Element Summary

ElementDescriptionClass
aciAuthorizationInterceptorAn ACI based authorization service.org.apache.directory.server.core.authz.AciAuthorizationInterceptor
apacheDSApache Directory Server top level.org.apache.directory.server.configuration.ApacheDS
authenticationInterceptorAn {@link Interceptor} that authenticates users.org.apache.directory.server.core.authn.AuthenticationInterceptor
changePasswordServerContains the configuration parameters for the Change Password protocol provider.org.apache.directory.server.changepw.ChangePasswordServer
collectiveAttributeInterceptorAn interceptor based service dealing with collective attribute management. This service intercepts read operations on entries to inject collective attribute value pairs into the response based on the entires inclusion within collectiveAttributeSpecificAreas and collectiveAttributeInnerAreas.org.apache.directory.server.core.collective.CollectiveAttributeInterceptor
cramMd5MechanismHandlerThe CRAM-MD Sasl mechanism handler.org.apache.directory.server.ldap.handlers.bind.cramMD5.CramMd5MechanismHandler
datagramAcceptorExtension around a MINA DatagramAcceptor to facilitate better usage with Spring.org.apache.directory.server.protocol.shared.DatagramAcceptor
defaultAuthorizationInterceptorAn {@link Interceptor} that controls access to {@link PartitionNexus}. If a user tries to perform any operations that requires permission he or she doesn't have, {@link NoPermissionException} will be thrown and therefore the current invocation chain will terminate.org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor
defaultChangeLogThe default ChangeLog service implementation.org.apache.directory.server.core.changelog.DefaultChangeLog
defaultDirectoryServiceDefault implementation of {@link DirectoryService}.org.apache.directory.server.core.DefaultDirectoryService
digestMd5MechanismHandlerThe DIGEST-MD5 mechanism handler.org.apache.directory.server.ldap.handlers.bind.digestMD5.DigestMd5MechanismHandler
dnsServerContains the configuration parameters for the DNS protocol provider.org.apache.directory.server.dns.DnsServer
eventInterceptorAn {@link Interceptor} based service for notifying {@link DirectoryListener}s of changes to the DIT.org.apache.directory.server.core.event.EventInterceptor
exceptionInterceptorAn {@link org.apache.directory.server.core.interceptor.Interceptor} that detects any operations that breaks integrity of {@link Partition} and terminates the current invocation chain by throwing a {@link Exception}. Those operations include when an entry already exists at a DN and is added once again to the same DN.org.apache.directory.server.core.exception.ExceptionInterceptor
extendedOperationHandlerAn extension (hook) point that enables an implementor to provide his or her own LDAP 'Extended' operation.org.apache.directory.server.ldap.ExtendedOperationHandler
gracefulShutdownHandlerorg.apache.directory.server.ldap.handlers.extended.GracefulShutdownHandler
gssapiMechanismHandlerThe GSSAPI Sasl mechanism handler.org.apache.directory.server.ldap.handlers.bind.gssapi.GssapiMechanismHandler
jdbmIndexA Jdbm based index implementation.org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex
jdbmPartitionA {@link Partition} that stores entries in JDBM database.org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmPartition
kdcServerContains the configuration parameters for the Kerberos protocol provider.org.apache.directory.server.kerberos.kdc.KdcServer
keyDerivationInterceptorAn {@link Interceptor} that creates symmetric Kerberos keys for users. When a 'userPassword' is added or modified, the 'userPassword' and 'krb5PrincipalName' are used to derive Kerberos keys. If the 'userPassword' is the special keyword 'randomKey', a random key is generated and used as the Kerberos key.org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
launchDiagnosticUiHandlerorg.apache.directory.server.ldap.handlers.extended.LaunchDiagnosticUiHandler
ldapServiceAn LDAP protocol provider implementation which dynamically associates handlers.org.apache.directory.server.ldap.LdapService
memoryChangeLogStoreA change log store that keeps it's information in memory.org.apache.directory.server.core.changelog.MemoryChangeLogStore
normalizationInterceptorA name normalization service. This service makes sure all relative and distinuished names are normalized before calls are made against the respective interface methods on {@link PartitionNexus}.org.apache.directory.server.core.normalization.NormalizationInterceptor
ntlmMechanismHandlerA handler for the NTLM Sasl and GSS-SPNEGO mechanism. Note that both mechanisms require an NTLM mechanism provider which could be implemented using jCIFS or native Win32 system calls via a JNI wrapper.org.apache.directory.server.ldap.handlers.bind.ntlm.NtlmMechanismHandler
ntpServerContains the configuration parameters for the NTP protocol provider.org.apache.directory.server.ntp.NtpServer
operationalAttributeInterceptorAn {@link Interceptor} that adds or modifies the default attributes of entries. There are four default attributes for now; 'creatorsName', 'createTimestamp', 'modifiersName', and 'modifyTimestamp'.org.apache.directory.server.core.operational.OperationalAttributeInterceptor
partitionAn interfaces that bridges between underlying JNDI entries and JNDI {@link Context} API. DIT (Directory Information Tree) consists one or above {@link Partition}s whose parent is {@link PartitionNexus}, and all of them are mapped to different base suffix. Each partition contains entries whose name ends with that base suffix.org.apache.directory.server.core.partition.Partition
passwordPolicyInterceptorAn {@link Interceptor} that enforces password policy for users. Add or modify operations on the 'userPassword' attribute are checked against a password policy. The password is rejected if it does not pass the password policy checks. The password MUST be passed to the core as plaintext.org.apache.directory.server.core.kerberos.PasswordPolicyInterceptor
plainMechanismHandlerA handler for the PLAIN Sasl mechanism.org.apache.directory.server.ldap.handlers.bind.plain.PlainMechanismHandler
replicationConfigurationA configuration for {@link ReplicationInterceptor}. This configuration can be used by calling {@link ReplicationInterceptor#setConfiguration(ReplicationConfiguration)}.org.apache.directory.mitosis.configuration.ReplicationConfiguration
replicationInterceptorAn {@link Interceptor} that intercepts LDAP operations and propagates the changes occurred by the operations into other {@link ReplicaId}s so the DIT of each {@link ReplicaId} in the cluster has the same content without any conflict.

