPrivileges;
+ return directoryServer.coreConfigManager != null ?
+ directoryServer.coreConfigManager.getAllowedTasks() : new HashSet<String>(0);
}
/**
@@ -4127,18 +3875,8 @@
*/
public static boolean isDisabled(Privilege privilege)
{
- return directoryServer.disabledPrivileges.contains(privilege);
- }
-
- /**
- * Specifies the set of privileges that should be disabled in the server.
- *
- * @param disabledPrivileges The set of privileges that should be disabled
- * in the server.
- */
- public static void setDisabledPrivileges(Set<Privilege> disabledPrivileges)
- {
- directoryServer.disabledPrivileges = disabledPrivileges;
+ return directoryServer.coreConfigManager != null ?
+ directoryServer.coreConfigManager.getDisabledPrivileges().contains(privilege) : false;
}
/**
@@ -4150,20 +3888,7 @@
*/
public static boolean returnBindErrorMessages()
{
- return directoryServer.returnBindErrorMessages;
- }
-
- /**
- * Specifies whether responses to failed bind operations should include a
- * message explaining the reason for the failure.
- *
- * @param returnBindErrorMessages Specifies whether responses to failed bind
- * operations should include a message
- * explaining the reason for the failure.
- */
- public static void setReturnBindErrorMessages(boolean returnBindErrorMessages)
- {
- directoryServer.returnBindErrorMessages = returnBindErrorMessages;
+ return directoryServer.coreConfigManager.isReturnBindErrorMessages();
}
/**
@@ -4192,21 +3917,6 @@
}
/**
- * Specifies whether the Directory Server should save a copy of its
- * configuration whenever it is started successfully.
- *
- * @param saveConfigOnSuccessfulStartup Specifies whether the server should
- * save a copy of its configuration
- * whenever it is started successfully.
- */
- public static void setSaveConfigOnSuccessfulStartup(
- boolean saveConfigOnSuccessfulStartup)
- {
- directoryServer.saveConfigOnSuccessfulStartup =
- saveConfigOnSuccessfulStartup;
- }
-
- /**
* Registers the provided backup task listener with the Directory Server.
*
* @param listener The backup task listener to register with the Directory
@@ -4775,11 +4485,9 @@
*/
private void destroy()
{
- checkSchema = true;
isBootstrapped = false;
isRunning = false;
lockdownMode = true;
- rejectUnauthenticatedRequests = true;
shuttingDown = true;
configFile = null;
@@ -4872,26 +4580,6 @@
}
/**
- * Specifies the maximum number of concurrent client connections that may be
- * established. A value that is less than or equal to zero will indicate that
- * no limit should be enforced.
- *
- * @param maxAllowedConnections The maximum number of concurrent client
- * connections that may be established.
- */
- public static void setMaxAllowedConnections(long maxAllowedConnections)
- {
- if (maxAllowedConnections > 0)
- {
- directoryServer.maxAllowedConnections = maxAllowedConnections;
- }
- else
- {
- directoryServer.maxAllowedConnections = -1;
- }
- }
-
- /**
* Indicates that a new connection has been accepted and increments the
* associated counters.
*
@@ -4915,7 +4603,7 @@
}
}
- final long maxAllowed = directoryServer.maxAllowedConnections;
+ final long maxAllowed = directoryServer.coreConfigManager.getMaxAllowedConnections();
if (0 < maxAllowed && maxAllowed <= directoryServer.currentConnections)
{
return -1;
@@ -5022,19 +4710,7 @@
*/
public static int getSizeLimit()
{
- return directoryServer.sizeLimit;
- }
-
- /**
- * Specifies the default maximum number of entries that should be returned for
- * a search.
- *
- * @param sizeLimit The default maximum number of entries that should be
- * returned for a search.
- */
- public static void setSizeLimit(int sizeLimit)
- {
- directoryServer.sizeLimit = sizeLimit;
+ return directoryServer.coreConfigManager.getSizeLimit();
}
/**
@@ -5046,31 +4722,7 @@
*/
public static int getLookthroughLimit()
{
- return directoryServer.lookthroughLimit;
- }
-
- /**
- * Specifies the default maximum number of entries that should be checked for
- * matches during a search.
