Package com.isode.dsapi.config

Class DSACreationTemplate

java.lang.Object
com.isode.dsapi.config.DSACreationTemplate
public class DSACreationTemplate extends Object
DSACreationTemplate, specifying all the data required to create and initialise a DSA from nothing to a working configuration. Where values are specified as 'never null', this is for creating a DSA. Certain of these values may be null before saving or after loading from XML if they are values that are not loaded/saved.

Note that all DNs in this class should be passed through relocateDN(com.isode.dsapi.DN) before use, in case DN relocations have been specified. DN-relocations can be used to change the location of whole subtrees and also to change DNs of configured users or to rename them, e.g. managers and so on. The data in the LDIF and also the GAC is relocated accordingly.

Since:
15.0
Author:
jp

  • Field Details

    • label

      public String label
      Label, never null for DSA creation.

    • bp_label

      public String bp_label
      Label for bind profile, or null to use the value of 'label'. This is not saved/reloaded from the XML.

    • install_path

      public File install_path
      Installation path, never null for DSA creation. There must be no existing file or directory at this location. This is not saved/reloaded in the XML.

    • gdam_type

      public GDAMType gdam_type
      GDAM type, never null.

    • dsa_dn

      public DN dsa_dn
      DSA DN, never null for DSA creation.

    • pa

      public PresentationAddress pa
      Presentation address, never null for DSA creation. Not saved to XML.

    • meshInitPA

      public PresentationAddress meshInitPA
      Presentation address of multimaster server that will be used to perform initial population of this new one. Not saved to XML.

    • manager_dn

      public DN manager_dn
      DN of config user who will be put into the bind profile installed for D3M's use after creation is complete, or null if the superuser should be left active. If specified, then this should be one of the config users set up by the LDIF and GAC XML. It should also appear in the PWParam list, so that a password is generated or assigned to it.

    • superuser_password

      public String superuser_password
      Superuser password to install on the new DSA, or null to generate a secure temporary password on reloading. If this is specified and the superuser is left active after the DSA creation is complete, then this is the password that will remain active for the superuser. If the superuser is not left active, then specifying the password here is pointless as it will be deleted from the DSA.

    • hideScramSha1

      public boolean hideScramSha1
      This boolean controls whether the option of using SCRAM-SHA1 hashing of passwords should be offered to the user when creating a DSA. Hashing should not be selected for DSAs which are going to be used to hold messaging configurations (because various components of the messaging system will need to be able to read plain-text password values). Note that when we don't allow SCRAM-SHA-1 we also don't allow SCRAM-SHA-256.
      Since:
      R16.0

    • enableScramSha1

      public boolean enableScramSha1

    • enableScramSha256

      public boolean enableScramSha256

    • recordAuthTimestamps

      public boolean recordAuthTimestamps
      This boolean controls whether or not to set the authTimestamps attribute in the configuration entry.
      Since:
      R16.6

    • passwordHash

      public DSACreationTemplate.PasswordHash passwordHash
      What kind of password hashing to use

    • dsaType

      public DSACreationTemplate.DSAType dsaType

    • ap_list

      public List<DSACreationTemplate.AdminPoint> ap_list
      Admin points specified, or empty list if none.

    • cp_list

      public List<DSACreationTemplate.NamingContext> cp_list
      Naming contexts specified, or empty list if none.

    • consumedNClist

      public List<DSACreationTemplate.NamingContext> consumedNClist
      Naming contexts to be consumed from master (relevant on creating a shadow DSA), or empty list if none.

    • shadowAuthData

      public PeerAuthData shadowAuthData
      Authentication data between shadow and master server (relevant on creating a shadow DSA).

    • create_list

      public List<DN> create_list
      List of entries to ensure are created, or empty list if none.

    • userbp_list

      public List<DSACreationTemplate.UserBP> userbp_list
      List of additional user bind profiles to create, or empty list if none.

    • opt_rule_list

      public List<DSACreationTemplate.OptRule> opt_rule_list
      List of optional rule-items for the user to select between, or empty list. Deselected rule-items are deleted from the GAC before being applied.

    • opt_rule_limits

      public List<DSACreationTemplate.OptRuleLimit> opt_rule_limits
      List of optional rule-item restrictions, or empty list.

    • opt_group_list

      public List<DSACreationTemplate.OptGroup> opt_group_list
      List of optional groups for the user to select/deselect, or empty list. Deselected groups are deleted from the GAC before being applied.

    • mand_group_list

      public List<DSACreationTemplate.MandGroup> mand_group_list
      List of mandatory groups, or empty list.