Once an operation is invoked, this interceptor transforms it into one or more operations that makes the requested operation more proper and robust for replication. The transformation process is actually just calling a respective factory method in {@link OperationFactory}. The methods in {@link OperationFactory} returns a new {@link Operation} instance.

The newly created {@link Operation} is used for three purposes.

  • To perform the requested operation to the local {@link PartitionNexus}
  • To store the created {@link Operation} itself to {@link ReplicationStore} so that it can be retrieved later by {@link ReplicationLogCleanJob} and {@link ReplicationClientContextHandler}
  • To transfer itself to other {@link ReplicaId}s via TCP/IP communication between {@link ReplicationClientContextHandler} and {@link ReplicationServerContextHandler}
The first two actions (modifying the local DIT and storing the {@link Operation} to {@link ReplicationStore}) are performed automatically when {@link Operation#execute(PartitionNexus, ReplicationStore, Registries)} method is invoked. {@link ReplicationInterceptor} always call it instead of forwarding the requested operation to the next {@link Interceptor}.

The last action takes place by {@link ReplicationClientContextHandler}, which handles TCP/IP connection managed by {@link ClientConnectionManager}.

There are two special attributes in the entries to be replicated:

  • entryCSN - stores {@link CSN} of the entry. This attribute is used to compare the incoming operation from other replica is still valid. If the local entryCSN value is bigger then that of the incoming operation, it means conflict, and therefore an appropriate conflict resolution mechanism should get engaged.
  • entryDeleted - is TRUE if and only if the entry is deleted. The entry is not deleted immediately by a delete operation because entryCSN attribute should be retained for certain amount of time to determine whether the incoming change LOG, which affects an entry with the same DN, is a conflict (modification on a deleted entry) or not (creation of a new entry). You can purge old deleted entries and related change logs in {@link ReplicationStore} by calling {@link #purgeAgedData()}, or they will be purged automatically by periodic manner as you configured with {@link ReplicationConfiguration}. by calling {@link ReplicationConfiguration#setLogMaxAge(int)}. Because of this attribute, lookup and search operations are overrided to ignore entries with entryDeleted set to TRUE.
org.apache.directory.mitosis.service.ReplicationInterceptor
schemaInterceptorAn {@link org.apache.directory.server.core.interceptor.Interceptor} that manages and enforces schemas.org.apache.directory.server.core.schema.SchemaInterceptor
simpleMechanismHandlerA Dummy mechanism handler for Simple mechanism: not really used but needed for the mechanism map.org.apache.directory.server.ldap.handlers.bind.SimpleMechanismHandler
socketAcceptororg.apache.directory.server.protocol.shared.SocketAcceptor
standardThreadPoolorg.apache.directory.server.protocol.shared.StandardThreadPool
startTlsHandlerHandler for the StartTLS extended operation.org.apache.directory.server.ldap.handlers.extended.StartTlsHandler
storedProcedureExtendedOperationHandlerorg.apache.directory.server.ldap.handlers.extended.StoredProcedureExtendedOperationHandler
subentryInterceptorThe Subentry interceptor service which is responsible for filtering out subentries on search operations and injecting operational attributesorg.apache.directory.server.core.subtree.SubentryInterceptor
triggerInterceptorThe Trigger Service based on the Trigger Specification.org.apache.directory.server.core.trigger.TriggerInterceptor