- *
- * @param lookthroughLimit The default maximum number of entries that should
- * be check for matches during a search.
- */
- public static void setLookthroughLimit(int lookthroughLimit)
- {
- directoryServer.lookthroughLimit = lookthroughLimit;
- }
-
- /**
- * Specifies the maximum number of simultaneous persistent
- * searches that are allowed.
- *
- * @param maxPSearches The maximum number of simultaneous persistent
- * searches that are allowed.
- */
- public static void setMaxPersistentSearchLimit(int maxPSearches)
- {
- directoryServer.maxPSearches = maxPSearches;
+ return directoryServer.coreConfigManager.getLookthroughLimit();
}
/**
@@ -5105,8 +4757,8 @@
public static boolean allowNewPersistentSearch()
{
//-1 indicates that there is no limit.
- return directoryServer.maxPSearches == -1
- || directoryServer.activePSearches.get() < directoryServer.maxPSearches;
+ int max = directoryServer.coreConfigManager.getMaxPSearches();
+ return max == -1 || directoryServer.activePSearches.get() < max;
}
/**
@@ -5118,32 +4770,7 @@
*/
public static int getTimeLimit()
{
- return directoryServer.timeLimit;
- }
-
- /**
- * Specifies the default maximum length of time in seconds that should be
- * allowed when processing a search.
- *
- * @param timeLimit The default maximum length of time in seconds that
- * should be allowed when processing a search.
- */
- public static void setTimeLimit(int timeLimit)
- {
- directoryServer.timeLimit = timeLimit;
- }
-
- /**
- * Specifies whether to collect nanosecond resolution processing times for
- * operations.
- *
- * @param useNanoTime <code>true</code> if nanosecond resolution times
- * should be collected or <code>false</code> to
- * only collect in millisecond resolution.
- */
- public static void setUseNanoTime(boolean useNanoTime)
- {
- directoryServer.useNanoTime = useNanoTime;
+ return directoryServer.coreConfigManager.getTimeLimit();
}
/**
@@ -5156,7 +4783,7 @@
*/
public static boolean getUseNanoTime()
{
- return directoryServer.useNanoTime;
+ return directoryServer.coreConfigManager.isUseNanoTime();
}
/**
@@ -5167,19 +4794,7 @@
*/
public static WritabilityMode getWritabilityMode()
{
- return directoryServer.writabilityMode;
- }
-
- /**
- * Specifies the writability mode for the Directory Server. This will only
- * be applicable for user suffixes.
- *
- * @param writabilityMode Specifies the writability mode for the Directory
- * Server.
- */
- public static void setWritabilityMode(WritabilityMode writabilityMode)
- {
- directoryServer.writabilityMode = writabilityMode;
+ return directoryServer.coreConfigManager.getWritabilityMode();
}
/**
@@ -5192,35 +4807,7 @@
*/
public static boolean bindWithDNRequiresPassword()
{
- return directoryServer.bindWithDNRequiresPassword;
- }
-
- /**
- * Specifies whether simple bind requests that contain a bind DN will also be
- * required to have a password.
- *
- * @param bindWithDNRequiresPassword Indicates whether simple bind requests
- * that contain a bind DN will also be
- * required to have a password.
- */
- public static void setBindWithDNRequiresPassword(boolean
- bindWithDNRequiresPassword)
- {
- directoryServer.bindWithDNRequiresPassword = bindWithDNRequiresPassword;
- }
-
- /**
- * Specifies whether an unauthenticated request should be rejected.
- *
- * @param rejectUnauthenticatedRequests Indicates whether an
- * unauthenticated request should
- * be rejected.
