001/* 002 * Copyright 2023-2024 Ping Identity Corporation 003 * All Rights Reserved. 004 */ 005/* 006 * Copyright 2023-2024 Ping Identity Corporation 007 * 008 * Licensed under the Apache License, Version 2.0 (the "License"); 009 * you may not use this file except in compliance with the License. 010 * You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, software 015 * distributed under the License is distributed on an "AS IS" BASIS, 016 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 017 * See the License for the specific language governing permissions and 018 * limitations under the License. 019 */ 020/* 021 * Copyright (C) 2023-2024 Ping Identity Corporation 022 * 023 * This program is free software; you can redistribute it and/or modify 024 * it under the terms of the GNU General Public License (GPLv2 only) 025 * or the terms of the GNU Lesser General Public License (LGPLv2.1 only) 026 * as published by the Free Software Foundation. 027 * 028 * This program is distributed in the hope that it will be useful, 029 * but WITHOUT ANY WARRANTY; without even the implied warranty of 030 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 031 * GNU General Public License for more details. 032 * 033 * You should have received a copy of the GNU General Public License 034 * along with this program; if not, see <http://www.gnu.org/licenses>. 035 */ 036package com.unboundid.ldap.sdk; 037 038 039 040import com.unboundid.util.ThreadSafety; 041import com.unboundid.util.ThreadSafetyLevel; 042 043 044 045/** 046 * This enum defines the type of communication security that the 047 * {@link PooledReferralConnector} will use when following LDAP URLs that have 048 * a scheme of "ldap" rather than "ldaps". The referral connector will always 049 * use LDAPS for LDAP referrals that have a scheme of "ldaps", but it is more 050 * ambiguous for referrals that have a scheme of "ldap". 051 * <BR><BR> 052 * Although some LDAP URL implementations (including the LDAP SDK) support using 053 * a scheme of "ldaps" to indicate that connections should be created as secure, 054 * the official LDAP URL specification in 055 * <A HREF="http://www.ietf.org/rfc/rfc4516.txt">RFC 4516</A> lists "ldap" as 056 * the only allowed scheme. As such, if a client receives a referral URL with 057 * a scheme of "ldap", it isn't necessarily clear whether it should establish an 058 * insecure LDAP connection or a secure LDAPS connection. Further, for the case 059 * in which it establishes an insecure LDAP connection, it isn't clear if that 060 * connection should be subsequently secured with the StartTLS extended 061 * operation. This enum will be used to address that ambiguity. 062 */ 063@ThreadSafety(level=ThreadSafetyLevel.COMPLETELY_THREADSAFE) 064public enum PooledReferralConnectorLDAPURLSecurityType 065{ 066 /** 067 * Indicates that the referral connector should always create unencrypted LDAP 068 * connections for referral URLs with a scheme of "ldap", and that it should 069 * never attempt to secure them with the StartTLS extended operation. 070 */ 071 ALWAYS_USE_LDAP_AND_NEVER_USE_START_TLS, 072 073 074 075 /** 076 * Indicates that the referral connector should always create unencrypted LDAP 077 * connections for referral URLs with a scheme of "ldap", and that it should 078 * always attempt to secure them with the StartTLS extended operation. 079 */ 080 ALWAYS_USE_LDAP_AND_ALWAYS_USE_START_TLS, 081 082 083 084 /** 085 * Indicates that the referral connector should always create unencrypted LDAP 086 * connections for referral URLs with a scheme of "ldap". If the connection 087 * on which the referral was received was secured by either LDAPS or StartTLS, 088 * then the referral connector will subsequently attempt to secure those 089 * connections with StartTLS. On the other hand, if the connection on which 090 * the referral was received was an unencrypted LDAP connection, then the 091 * referral connection will also use unencrypted LDAP and will not be secured 092 * with StartTLS. 093 */ 094 ALWAYS_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS, 095 096 097 098 /** 099 * Indicates that the referral connector should determine whether to create 100 * unencrypted LDAP or encrypted LDAPS connections based on whether the 101 * connection on which the referral was received was using LDAP or LDAPS. If 102 * the connection on which the referral was received was using unencrypted 103 * LDAP (regardless of whether it was secured with StartTLS), then the 104 * referral connector will create unencrypted LDAP connections, and it will 105 * never attempt to secure them with StartTLS. If the connection on which the 106 * referral was received was secured by LDAPS, then the referral connector 107 * will create secure LDAPS connections. 108 */ 109 CONDITIONALLY_USE_LDAP_AND_NEVER_USE_START_TLS, 110 111 112 113 /** 114 * Indicates that the referral connector should determine whether to create 115 * unencrypted LDAP or encrypted LDAPS connections based on whether the 116 * connection on which the referral was received was using LDAP or LDAPS. If 117 * the connection on which the referral was received was using unencrypted 118 * LDAP (regardless of whether it was secured with StartTLS), then the 119 * referral connector will create unencrypted LDAP connections, and it will 120 * always attempt to secure them with StartTLS. If the connection on which 121 * the referral was received was secured by LDAPS, then the referral connector 122 * will create secure LDAPS connections. 123 */ 124 CONDITIONALLY_USE_LDAP_AND_ALWAYS_USE_START_TLS, 125 126 127 128 /** 129 * Indicates that the referral connector should determine whether to create 130 * unencrypted LDAP or encrypted LDAPS connections based on whether the 131 * connection on which the referral was received was using LDAP or LDAPS. If 132 * the connection on which the referral was received was using unencrypted 133 * LDAP that was not secured by StartTLS, then the referral connector will 134 * create unencrypted LDAP connections, and it will not attempt to secure them 135 * with StartTLS. If the connection on which the referral was received was 136 * using unencrypted LDAP that was subsequently secured with StartTLS, then 137 * the referral connector will create unencrypted LDAP connections, and it 138 * will attempt to secure them with StartTLS. If the connection on which the 139 * referral was received was secured by LDAPS, then the referral connector 140 * will create secure LDAPS connections. 141 */ 142 CONDITIONALLY_USE_LDAP_AND_CONDITIONALLY_USE_START_TLS, 143 144 145 146 /** 147 * Indicates that the referral connector should always create encrypted LDAPS 148 * connections for referral URLs with a scheme of "ldap". 149 */ 150 ALWAYS_USE_LDAPS; 151}