Element Detail

Element: aciAuthorizationInterceptor

Element: apacheDS

AttributeTypeDescription
allowAnonymousAccessxs:boolean
ldifDirectoryxs:stringGet the directory where
synchPeriodMillisxs:long
ElementTypeDescription
directoryServicedefaultDirectoryService
ldapServiceldapService
ldapsServiceldapService

Element: authenticationInterceptor

ElementTypeDescription
authenticators(<spring:bean/>)*

Element: changePasswordServer

AttributeTypeDescription
allowableClockSkewxs:longReturns the allowable clock skew.
catelogBasedxs:booleanGets true if this service uses a catelog for searching different regions of the DIT for its data.
emptyAddressesAllowedxs:booleanReturns whether empty addresses are allowed.
enabledxs:boolean
ipAddressxs:string
ipPortxs:integer
policyCategoryCountxs:integerSets the policy category count - what's this?
policyPasswordLengthxs:integerSets the policy's minimum?? password length.
policyTokenSizexs:integerSets the policy token size - what's this?
primaryRealmxs:stringReturns the primary realm.
searchBaseDnxs:stringReturns the search base DN.
serviceIdxs:string
serviceNamexs:string
servicePrincipalxs:stringReturns the Change Password service principal.
startedxs:boolean
ElementTypeDescription
datagramAcceptordatagramAcceptor
directoryServicedefaultDirectoryService
encryptionTypes(<spring:bean/>)*Returns the encryption types.
socketAcceptorsocketAcceptor
transportProtocols(<spring:bean/>)*

Element: collectiveAttributeInterceptor

Element: cramMd5MechanismHandler

Element: datagramAcceptor

ElementTypeDescription
defaultConfig<spring:bean/>
filterChainBuilder<spring:bean/>
logicExecutorstandardThreadPool

Element: defaultAuthorizationInterceptor

Element: defaultChangeLog

AttributeTypeDescription
enabledxs:boolean
exposeChangeLogxs:boolean
partitionSuffixxs:string
revisionsContainerNamexs:string
tagsContainerNamexs:string
ElementTypeDescription
changeLogStore<spring:bean/>

Element: defaultDirectoryService

AttributeTypeDescription
accessControlEnabledxs:booleanReturns true if access control checks are enabled.
allowAnonymousAccessxs:booleanReturns true if anonymous access is allowed on entries besides the RootDSE. If the access control subsystem is enabled then access to some entries may not be allowed even when full anonymous access is enabled.
denormalizeOpAttrsEnabledxs:boolean
exitVmOnShutdownxs:boolean
instanceIdxs:string
maxSizeLimitxs:integer
maxTimeLimitxs:integer
shutdownHookEnabledxs:boolean
workingDirectoryxs:stringReturns working directory (counterpart of var/lib) where partitions are stored by default.
ElementTypeDescription
changeLogdefaultChangeLog
eventService<spring:bean/>
interceptors(aciAuthorizationInterceptor | authenticationInterceptor | collectiveAttributeInterceptor | defaultAuthorizationInterceptor | eventInterceptor | exceptionInterceptor | keyDerivationInterceptor | normalizationInterceptor | operationalAttributeInterceptor | passwordPolicyInterceptor | replicationInterceptor | schemaInterceptor | subentryInterceptor | triggerInterceptor)*Returns interceptors in the server.
partitions(jdbmPartition | partition)*Gets the {@link Partition}s used by this DirectoryService.
registries<spring:bean/>
schemaService<spring:bean/>
systemPartitionjdbmPartition | partition
testEntries(<spring:bean/>)*Returns test directory entries({@link LdifEntry}) to be loaded while bootstrapping.