- */
- public static void setRejectUnauthenticatedRequests(boolean
- rejectUnauthenticatedRequests)
- {
- directoryServer.rejectUnauthenticatedRequests =
- rejectUnauthenticatedRequests;
+ return directoryServer.coreConfigManager.isBindWithDNRequiresPassword();
}
/**
@@ -5930,21 +5517,6 @@
}
/**
- * Sets the threshold capacity beyond which internal cached buffers used for
- * encoding and decoding entries and protocol messages will be trimmed after
- * use.
- *
- * @param maxInternalBufferSize
- * The threshold capacity beyond which internal cached buffers used
- * for encoding and decoding entries and protocol messages will be
- * trimmed after use.
- */
- public static void setMaxInternalBufferSize(int maxInternalBufferSize)
- {
- directoryServer.maxInternalBufferSize = maxInternalBufferSize;
- }
-
- /**
* Returns the threshold capacity beyond which internal cached buffers used
* for encoding and decoding entries and protocol messages will be trimmed
* after use.
@@ -5955,7 +5527,7 @@
*/
public static int getMaxInternalBufferSize()
{
- return directoryServer.maxInternalBufferSize;
+ return directoryServer.coreConfigManager.getMaxInternalBufferSize();
}
/**
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java b/opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java
index c463dfa..d9adc24 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/IdentityMapperConfigManager.java
@@ -117,7 +117,7 @@
// Now that all of the identity mappers are defined, see if the Directory
// Server's proxied auth mapper is valid. If not, then log a warning
// message.
- DN mapperDN = DirectoryServer.getProxiedAuthorizationIdentityMapperDN();
+ DN mapperDN = serverContext.getCoreConfigManager().getProxiedAuthorizationIdentityMapperDN();
if (mapperDN == null)
{
logger.error(ERR_CONFIG_IDMAPPER_NO_PROXY_MAPPER_DN);
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java b/opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java
index cfbf971..dc6cb11 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/core/ServerContext.java
@@ -142,4 +142,11 @@
* @return backend manager
*/
BackendConfigManager getBackendConfigManager();
+
+ /**
+ * Returns the manager of core configuration.
+ *
+ * @return core configuration manager
+ */
+ CoreConfigManager getCoreConfigManager();
}
diff --git a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
index 7763541..af4fab8 100644
--- a/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
+++ b/opendj-server-legacy/src/main/java/org/opends/server/workflowelement/localbackend/LocalBackendWorkflowElement.java
@@ -778,7 +778,7 @@
SearchResultCode searchResultCode = new SearchResultCode(searchOp.getResultCode(), searchOp.getErrorMessage());
DN originalBaseDN = searchOp.getBaseDN();
- for (DN subordinateDN : getBackendManager().findSubordinateLocalNamingContextsForEntry(originalBaseDN))
+ for (DN subordinateDN : getBackendManager().findSubordinateLocalNamingContextsToSearchForEntry(originalBaseDN))
{
// We have to change the operation request base DN to match the
// subordinate workflow base DN. Otherwise the workflow will
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java
index 9b16501..8943e20 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/core/AddOperationTestCase.java
@@ -32,12 +32,15 @@
import java.util.Map;
import org.forgerock.i18n.LocalizableMessage;
+import org.forgerock.opendj.config.client.ManagementContext;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
import org.forgerock.opendj.ldap.requests.AddRequest;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.ObjectClass;
+import org.forgerock.opendj.server.config.client.GlobalCfgClient;
+import org.forgerock.opendj.server.config.meta.GlobalCfgDefn;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.LocalBackend;
import org.opends.server.plugins.DisconnectClientPlugin;
@@ -809,7 +812,7 @@
{
TestCaseUtils.initializeTestBackend(true);
- DirectoryServer.setAddMissingRDNAttributes(false);
+ setAddMissingRDNAttribute(false);
Entry entry = TestCaseUtils.makeEntry(
"dn: ou=People,o=test",
@@ -819,7 +822,17 @@
AddOperation addOperation = getRootConnection().processAdd(entry);
assertNotEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
- DirectoryServer.setAddMissingRDNAttributes(true);
+ setAddMissingRDNAttribute(true);
+ }
+
+ private void setAddMissingRDNAttribute(boolean value) throws Exception
