Source code

001/*
002 * Copyright 2023-2024 Ping Identity Corporation
003 * All Rights Reserved.
004 */
005/*
006 * Copyright 2023-2024 Ping Identity Corporation
007 *
008 * Licensed under the Apache License, Version 2.0 (the "License");
009 * you may not use this file except in compliance with the License.
010 * You may obtain a copy of the License at
011 *
012 *    http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing, software
015 * distributed under the License is distributed on an "AS IS" BASIS,
016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017 * See the License for the specific language governing permissions and
018 * limitations under the License.
019 */
020/*
021 * Copyright (C) 2023-2024 Ping Identity Corporation
022 *
023 * This program is free software; you can redistribute it and/or modify
024 * it under the terms of the GNU General Public License (GPLv2 only)
025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only)
026 * as published by the Free Software Foundation.
027 *
028 * This program is distributed in the hope that it will be useful,
029 * but WITHOUT ANY WARRANTY; without even the implied warranty of
030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
031 * GNU General Public License for more details.
032 *
033 * You should have received a copy of the GNU General Public License
034 * along with this program; if not, see <http://www.gnu.org/licenses>.
035 */
036package com.unboundid.ldap.sdk;
037
038
039
040import com.unboundid.util.ThreadSafety;
041import com.unboundid.util.ThreadSafetyLevel;
042
043
044
045/**
046 * This enum defines the type of communication security that the
047 * {@link PooledReferralConnector} will use when following LDAP URLs that have
048 * a scheme of "ldap" rather than "ldaps".  The referral connector will always
049 * use LDAPS for LDAP referrals that have a scheme of "ldaps", but it is more
050 * ambiguous for referrals that have a scheme of "ldap".
051 * <BR><BR>
052 * Although some LDAP URL implementations (including the LDAP SDK) support using
053 * a scheme of "ldaps" to indicate that connections should be created as secure,
054 * the official LDAP URL specification in
055 * <A HREF="http://www.ietf.org/rfc/rfc4516.txt">RFC 4516</A> lists "ldap" as
056 * the only allowed scheme.  As such, if a client receives a referral URL with
057 * a scheme of "ldap", it isn't necessarily clear whether it should establish an
058 * insecure LDAP connection or a secure LDAPS connection.  Further, for the case
059 * in which it establishes an insecure LDAP connection, it isn't clear if that
060 * connection should be subsequently secured with the StartTLS extended
061 * operation.  This enum will be used to address that ambiguity.
062 */
063@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE)
064public enum PooledReferralConnectorLDAPURLSecurityType
065{
066  /**
067   * Indicates that the referral connector should always create unencrypted LDAP
068   * connections for referral URLs with a scheme of "ldap", and that it should
069   * never attempt to secure them with the StartTLS extended operation.
070   */
071  ALWAYS_USE_LDAP_AND_NEVER_USE_START_TLS,
072
073
074
075  /**
076   * Indicates that the referral connector should always create unencrypted LDAP
077   * connections for referral URLs with a scheme of "ldap", and that it should
078   * always attempt to secure them with the StartTLS extended operation.
079   */
080  ALWAYS_USE_LDAP_AND_ALWAYS_USE_START_TLS,
081
082
083
084  /**
085   * Indicates that the referral connector should always create unencrypted LDAP
086   * connections for referral URLs with a scheme of "ldap".  If the connection
087   * on which the referral was received was secured by either LDAPS or StartTLS,
088   * then the referral connector will subsequently attempt to secure those
089   * connections with StartTLS.  On the other hand, if the connection on which
090   * the referral was received was an unencrypted LDAP connection, then the
091   * referral connection will also use unencrypted LDAP and will not be secured
092   * with StartTLS.
093   */
094  ALWAYS_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS,
095
096
097
098  /**
099   * Indicates that the referral connector should determine whether to create
100   * unencrypted LDAP or encrypted LDAPS connections based on whether the
101   * connection on which the referral was received was using LDAP or LDAPS.  If
102   * the connection on which the referral was received was using unencrypted
103   * LDAP (regardless of whether it was secured with StartTLS), then the
104   * referral connector will create unencrypted LDAP connections, and it will
105   * never attempt to secure them with StartTLS.  If the connection on which the
106   * referral was received was secured by LDAPS, then the referral connector
107   * will create secure LDAPS connections.
108   */
109  CONDITIONALLY_USE_LDAP_AND_NEVER_USE_START_TLS,
110
111
112
113  /**
114   * Indicates that the referral connector should determine whether to create
115   * unencrypted LDAP or encrypted LDAPS connections based on whether the
116   * connection on which the referral was received was using LDAP or LDAPS.  If
117   * the connection on which the referral was received was using unencrypted
118   * LDAP (regardless of whether it was secured with StartTLS), then the
119   * referral connector will create unencrypted LDAP connections, and it will
120   * always attempt to secure them with StartTLS.  If the connection on which
121   * the referral was received was secured by LDAPS, then the referral connector
122   * will create secure LDAPS connections.
123   */
124  CONDITIONALLY_USE_LDAP_AND_ALWAYS_USE_START_TLS,
125
126
127
128  /**
129   * Indicates that the referral connector should determine whether to create
130   * unencrypted LDAP or encrypted LDAPS connections based on whether the
131   * connection on which the referral was received was using LDAP or LDAPS.  If
132   * the connection on which the referral was received was using unencrypted
133   * LDAP that was not secured by StartTLS, then the referral connector will
134   * create unencrypted LDAP connections, and it will not attempt to secure them
135   * with StartTLS.  If the connection on which the referral was received was
136   * using unencrypted LDAP that was subsequently secured with StartTLS, then
137   * the referral connector will create unencrypted LDAP connections, and it
138   * will attempt to secure them with StartTLS.  If the connection on which the
139   * referral was received was secured by LDAPS, then the referral connector
140   * will create secure LDAPS connections.
141   */
142  CONDITIONALLY_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS,
143
144
145
146  /**
147   * Indicates that the referral connector should always create encrypted LDAPS
148   * connections for referral URLs with a scheme of "ldap".
149   */
150  ALWAYS_USE_LDAPS;
151}