Element: digestMd5MechanismHandler

Element: dnsServer

AttributeTypeDescription
catelogBasedxs:booleanGets true if this service uses a catelog for searching different regions of the DIT for its data.
enabledxs:boolean
ipAddressxs:string
ipPortxs:integer
searchBaseDnxs:stringReturns the search base DN.
serviceIdxs:string
serviceNamexs:string
startedxs:boolean
ElementTypeDescription
datagramAcceptordatagramAcceptor
directoryServicedefaultDirectoryService
socketAcceptorsocketAcceptor
transportProtocols(<spring:bean/>)*

Element: eventInterceptor

Element: exceptionInterceptor

Element: extendedOperationHandler

ElementTypeDescription
ldapServerldapServiceSets the LDAP server for this extendedOperation handler.

Element: gracefulShutdownHandler

ElementTypeDescription
ldapServerldapService

Element: gssapiMechanismHandler

Element: jdbmIndex

AttributeTypeDescription
attributeIdxs:stringGets the attribute identifier set at configuration time for this index which may not be the OID but an alias name for the attributeType associated with this Index
cacheSizexs:integerGets the size of the index cache in terms of the number of index entries to be cached.
numDupLimitxs:integerGets the threshold at which point duplicate keys use btree indirection to store their values.
wkDirPathxs:stringGets the working directory path to something other than the default. Sometimes more performance is gained by locating indices on separate disk spindles.

Element: jdbmPartition

AttributeTypeDescription
cacheSizexs:integerGets the entry cache size for this BTreePartition.
idxs:stringGets the unique identifier for this partition.
optimizerEnabledxs:boolean
suffixxs:string
syncOnWritexs:boolean
ElementTypeDescription
aliasIndexOnjdbmIndex
indexedAttributes(<spring:bean/>)*
ndnIndexOnjdbmIndex
oneAliasIndexOnjdbmIndex
oneLevelIndexOnjdbmIndex
presenceIndexOnjdbmIndex
registries<spring:bean/>
subAliasIndexOnjdbmIndex
updnIndexOnjdbmIndex

Element: kdcServer

AttributeTypeDescription
allowableClockSkewxs:longReturns the allowable clock skew.
bodyChecksumVerifiedxs:boolean
catelogBasedxs:booleanGets true if this service uses a catelog for searching different regions of the DIT for its data.
emptyAddressesAllowedxs:boolean
enabledxs:boolean
forwardableAllowedxs:boolean
ipAddressxs:string
ipPortxs:integer
kdcPrincipalxs:string
maximumRenewableLifetimexs:long
maximumTicketLifetimexs:long
paEncTimestampRequiredxs:booleanReturns whether pre-authentication by encrypted timestamp is required.
postdatedAllowedxs:boolean
primaryRealmxs:stringReturns the primary realm.
proxiableAllowedxs:boolean
renewableAllowedxs:boolean
searchBaseDnxs:stringReturns the search base DN.
serviceIdxs:string
serviceNamexs:string
startedxs:boolean
ElementTypeDescription
datagramAcceptordatagramAcceptor
directoryServicedefaultDirectoryService
encryptionTypes(<spring:bean/>)*Returns the encryption types.
socketAcceptorsocketAcceptor
transportProtocols(<spring:bean/>)*