+ {
+ try (ManagementContext conf = getServer().getConfiguration())
+ {
+ GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration();
+ globalCfg.setAddMissingRDNAttributes(value);
+ globalCfg.commit();
+ }
}
/**
@@ -1108,12 +1121,22 @@
"cn: Test User",
"userPassword: password");
- DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED);
AddOperation addOperation = getRootConnection().processAdd(entry);
assertNotEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
+ }
+
+ static void setWritabilityMode(GlobalCfgDefn.WritabilityMode mode) throws Exception
+ {
+ try (ManagementContext conf = getServer().getConfiguration())
+ {
+ GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration();
+ globalCfg.setWritabilityMode(mode);
+ globalCfg.commit();
+ }
}
/**
@@ -1139,13 +1162,13 @@
"cn: Test User",
"userPassword: password");
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
AddOperation addOperation = getRootConnection().processAdd(entry);
assertEquals(addOperation.getResultCode(), ResultCode.SUCCESS);
retrieveCompletedOperationElements(addOperation);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
/**
@@ -1163,7 +1186,7 @@
{
conn.bind("cn=Directory Manager", "password");
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
long addRequests = ldapStatistics.getAddRequests();
long addResponses = ldapStatistics.getAddResponses();
@@ -1177,7 +1200,7 @@
assertEquals(ldapStatistics.getAddRequests(), addRequests+1);
waitForAddResponsesStat(addResponses+1);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/core/DeleteOperationTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/core/DeleteOperationTestCase.java
index daa9c3b..ff15bbd 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/core/DeleteOperationTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/core/DeleteOperationTestCase.java
@@ -24,6 +24,7 @@
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
+import org.forgerock.opendj.server.config.meta.GlobalCfgDefn;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.LocalBackend;
import org.opends.server.plugins.DisconnectClientPlugin;
@@ -43,6 +44,7 @@
import org.testng.annotations.Test;
import static org.opends.server.TestCaseUtils.*;
+import static org.opends.server.core.AddOperationTestCase.setWritabilityMode;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
import static org.opends.server.types.NullOutputStream.nullPrintStream;
@@ -507,12 +509,12 @@
{
TestCaseUtils.initializeTestBackend(true);
- DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED);
DeleteOperation deleteOperation = processDeleteRaw("o=test");
assertNotEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
@@ -528,12 +530,12 @@
{
TestCaseUtils.initializeTestBackend(true);
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
DeleteOperation deleteOperation = processDeleteRaw("o=test");
assertEquals(deleteOperation.getResultCode(), ResultCode.SUCCESS);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
@@ -549,12 +551,12 @@
{
TestCaseUtils.initializeTestBackend(true);
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
String[] args = getArgs("o=test");
assertFalse(LDAPDelete.run(nullPrintStream(), nullPrintStream(), args) == 0);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java
index 503d7e8..890c33f 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/core/ModifyOperationTestCase.java
@@ -22,6 +22,7 @@
import static org.forgerock.opendj.ldap.requests.Requests.*;
import static org.forgerock.opendj.ldap.schema.CoreSchema.*;
import static org.opends.server.TestCaseUtils.*;
+import static org.opends.server.core.AddOperationTestCase.setWritabilityMode;
import static org.opends.server.protocols.internal.InternalClientConnection.*;
import static org.opends.server.protocols.internal.Requests.newSearchRequest;
import static org.opends.server.protocols.ldap.LDAPConstants.*;
@@ -44,6 +45,7 @@
import org.forgerock.opendj.ldap.requests.ModifyRequest;
import org.forgerock.opendj.ldap.requests.Requests;
import org.forgerock.opendj.ldap.schema.AttributeType;
+import org.forgerock.opendj.server.config.meta.GlobalCfgDefn;
import org.opends.server.TestCaseUtils;
import org.opends.server.api.LocalBackend;
import org.opends.server.plugins.DisconnectClientPlugin;
@@ -2305,14 +2307,14 @@
"mail: foo",
"employeeNumber: 1");
- DirectoryServer.setWritabilityMode(WritabilityMode.DISABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.DISABLED);
