| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| * |
| */ |
| package org.apache.directory.server.ldap.replication; |
| |
| |
| import java.util.HashSet; |
| import java.util.Set; |
| |
| import javax.net.ssl.X509TrustManager; |
| |
| import org.apache.directory.api.ldap.model.constants.LdapConstants; |
| import org.apache.directory.api.ldap.model.constants.SchemaConstants; |
| import org.apache.directory.api.ldap.model.message.AliasDerefMode; |
| import org.apache.directory.api.ldap.model.message.SearchScope; |
| import org.apache.directory.api.ldap.model.name.Dn; |
| import org.apache.directory.api.util.Network; |
| import org.apache.directory.ldap.client.api.NoVerificationTrustManager; |
| |
| |
| /** |
| * A class for holding the syncrepl consumer's configuration. the following parameters |
| * are part of the Syncrepl Consumer configuration :<br> |
| * <ul> |
| * <li>remoteHost : the remote server's name, defaults to 'localhost'</li> |
| * <li>remotePort : the remote server's LDAP port, defaults to 10389</li> |
| * <li>replUserDn : The replication User's DN</li> |
| * <li>replUserPassword : The replication User's password</li> |
| * <li>refreshNPersist : the replication mode, defaults to 'true'</li> |
| * <li>refreshInterval : the interval between replications when in refreshOnly mode, defaults to 60s</li> |
| * <li>baseDn : the base from which to fetch entries on the remote server</li> |
| * <li>filter : the filter to select entries,defaults to (ObjectClass=*)</li> |
| * <li>attributes : the list of attributes to replicate, defaults to all</li> |
| * <li>searchSizeLimit : the maximum number of entries to fetch, defaults to no limit</li> |
| * <li>searchTimeout : the maximum delay to wait for entries, defaults to no limit</li> |
| * <li>searchScope : the scope, defaults to SUBTREE</li> |
| * <li>aliasDerefMode : set the aliss derefence policy, defaults to NEVER </li> |
| * <li>replicaId : the replica identifier</li> |
| * <li>configEntryDn : the configuration entry's DN</li> |
| * <li>chaseReferrals : tells if we chase referrals, defaults to false</li> |
| * <li>cookie : the replication cookie</li> |
| * <li>useTls : the connection uses TLS, defaults to true</li> |
| * <li>strictCertVerification : strictly verify the certificate, defaults to true</li> |
| * <li>trustManager : the trustManager to use, defaults to @link{NoVerificationTrustManager}</li> |
| * <li></li> |
| * </ul> |
| * |
| * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a> |
| */ |
| public class SyncReplConfiguration implements ReplicationConsumerConfig |
| { |
| /** host name of the syncrepl remote server, default value is localhost */ |
| private String remoteHost; |
| |
| /** port number of the syncrepl provider server, default is 10389 */ |
| private int remotePort; |
| |
| /** The producer, as <host>:<port> */ |
| private String producer; |
| |
| /** replication user's Dn */ |
| private String replUserDn; |
| |
| /** password for binding with replication user dn */ |
| private byte[] replUserPassword; |
| |
| /** flag to represent refresh and persist or refresh only mode, defaults to true */ |
| private boolean refreshNPersist = true; |
| |
| /** time interval for successive sync requests, default is 60 seconds */ |
| private long refreshInterval = 60L * 1000L; |
| |
| /** the base Dn whose content will be searched for replicating */ |
| private String baseDn; |
| |
| /** the ldap filter for fetching the entries, default value is (objectClass=*) */ |
| private String filter = LdapConstants.OBJECT_CLASS_STAR; |
| |
| /** names of attributes to be replicated, default value is all user attributes */ |
| private Set<String> attributes; |
| |
| /** the maximum number of search results to be fetched |