Element: keyDerivationInterceptor

Element: launchDiagnosticUiHandler

ElementTypeDescription
ldapServerldapService

Element: ldapService

AttributeTypeDescription
allowAnonymousAccessxs:booleanReturns true if anonymous access is allowed.
catelogBasedxs:booleanGets true if this service uses a catelog for searching different regions of the DIT for its data.
confidentialityRequiredxs:booleanGets whether or not TLS secured connections are required to perform operations on this LdapService.
enableLdapsxs:booleanReturns true if LDAPS is enabled.
enabledxs:boolean
ipAddressxs:string
ipPortxs:integer
maxSizeLimitxs:integerReturns the maximum size limit in number of entries to return for search.
maxTimeLimitxs:integerReturns the maximum time limit in milliseonds to conduct a search.
saslHostxs:stringReturns the FQDN of this SASL host, validated during SASL negotiation.
saslPrincipalxs:stringReturns the Kerberos principal name for this LDAP service, used by GSSAPI.
searchBaseDnxs:stringReturns the search base DN.
serviceIdxs:string
serviceNamexs:string
startedxs:boolean
ElementTypeDescription
abandonHandler<spring:bean/>
addHandler<spring:bean/>
bindHandler<spring:bean/>
compareHandler<spring:bean/>
datagramAcceptordatagramAcceptor
deleteHandler<spring:bean/>
directoryServicedefaultDirectoryService
extendedHandler<spring:bean/>
extendedOperationHandlers(extendedOperationHandler | gracefulShutdownHandler | launchDiagnosticUiHandler | startTlsHandler | storedProcedureExtendedOperationHandler)*Gets the {@link ExtendedOperationHandler}s.
modifyDnHandler<spring:bean/>
modifyHandler<spring:bean/>
saslMechanismHandlers<spring:bean/>
saslQop(<spring:bean/>)*Returns the Set of quality-of-protection, used by DIGEST-MD5 and GSSAPI.
saslRealms(<spring:bean/>)*Returns the realms serviced by this SASL host, used by DIGEST-MD5 and GSSAPI.
searchHandler<spring:bean/>
socketAcceptorsocketAcceptor
supportedControls(<spring:bean/>)*
transportProtocols(<spring:bean/>)*
unbindHandler<spring:bean/>

Element: memoryChangeLogStore

Element: normalizationInterceptor

Element: ntlmMechanismHandler

AttributeTypeDescription
ntlmProviderFqcnxs:string
ElementTypeDescription
ntlmProvider<spring:bean/>

Element: ntpServer

AttributeTypeDescription
enabledxs:boolean
ipAddressxs:string
ipPortxs:integer
serviceIdxs:string
serviceNamexs:string
startedxs:boolean
ElementTypeDescription
datagramAcceptordatagramAcceptor
directoryServicedefaultDirectoryService
socketAcceptorsocketAcceptor
transportProtocols(<spring:bean/>)*

Element: operationalAttributeInterceptor

Element: partition

AttributeTypeDescription
cacheSizexs:integerGets the entry cache size for this partition.
idxs:stringGets the unique identifier for this partition.
suffixxs:stringGets the non-normalized suffix for this Partition as a string.

Element: passwordPolicyInterceptor

Element: plainMechanismHandler

Element: replicationConfiguration

AttributeTypeDescription
logMaxAgexs:integerReturns the maximum age (days) of change logs stored in {@link ReplicationStore}. Any change logs and deleted entries older than this value will be purged periodically. The default value is {@link #DEFAULT_LOG_MAX_AGE}.
replicaIdxs:stringReturns the ID of the replica this configuration is configuring.
replicationIntervalxs:integerReturns the replication data exchange interval (seconds) between two replicas. The default value is {@link #DEFAULT_REPLICATION_INTERVAL}.
responseTimeoutxs:integerReturns the response timeout value (seconds) for each sent message during the communication between replicas. If any response message is not received within this timeout, the connection is closed and reestablished. The default value is {@link #DEFAULT_RESPONSE_TIMEOUT}.
serverPortxs:integerReturns the TCP/IP port number that a {@link ReplicationInterceptor} listens to. The default value is {@link #DEFAULT_SERVER_PORT}.
ElementTypeDescription
csnFactory<spring:bean/>Returns the {@link CSNFactory} for generating {@link CSN}s. The default factory is {@link DefaultCSNFactory}.
peerReplicas(<spring:bean/>)*Returns the remote peer replica list.
store<spring:bean/>Returns the {@link ReplicationStore} which stores the change log of the replica this configuration is configuring. The default implementation is {@link DerbyReplicationStore}.

Element: replicationInterceptor

AttributeTypeDescription
namexs:stringThis interceptor has configuration so it might be useful to allow several instances in a chain.
ElementTypeDescription
configurationreplicationConfiguration

Element: schemaInterceptor

Element: simpleMechanismHandler

Element: socketAcceptor

ElementTypeDescription
defaultConfig<spring:bean/>
filterChainBuilder<spring:bean/>
logicExecutorstandardThreadPool

Element: standardThreadPool

AttributeTypeDescription
maxThreadsxs:integer

Element: startTlsHandler

ElementTypeDescription
ldapServerldapService

Element: storedProcedureExtendedOperationHandler

ElementTypeDescription
ldapServerldapService

Element: subentryInterceptor

Element: triggerInterceptor