RawModification mod = newRawModification(ADD, "objectClass", "extensibleObject");
ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN, mod);
assertNotEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
retrieveFailedOperationElements(modifyOperation);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
@@ -2342,14 +2344,14 @@
"mail: foo",
"employeeNumber: 1");
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
RawModification mod = newRawModification(ADD, "objectClass", "extensibleObject");
ModifyOperation modifyOperation = processModify("uid=test.user," + baseDN, mod);
assertEquals(modifyOperation.getResultCode(), ResultCode.SUCCESS);
retrieveSuccessfulOperationElements(modifyOperation);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
@@ -2379,7 +2381,7 @@
"mail: foo",
"employeeNumber: 1");
- DirectoryServer.setWritabilityMode(WritabilityMode.INTERNAL_ONLY);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.INTERNAL_ONLY);
try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
{
@@ -2398,7 +2400,7 @@
assertEquals(ldapStatistics.getModifyRequests(), modifyRequests + 1);
waitForModifyResponsesStat(modifyResponses + 1);
- DirectoryServer.setWritabilityMode(WritabilityMode.ENABLED);
+ setWritabilityMode(GlobalCfgDefn.WritabilityMode.ENABLED);
}
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java b/opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java
index 46a1a97..8e1a20b 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/core/RejectUnauthReqTests.java
@@ -19,9 +19,12 @@
import java.util.ArrayList;
import com.forgerock.opendj.ldap.tools.LDAPCompare;
+
+import org.forgerock.opendj.config.client.ManagementContext;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.DN;
import org.forgerock.opendj.ldap.ResultCode;
+import org.forgerock.opendj.server.config.client.GlobalCfgClient;
import org.opends.server.TestCaseUtils;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.tools.LDAPAuthenticationHandler;
@@ -245,20 +248,30 @@
* settings for "ds-cfg-reject-unauthenticated-requests".
*/
@Test
- public void testAuthSearchDefCfg()
+ public void testAuthSearchDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.SIMPLE)), 0);
}
+ private void setRejectUnauthenticatedRequests(boolean value) throws Exception
+ {
+ try (ManagementContext conf = getServer().getConfiguration())
+ {
+ GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration();
+ globalCfg.setRejectUnauthenticatedRequests(value);
+ globalCfg.commit();
+ }
+ }
+
/**
* Tests whether an unauthenticated SEARCH request will be allowed with the default configuration
* settings for "ds-cfg-reject-unauthenticated-requests".
*/
@Test
- public void testUnauthSearchDefCfg()
+ public void testUnauthSearchDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.ANONYMOUS)), 0);
}
@@ -268,9 +281,9 @@
* "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
- public void testAuthBindDefCfg()
+ public void testAuthBindDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
@@ -287,9 +300,9 @@
* "ds-cfg-reject-unauthenticated-requests".
*/
@Test
- public void testUnauthBindDefCfg()
+ public void testUnauthBindDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
BindOperation bindOperation = conn.processSimpleBind(DN.rootDN(), null);
@@ -309,7 +322,7 @@
@Test
public void testAuthWAIDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
{
@@ -336,7 +349,7 @@
@Test
public void testUnauthWAIDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
{
@@ -359,7 +372,7 @@
@Test
public void testStartTLSUnauthDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0);
}
@@ -373,7 +386,7 @@
@Test
public void testOtherOpsAuthDefCfg() throws Exception
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
assertEquals(performAddOperation(true), 0);
assertEquals(performModifyOperation(true), 0);
@@ -412,18 +425,18 @@
* "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
- public void testSearchNewCfg()
+ public void testSearchNewCfg() throws Exception
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
assertFalse(LDAPSearch.run(nullPrintStream(), nullPrintStream(), searchArgs(Auth.ANONYMOUS)) == 0);
assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0);
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -433,11 +446,11 @@
* "ds-cfg-reject-unauthenticated-requests" .