| * default value is 0 (i.e no limit) */ |
| private int searchSizeLimit = 0; |
| |
| /** the timeout value to be used while doing a search |
| * default value is 0 (i.e no limit)*/ |
| private int searchTimeout = 0; |
| |
| /** the search scope, default is sub tree level */ |
| private SearchScope searchScope = SearchScope.SUBTREE; |
| |
| /** alias dereferencing mode, default is set to 'never deref aliases' */ |
| private AliasDerefMode aliasDerefMode = AliasDerefMode.NEVER_DEREF_ALIASES; |
| |
| /** the cookie received from server */ |
| private byte[] cookie; |
| |
| /** the replica's id */ |
| private int replicaId; |
| |
| /** The configuration entry DN */ |
| private Dn configEntryDn = null; |
| |
| /** flag to indicate whether to chase referrals or not, default is false hence passes ManageDsaITControl with syncsearch request*/ |
| private boolean chaseReferrals = false; |
| |
| /** flag to indicate the use of TLS, default is true */ |
| private boolean useTls = true; |
| |
| /** flag to indicate the use of strict certificate verification, default is true */ |
| private boolean strictCertVerification = true; |
| |
| /** the X509 certificate trust manager used, default value set to {@link NoVerificationTrustManager} */ |
| private X509TrustManager trustManager = new NoVerificationTrustManager(); |
| |
| /** flag to indicate if this node is part of a MMR setup, default value is true */ |
| private boolean mmrMode = true; |
| |
| |
| /** |
| * Creates a new instance of SyncreplConfiguration |
| */ |
| public SyncReplConfiguration() |
| { |
| attributes = new HashSet<>(); |
| // the default list of attributes |
| attributes.add( SchemaConstants.ALL_USER_ATTRIBUTES ); |
| |
| remoteHost = Network.LOOPBACK_HOSTNAME; |
| |
| remotePort = 10389; |
| |
| producer = remoteHost + ":" + remotePort; |
| } |
| |
| |
| /** |
| * @return the remote Host |
| */ |
| public String getRemoteHost() |
| { |
| return remoteHost; |
| } |
| |
| |
| /** |
| * @param remoteHost the remote Host to set |
| */ |
| public void setRemoteHost( String remoteHost ) |
| { |
| this.remoteHost = remoteHost; |
| producer = remoteHost + ":" + remotePort; |
| } |
| |
| |
| /** |
| * A convenient method that concatenates the host and port of the producer |
| * @return The <host>:<port> the consumer is connected to |
| */ |
| public String getProducer() |
| { |
| return producer; |
| } |
| |
| |
| /** |
| * @return the port |
| */ |
| public int getRemotePort() |
| { |
| return remotePort; |
| } |
| |
| |
| /** |
| * @param remotePort the remote port to set |
| */ |
| public void setRemotePort( int remotePort ) |
| { |
| this.remotePort = remotePort; |
| producer = remoteHost + ":" + remotePort; |
| } |
| |
| |
| /** |
| * @return the replication user's Dn |
| */ |
| public String getReplUserDn() |
| { |
| return replUserDn; |
| } |
| |
| |
| /** |
| * @param replUserdDn the Dn of the replication user |
| */ |
| public void setReplUserDn( String replUserdDn ) |
| { |
| this.replUserDn = replUserdDn; |
| } |
| |
| |
| /** |
| * @return the replication user's password |
| */ |
| public byte[] getReplUserPassword() |
| { |
| return replUserPassword; |
| } |
| |
| |
| /** |
| * @param replUserPassword the replication user's password |
| */ |
| public void setReplUserPassword( byte[] replUserPassword ) |
| { |
| this.replUserPassword = replUserPassword; |
| } |
| |
| |
| /** |
| * @return the refreshPersist |
| */ |
| public boolean isRefreshNPersist() |
| { |
| return refreshNPersist; |
| } |
| |
| |
| /** |
| * @param refreshNPersist the falg indicating to run the consumer in refreshAndPersist mode |
| */ |
| public void setRefreshNPersist( boolean refreshNPersist ) |
| { |
| this.refreshNPersist = refreshNPersist; |
