* A Directory Server uses the root DSE to provide information about * itself using the following set of attributes: *
* The root DSE may also include a {@code subschemaSubentry} attribute. * If it does, the attribute refers to the subschema (sub)entry holding * the schema controlling the root DSE. Clients SHOULD NOT assume that * this subschema (sub)entry controls other entries held by the server. * * @see RFC 4512 - * Lightweight Directory Access Protocol (LDAP): Directory * Information Models * @see RFC 3045 - Storing * Vendor Information in the LDAP Root DSE * @see RFC 3112 - LDAP * Authentication Password Schema */ public final class RootDSE { private static final AttributeDescription ATTR_ALT_SERVER = AttributeDescription .create(CoreSchema.getAltServerAttributeType()); private static final AttributeDescription ATTR_NAMING_CONTEXTS = AttributeDescription .create(CoreSchema.getNamingContextsAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_CONTROL = AttributeDescription .create(CoreSchema.getSupportedControlAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_EXTENSION = AttributeDescription .create(CoreSchema.getSupportedExtensionAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_FEATURE = AttributeDescription .create(CoreSchema.getSupportedFeaturesAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_LDAP_VERSION = AttributeDescription .create(CoreSchema.getSupportedLDAPVersionAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_SASL_MECHANISMS = AttributeDescription .create(CoreSchema.getSupportedSASLMechanismsAttributeType()); private static final AttributeDescription ATTR_SUPPORTED_AUTH_PASSWORD_SCHEMES = AttributeDescription .create(CoreSchema.getSupportedAuthPasswordSchemesAttributeType()); private static final AttributeDescription ATTR_SUBSCHEMA_SUBENTRY = AttributeDescription .create(CoreSchema.getSubschemaSubentryAttributeType()); private static final AttributeDescription ATTR_VENDOR_NAME = AttributeDescription .create(CoreSchema.getVendorNameAttributeType()); private static final AttributeDescription ATTR_VENDOR_VERSION = AttributeDescription .create(CoreSchema.getVendorNameAttributeType()); private static final SearchRequest SEARCH_REQUEST = Requests .newSearchRequest(DN.rootDN(), SearchScope.BASE_OBJECT, Filter .getObjectClassPresentFilter(), ATTR_ALT_SERVER.toString(), ATTR_NAMING_CONTEXTS.toString(), ATTR_SUPPORTED_CONTROL .toString(), ATTR_SUPPORTED_EXTENSION.toString(), ATTR_SUPPORTED_FEATURE.toString(), ATTR_SUPPORTED_LDAP_VERSION.toString(), ATTR_SUPPORTED_SASL_MECHANISMS.toString(), ATTR_VENDOR_NAME .toString(), ATTR_VENDOR_VERSION.toString(), ATTR_SUPPORTED_AUTH_PASSWORD_SCHEMES.toString(), ATTR_SUBSCHEMA_SUBENTRY.toString(), "*"); /** * Reads the Root DSE from the Directory Server using the provided * connection. *
* If the Root DSE is not returned by the Directory Server then the
* request will fail with an {@link EntryNotFoundException}. More
* specifically, the returned future will never return {@code null}.
*
* @param connection
* A connection to the Directory Server whose Root DSE is to
* be read.
* @param handler
* A result handler which can be used to asynchronously
* process the operation result when it is received, may be
* {@code null}.
* @return A future representing the result of the operation.
* @throws UnsupportedOperationException
* If the connection does not support search operations.
* @throws IllegalStateException
* If the connection has already been closed, i.e. if
* {@code isClosed() == true}.
* @throws NullPointerException
* If the {@code connection} was {@code null}.
*/
public static FutureResult
* If the Root DSE is not returned by the Directory Server then the
* request will fail with an {@link EntryNotFoundException}. More
* specifically, this method will never return {@code null}.
*
* @param connection
* A connection to the Directory Server whose Root DSE is to
* be read.
* @return The Directory Server's Root DSE.
* @throws ErrorResultException
* If the result code indicates that the request failed for
* some reason.
* @throws InterruptedException
* If the current thread was interrupted while waiting.
* @throws UnsupportedOperationException
* If the connection does not support search operations.
* @throws IllegalStateException
* If the connection has already been closed, i.e. if
* {@code isClosed() == true}.