*/
@Test
- public void testBindNewCfg()
+ public void testBindNewCfg() throws Exception
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
InternalClientConnection conn = new InternalClientConnection(new AuthenticationInfo());
ByteString user = ByteString.valueOfUtf8("cn=Directory Manager");
@@ -451,7 +464,7 @@
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -470,12 +483,12 @@
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
assertEquals(LDAPSearch.run(nullPrintStream(), System.err, searchArgs(Auth.START_TLS)), 0);
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -494,7 +507,7 @@
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
ExtendedOperation extOp = getRootConnection().processExtendedOperation(OID_WHO_AM_I_REQUEST, null);
assertEquals(extOp.getResultCode(), ResultCode.SUCCESS);
@@ -502,7 +515,7 @@
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -518,7 +531,7 @@
{
try (RemoteConnection conn = new RemoteConnection("localhost", TestCaseUtils.getServerLdapPort()))
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
LDAPAuthenticationHandler authHandler = conn.newLDAPAuthenticationHandler();
try
@@ -536,7 +549,7 @@
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -554,7 +567,7 @@
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
assertEquals(performAddOperation(true), 0);
assertEquals(performModifyOperation(true), 0);
@@ -564,7 +577,7 @@
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
@@ -582,7 +595,7 @@
{
try
{
- DirectoryServer.setRejectUnauthenticatedRequests(true);
+ setRejectUnauthenticatedRequests(true);
assertNotEquals(performAddOperation(false), 0);
assertNotEquals(performModifyOperation(false), 0);
@@ -592,7 +605,7 @@
}
finally
{
- DirectoryServer.setRejectUnauthenticatedRequests(false);
+ setRejectUnauthenticatedRequests(false);
}
}
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java b/opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java
index e4a1970..4f1aac1 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/schema/EqualityMatchingRuleTest.java
@@ -12,20 +12,24 @@
* information: "Portions Copyright [year] [name of copyright owner]".
*
* Copyright 2006-2008 Sun Microsystems, Inc.
- * Portions Copyright 2014-2015 ForgeRock AS.
+ * Portions Copyright 2014-2016 ForgeRock AS.
*/
package org.opends.server.schema;
+import org.forgerock.opendj.config.client.ManagementContext;
import org.forgerock.opendj.ldap.Assertion;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.ConditionResult;
import org.forgerock.opendj.ldap.DecodeException;
import org.forgerock.opendj.ldap.schema.MatchingRule;
+import org.forgerock.opendj.server.config.client.GlobalCfgClient;
+import org.forgerock.opendj.server.config.meta.GlobalCfgDefn;
import org.opends.server.core.DirectoryServer;
import org.opends.server.types.AcceptRejectWarn;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
+import static org.opends.server.TestCaseUtils.getServer;
import static org.testng.Assert.*;
/**
@@ -77,14 +81,38 @@
throws Exception
{
AcceptRejectWarn accept = DirectoryServer.getSyntaxEnforcementPolicy();
- DirectoryServer.setSyntaxEnforcementPolicy(AcceptRejectWarn.WARN);
+ setSyntaxEnforcementPolicy(GlobalCfgDefn.InvalidAttributeSyntaxBehavior.WARN);
try
{
testValuesMatch(value1, value2, result);
}
finally
{
- DirectoryServer.setSyntaxEnforcementPolicy(accept);
+ setSyntaxEnforcementPolicy(convertAccept(accept));
+ }
+ }
+
+ private static GlobalCfgDefn.InvalidAttributeSyntaxBehavior convertAccept(AcceptRejectWarn accept)
+ {
+ switch (accept)
+ {
+ case ACCEPT:
+ return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.ACCEPT;
+ case WARN:
+ return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.WARN;
+ case REJECT:
+ default:
+ return GlobalCfgDefn.InvalidAttributeSyntaxBehavior.REJECT;
+ }
+ }
+
+ private void setSyntaxEnforcementPolicy(GlobalCfgDefn.InvalidAttributeSyntaxBehavior value) throws Exception
+ {