| } |
| |
| |
| /** |
| * @return the refresh interval |
| */ |
| public long getRefreshInterval() |
| { |
| return refreshInterval; |
| } |
| |
| |
| /** |
| * @param refreshInterval the consumerInterval to set |
| */ |
| public void setRefreshInterval( long refreshInterval ) |
| { |
| if ( refreshInterval <= 0 ) |
| { |
| throw new IllegalArgumentException( "refresh interval should be more than zero" ); |
| } |
| this.refreshInterval = refreshInterval; |
| } |
| |
| |
| /** |
| * @return the baseDn |
| */ |
| public String getBaseDn() |
| { |
| return baseDn; |
| } |
| |
| |
| /** |
| * @param baseDn the baseDn to set |
| */ |
| public void setBaseDn( String baseDn ) |
| { |
| this.baseDn = baseDn; |
| } |
| |
| |
| /** |
| * @return the filter |
| */ |
| public String getFilter() |
| { |
| return filter; |
| } |
| |
| |
| /** |
| * @param filter the filter to set |
| */ |
| public void setFilter( String filter ) |
| { |
| this.filter = filter; |
| } |
| |
| |
| /** |
| * @return the attributes |
| */ |
| public String[] getAttributes() |
| { |
| return attributes.toArray( new String[] |
| {} ); |
| } |
| |
| |
| /** |
| * @param attrs the attributes to set |
| */ |
| public void setAttributes( String[] attrs ) |
| { |
| attributes.clear(); |
| |
| for ( String attr : attrs ) |
| { |
| attributes.add( attr ); |
| } |
| } |
| |
| |
| /** |
| * @return the searchSizeLimit |
| */ |
| public int getSearchSizeLimit() |
| { |
| return searchSizeLimit; |
| } |
| |
| |
| /** |
| * @param searchSizeLimit the searchSizeLimit to set |
| */ |
| public void setSearchSizeLimit( int searchSizeLimit ) |
| { |
| if ( searchSizeLimit < 0 ) |
| { |
| throw new IllegalArgumentException( "search size limit value cannot be negative " + searchSizeLimit ); |
| } |
| |
| this.searchSizeLimit = searchSizeLimit; |
| } |
| |
| |
| /** |
| * @return the searchTimeout |
| */ |
| public int getSearchTimeout() |
| { |
| return searchTimeout; |
| } |
| |
| |
| /** |
| * @param searchTimeout the searchTimeout to set |
| */ |
| public void setSearchTimeout( int searchTimeout ) |
| { |
| if ( searchTimeout < 0 ) |
| { |
| throw new IllegalArgumentException( "search timeout value cannot be negative " + searchTimeout ); |
| } |
| |
| this.searchTimeout = searchTimeout; |
| } |
| |
| |
| /** |
| * @return the searchScope |
| */ |
| public SearchScope getSearchScope() |
| { |
| return searchScope; |
| } |
| |
| |
| /** |
| * @param searchScope the searchScope to set |
| */ |
| public void setSearchScope( SearchScope searchScope ) |
| { |
| this.searchScope = searchScope; |
| } |
| |
| |
| /** |
| * @return the replicaId |
| */ |
| public int getReplicaId() |
| { |
| return replicaId; |
| } |
| |
| |
| /** |
| * @param replicaId the replicaId to set |
| */ |
| public void setReplicaId( int replicaId ) |
| { |
| this.replicaId = replicaId; |
| } |
| |
| |
| /** |
| * @return The ALiasDerefMode parameter |
| */ |
| public AliasDerefMode getAliasDerefMode() |
| { |
| return aliasDerefMode; |
| } |
| |
| |
| /** |
| * @param aliasDerefMode Should be either NEVER_DEREF_ALIASES or DEREF_FINDING_BASE_OBJ |
| */ |
| public void setAliasDerefMode( AliasDerefMode aliasDerefMode ) |
| { |
| if ( aliasDerefMode != AliasDerefMode.NEVER_DEREF_ALIASES |
| && aliasDerefMode != AliasDerefMode.DEREF_FINDING_BASE_OBJ ) |
| { |
| throw new IllegalArgumentException( |
| "alias deref mode should only be set to either 'NEVER_DEREF_ALIASES' or 'DEREF_FINDING_BASE_OBJ'" ); |
| } |
| |
| this.aliasDerefMode = aliasDerefMode; |
| } |
| |
| |
| /** |
| * @return The replication cookie |
| */ |
| public byte[] getCookie() |
| { |
| return cookie; |
| } |
| |
| |
| /** |
| * @param cookie The cookie to set |
| */ |
| public void setCookie( byte[] cookie ) |