* @throws NullPointerException
* If the {@code connection} was {@code null}.
*/
public static RootDSE readRootDSE(Connection connection)
throws ErrorResultException, InterruptedException,
UnsupportedOperationException, IllegalStateException,
NullPointerException
{
final Entry entry = connection.searchSingleEntry(SEARCH_REQUEST);
return new RootDSE(entry);
}
private final Entry entry;
/**
* Creates a new Root DSE instance backed by the provided entry.
* Modifications made to {@code entry} will be reflected in the
* returned Root DSE. The returned Root DSE instance is unmodifiable
* and attempts to use modify any of the returned collections will
* result in a {@code UnsupportedOperationException}.
*
* @param entry
* The Root DSE entry.
* @throws NullPointerException
* If {@code entry} was {@code null} .
*/
public RootDSE(Entry entry) throws NullPointerException
{
Validator.ensureNotNull(entry);
this.entry = entry;
}
/**
* Returns an unmodifiable list of URIs referring to alternative
* Directory Servers that may be contacted when the Directory Server
* becomes unavailable.
*
* URIs for Directory Servers implementing the LDAP protocol are
* written according to RFC 4516. Other kinds of URIs may be provided.
*
* If the Directory Server does not know of any other Directory
* Servers that could be used, the returned list will be empty.
*
* @return An unmodifiable list of URIs referring to alternative
* Directory Servers, which may be empty.
* @see RFC 4516 -
* Lightweight Directory Access Protocol (LDAP): Uniform Resource
* Locator
*/
public Collection
* If the Directory Server does not master or shadow any naming
* contexts, the returned list will be empty.
*
* @return An unmodifiable list of DNs identifying the context
* prefixes of the naming contexts, which may be empty.
*/
public Collection
* Clients SHOULD NOT assume that this subschema (sub)entry controls
* other entries held by the Directory Server.
*
* @return The DN of the subschema subentry holding the schema
* controlling the Root DSE, or {@code null} if the DN is not
* provided.
*/
public String getSubschemaSubentry()
{
return getSingleValuedAttribute(ATTR_SUBSCHEMA_SUBENTRY);
}
/**
* Returns an unmodifiable list of supported authentication password
* schemes which the Directory Server supports.
*
* If the Directory Server does not support any authentication
* password schemes, the returned list will be empty.
*
* @return An unmodifiable list of supported authentication password
* schemes, which may be empty.
* @see RFC 3112 - LDAP
* Authentication Password Schema
*/
public Collection
* If the Directory Server does not support any request controls, the
* returned list will be empty. Object identifiers identifying
* response controls may not be listed.
*
* @return An unmodifiable list of object identifiers identifying the
* request controls, which may be empty.
*/
public Collection
* If the Directory Server does not support any extended operations,
* the returned list will be empty.
*
* An extended operation generally consists of an extended request and
* an extended response but may also include other protocol data units
* (such as intermediate responses). The object identifier assigned to
* the extended request is used to identify the extended operation.
* Other object identifiers used in the extended operation may not be
* listed as values of this attribute.
*
* @return An unmodifiable list of object identifiers identifying the
* extended operations, which may be empty.
*/
public Collection
* If the server does not support any discoverable elective features,
* the returned list will be empty.
*
* @return An unmodifiable list of object identifiers identifying the
* elective features, which may be empty.
*/
public Collection
* The contents of the returned list may depend on the current session
* state and may be empty if the Directory Server does not support any
* SASL mechanisms.
*
* @return An unmodifiable list of the SASL mechanisms, which may be
* empty.
* @see RFC 4513 -
* Lightweight Directory Access Protocol (LDAP): Authentication
* Methods and Security Mechanisms
* @see RFC 4422 - Simple
* Authentication and Security Layer (SASL)
*/
public Collection
* Note that this value is typically a release value comprised of a
* string and/or a string of numbers used by the developer of the LDAP
* server product. The returned string will be unique between two
* versions of the Directory Server, but there are no other syntactic
* restrictions on the value or the way it is formatted.
*
* @return The version of the Directory Server implementation, or
* {@code null} if the vendor version is not provided.
* @see RFC 3045 -
* Storing Vendor Information in the LDAP Root DSE
*/
public String getVendorVersion()
{
return getSingleValuedAttribute(ATTR_VENDOR_VERSION);
}
private