+ try (ManagementContext conf = getServer().getConfiguration())
+ {
+ GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration();
+ globalCfg.setInvalidAttributeSyntaxBehavior(value);
+ globalCfg.commit();
}
}
diff --git a/opendj-server-legacy/src/test/java/org/opends/server/types/EntrySchemaCheckingTestCase.java b/opendj-server-legacy/src/test/java/org/opends/server/types/EntrySchemaCheckingTestCase.java
index a064814..6231415 100644
--- a/opendj-server-legacy/src/test/java/org/opends/server/types/EntrySchemaCheckingTestCase.java
+++ b/opendj-server-legacy/src/test/java/org/opends/server/types/EntrySchemaCheckingTestCase.java
@@ -16,18 +16,20 @@
*/
package org.opends.server.types;
-import static org.opends.server.types.AcceptRejectWarn.*;
+import static org.opends.server.TestCaseUtils.getServer;
import static org.opends.server.types.NullOutputStream.nullPrintStream;
import static org.testng.Assert.*;
import java.util.LinkedList;
import org.forgerock.i18n.LocalizableMessageBuilder;
+import org.forgerock.opendj.config.client.ManagementContext;
import org.forgerock.opendj.ldap.ByteString;
import org.forgerock.opendj.ldap.schema.AttributeType;
import org.forgerock.opendj.ldap.schema.CoreSchema;
+import org.forgerock.opendj.server.config.client.GlobalCfgClient;
+import org.forgerock.opendj.server.config.meta.GlobalCfgDefn;
import org.opends.server.TestCaseUtils;
-import org.opends.server.core.DirectoryServer;
import com.forgerock.opendj.ldap.tools.LDAPModify;
import org.testng.annotations.Test;
@@ -45,26 +47,37 @@
*
* @param e The entry to be tested.
*/
- private void failOnlyForStrictEvaluation(Entry e)
+ private void failOnlyForStrictEvaluation(Entry e) throws Exception
{
try
{
LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder();
- DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT);
assertFalse(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation succeeded with REJECT policy");
- DirectoryServer.setSingleStructuralObjectClassPolicy(WARN);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.WARN);
assertTrue(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation failed with WARN policy: " + invalidReason);
- DirectoryServer.setSingleStructuralObjectClassPolicy(ACCEPT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.ACCEPT);
assertTrue(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation failed with ACCEPT policy: " + invalidReason);
}
finally
{
- DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT);
+ }
+ }
+
+ private void setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior policy)
+ throws Exception
+ {
+ try (ManagementContext conf = getServer().getConfiguration())
+ {
+ GlobalCfgClient globalCfg = conf.getRootConfiguration().getGlobalConfiguration();
+ globalCfg.setSingleStructuralObjectclassBehavior(policy);
+ globalCfg.commit();
}
}
@@ -75,26 +88,26 @@
*
* @param e The entry to be tested.
*/
- private void failAlwaysStrictEvaluation(Entry e)
+ private void failAlwaysStrictEvaluation(Entry e) throws Exception
{
try
{
LocalizableMessageBuilder invalidReason = new LocalizableMessageBuilder();
- DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT);
assertFalse(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation succeeded with REJECT policy");
- DirectoryServer.setSingleStructuralObjectClassPolicy(WARN);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.WARN);
assertFalse(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation failed with WARN policy: " + invalidReason);
- DirectoryServer.setSingleStructuralObjectClassPolicy(ACCEPT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.ACCEPT);
assertFalse(e.conformsToSchema(null, false, true, true, invalidReason),
"Entry validation failed with ACCEPT policy: " + invalidReason);
}
finally
{
- DirectoryServer.setSingleStructuralObjectClassPolicy(REJECT);
+ setSingleStructuralObjectClassPolicy(GlobalCfgDefn.SingleStructuralObjectclassBehavior.REJECT);
}
}
--
Gitblit v1.10.0