    • attrs_to_index

      public List<DSACreationTemplate.IndexRequest> attrs_to_index
      List of attribute types for which we want indexes to be auto-created, or empty list

    • ldif_file

      public File ldif_file
      Filename of LDIF to load, or null if no entries need loading. If this filename is saved in the XML, then it is assumed that this file will be stored alongside the config XML file, so only the name not the full path is stored.

    • gac_file

      public File gac_file
      Filename of GAC XML file to load, of null if no global access control data should be loaded. If this filename is saved in the XML, then it is assumed that this file will be stored alongside the config XML file, so only the name not the full path is stored.

    • dnparams

      public List<DSACreationTemplate.DNParam> dnparams
      DNParams for this template, or empty list if none. The parameters are substituted as if in parallel, with longer matches overriding shorter matches.

    • pwparams

      public List<DSACreationTemplate.PWParam> pwparams
      Password params for this template, or empty list if none. These are used to substitute the default passwords in the LDIF with actual live passwords. These passwords may be auto-generated ones, or ones written into these PWParam instances by the caller.

      TODO: Allow PWParams that configure strong binds as well, outputting a list of .P12 files with passwords to be distributed to the users.

    • hpwparams

      public List<DSACreationTemplate.PWParam> hpwparams
      Password params for this template, or empty list if none. These are used to SILENTLY substitute default passwords in the LDIF with actual live passwords WITHOUT displaying them via the DSA creation GUI or command line interface. These passwords are auto-generated only.

  • Constructor Details

    • DSACreationTemplate

      public DSACreationTemplate()

  • Method Details

    • dumpXML

      public void dumpXML(com.isode.util.XMLOutput out) throws IOException
      Dump template as XML.
      Throws:
      IOException

    • loadXML

      public static DSACreationTemplate loadXML(com.isode.util.XMLInput in)
      Try to load up the DSACreationTemplate from XML. Returns null if not found.
      Parameters:
      in - XMLInput to read

    • generatePassword

      public String generatePassword(int len)
      Generate a password string of randomly-selected letters and digits of the given length. Uses a SecureRandom instance as a source.
      Parameters:
      len - Length of password required
      Returns:
      Password string.

    • clearRelocateDNCache

      public void clearRelocateDNCache()
      Clear the DNParam cache used by relocateDN().

    • getRelocationDNPairArray

      public DN[] getRelocationDNPairArray()
      Return a list of source/target DN pairs in an array suitable to use to call Attribute.relocate(DN...) generated from the DNParam list.
      Returns:
      DN[]

    • relocateDN

      public DN relocateDN(DN dn)
      Relocate a DN according to the configured DNParam list, or pass through null. Note that a cached copy of 'dnparams' is created and used. If changes are made to 'dnparams' and relocateDN() is called again, then the cache must be cleared first by calling clearRelocateDNCache().

    • areOptRulesValid

      public boolean areOptRulesValid()
      Test whether the selection in the OptRule list are valid according to the loaded list of OptRuleLimits.
      Returns:
      true: rule selections are valid, false: otherwise

    • switchOptRule

      public boolean switchOptRule(DSACreationTemplate.OptRule or)
      Switch an optional rule on or off, reversing its state. If switching it off would cause an invalid state due to a at-least-one limit, then nothing is done. If switching it on would cause an invalid state due to an at-most-one limit, then all the other rules in the group are turned off.

      Note that it is possible to create a set of limits that mean that it is impossible for this routine to leave the selections in a valid state. It makes no attempt to solve things in that case.

      Parameters:
      or - OptRule to switch on/off
      Returns:
      true: a change was made, false: no change was possible

    • initBPLabels

      public void initBPLabels()
      Initialise the bind-profile labels from the relocated DSA DN and the manager or user RDN values. This should be called after all relocations have been configured, or else the values inserted will be out of date by the time the DSA is created.

    • getDNParam

      public DSACreationTemplate.DNParam getDNParam(String labelPrefix)
      Find out the DNParam information for a DN inside the template with a specified label. This may be useful for a caller who wishes to find out, after the DSA creation completes, where a given DN ended up being relocated to.

      Note that the caller only needs to specify the initial part of the label; this is because labels in the template can be very long and contain descriptive text, and typically just the first part of the label is sufficient to identify the DN in question.

      Parameters:
      labelPrefix - the label, or beginning of the label for the DN inside the template. Must not be null.
      Returns:
      the first DNParam that has a label matching, or starting with, label, or null if there is no matching DN in the template.
      Since:
      15.2