| { |
| this.cookie = cookie; |
| } |
| |
| |
| /** |
| * Tells if we chase referrals |
| * @return true if we chase referals |
| */ |
| public boolean isChaseReferrals() |
| { |
| return chaseReferrals; |
| } |
| |
| |
| /** |
| * @param chaseReferrals Lust be false, always. |
| */ |
| public void setChaseReferrals( boolean chaseReferrals ) |
| { |
| if ( chaseReferrals ) |
| { |
| throw new UnsupportedOperationException( "client-api currently doesn't support chasing referrals" ); |
| } |
| |
| this.chaseReferrals = chaseReferrals; |
| } |
| |
| |
| /** |
| * @return The DN of the configuration entry |
| */ |
| public Dn getConfigEntryDn() |
| { |
| return configEntryDn; |
| } |
| |
| |
| /** |
| * @return true if we use TLS |
| */ |
| public boolean isUseTls() |
| { |
| return useTls; |
| } |
| |
| |
| /** |
| * set the option to turn on/off use of TLS |
| * |
| * @param useTls If we have to use TLS |
| */ |
| public void setUseTls( boolean useTls ) |
| { |
| this.useTls = useTls; |
| } |
| |
| |
| /** |
| * @return true if the certificate verification is enforced |
| */ |
| public boolean isStrictCertVerification() |
| { |
| return strictCertVerification; |
| } |
| |
| |
| /** |
| * set the strict certificate verification |
| * |
| * @param strictCertVerification If we require a certificate validation |
| */ |
| public void setStrictCertVerification( boolean strictCertVerification ) |
| { |
| if ( strictCertVerification ) |
| { |
| trustManager = ReplicationTrustManager.getInstance(); |
| } |
| else |
| { |
| trustManager = new NoVerificationTrustManager(); |
| } |
| |
| this.strictCertVerification = strictCertVerification; |
| } |
| |
| |
| /** |
| * @return The Trustmanager instance |
| */ |
| public X509TrustManager getTrustManager() |
| { |
| return trustManager; |
| } |
| |
| |
| /** |
| * @param configEntryDn the configEntryDn to set |
| */ |
| public void setConfigEntryDn( Dn configEntryDn ) |
| { |
| this.configEntryDn = configEntryDn; |
| } |
| |
| |
| /** |
| * @return true if this node is part of MMR setup |
| */ |
| public boolean isMmrMode() |
| { |
| return mmrMode; |
| } |
| |
| |
| /** |
| * enable/disable MMR option |
| * |
| * @param mmrMode The type of replication |
| */ |
| public void setMmrMode( boolean mmrMode ) |
| { |
| this.mmrMode = mmrMode; |
| } |
| |
| |
| public String toString() |
| { |
| StringBuilder sb = new StringBuilder(); |
| |
| sb.append( "[" ); |
| sb.append( "rid:" ).append( replicaId ).append( ", " ); |
| sb.append( "base:'" ).append( baseDn ).append( "', " ); |
| sb.append( "filter:" ).append( filter ).append( ", " ); |
| sb.append( "scope:" ).append( searchScope ).append( ", " ); |
| sb.append( "alias:" ).append( aliasDerefMode ).append( ", " ); |
| sb.append( "chase referrals:" ).append( chaseReferrals ).append( ", " ); |
| |
| boolean isFirst = true; |
| |
| if ( attributes != null ) |
| { |
| sb.append( "attributes:{" ); |
| |
| for ( String attribute : attributes ) |
| { |
| if ( isFirst ) |
| { |
| isFirst = false; |
| } |
| else |
| { |
| sb.append( "/" ); |
| } |
| |
| sb.append( attribute ); |
| } |
| |
| sb.append( "}, " ); |
| } |
| |
| if ( refreshNPersist ) |
| { |
| sb.append( "refresh:" ).append( refreshInterval ).append( ", " ); |
| } |
| else |
| { |
| sb.append( "refreshOnly, " ); |
| } |
| |
| if ( mmrMode ) |
| { |
| sb.append( "MMR, " ); |
| } |
| else |
| { |
| sb.append( "MS, " ); |
| } |
| |
| sb.append( "provider:" ).append( producer ).append( ", " ); |
| sb.append( "user:'" ).append( replUserDn ).append( "', " ); |
| |
| if ( strictCertVerification ) |
| { |
| sb.append( "strict" ).append( ", " ); |
| } |
| |
| sb.append( "TLS:" ).append( useTls ).append( "]" ); |
| |
| return sb.toString(); |
| } |
| } |