Example #1
0
  /**
   * Process all ACIs under the "cn=config" naming context and adds them to the ACI list cache. It
   * also logs messages about the number of ACIs added to the cache. This method is called once at
   * startup. It will put the server in lockdown mode if needed.
   *
   * @throws InitializationException If there is an error searching for the ACIs in the naming
   *     context.
   */
  private void processConfigAcis() throws InitializationException {
    LinkedHashSet<String> requestAttrs = new LinkedHashSet<String>(1);
    requestAttrs.add("aci");
    LinkedList<Message> failedACIMsgs = new LinkedList<Message>();
    InternalClientConnection conn = InternalClientConnection.getRootConnection();

    ConfigHandler configBackend = DirectoryServer.getConfigHandler();
    for (DN baseDN : configBackend.getBaseDNs()) {
      try {
        if (!configBackend.entryExists(baseDN)) {
          continue;
        }
      } catch (Exception e) {
        if (debugEnabled()) {
          TRACER.debugCaught(DebugLogLevel.ERROR, e);
        }

        // FIXME -- Is there anything that we need to do here?
        continue;
      }

      try {
        InternalSearchOperation internalSearch =
            new InternalSearchOperation(
                conn,
                InternalClientConnection.nextOperationID(),
                InternalClientConnection.nextMessageID(),
                null,
                baseDN,
                SearchScope.WHOLE_SUBTREE,
                DereferencePolicy.NEVER_DEREF_ALIASES,
                0,
                0,
                false,
                SearchFilter.createFilterFromString("aci=*"),
                requestAttrs,
                null);
        LocalBackendSearchOperation localSearch = new LocalBackendSearchOperation(internalSearch);

        configBackend.search(localSearch);

        if (!internalSearch.getSearchEntries().isEmpty()) {
          int validAcis = aciList.addAci(internalSearch.getSearchEntries(), failedACIMsgs);
          if (!failedACIMsgs.isEmpty()) {
            aciListenerMgr.logMsgsSetLockDownMode(failedACIMsgs);
          }
          Message message =
              INFO_ACI_ADD_LIST_ACIS.get(Integer.toString(validAcis), String.valueOf(baseDN));
          logError(message);
        }
      } catch (Exception e) {
        Message message = INFO_ACI_HANDLER_FAIL_PROCESS_ACI.get();
        throw new InitializationException(message, e);
      }
    }
  }
  /**
   * Parses the provided command-line arguments and makes the appropriate changes to the Directory
   * Server configuration.
   *
   * @param args The command-line arguments provided to this program.
   * @param outStream Output stream.
   * @param errStream Error stream.
   * @return The exit code from the configuration processing. A nonzero value indicates that there
   *     was some kind of problem during the configuration processing.
   */
  public static int configMain(String[] args, OutputStream outStream, OutputStream errStream) {
    BooleanArgument showUsage;
    BooleanArgument enableStartTLS;
    FileBasedArgument rootPasswordFile;
    StringArgument hostName;
    IntegerArgument ldapPort;
    IntegerArgument adminConnectorPort;
    IntegerArgument ldapsPort;
    IntegerArgument jmxPort;
    StringArgument baseDNString;
    StringArgument configClass;
    StringArgument configFile;
    StringArgument rootDNString;
    StringArgument rootPassword;
    StringArgument keyManagerProviderDN;
    StringArgument trustManagerProviderDN;
    StringArgument certNickName;
    StringArgument keyManagerPath;
    StringArgument serverRoot;
    PrintStream out, err;

    if (outStream != null) {
      out = new PrintStream(outStream);
    } else {
      out = NullOutputStream.printStream();
    }

    if (errStream != null) {
      err = new PrintStream(errStream);
    } else {
      err = NullOutputStream.printStream();
    }
    Message toolDescription = INFO_CONFIGDS_TOOL_DESCRIPTION.get();
    ArgumentParser argParser = new ArgumentParser(CLASS_NAME, toolDescription, false);
    try {
      configFile =
          new StringArgument(
              "configfile",
              'c',
              "configFile",
              true,
              false,
              true,
              INFO_CONFIGFILE_PLACEHOLDER.get(),
              null,
              null,
              INFO_DESCRIPTION_CONFIG_FILE.get());
      configFile.setHidden(true);
      argParser.addArgument(configFile);

      configClass =
          new StringArgument(
              "configclass",
              OPTION_SHORT_CONFIG_CLASS,
              OPTION_LONG_CONFIG_CLASS,
              false,
              false,
              true,
              INFO_CONFIGCLASS_PLACEHOLDER.get(),
              ConfigFileHandler.class.getName(),
              null,
              INFO_DESCRIPTION_CONFIG_CLASS.get());
      configClass.setHidden(true);
      argParser.addArgument(configClass);

      String defaultHostName;
      try {
        defaultHostName = InetAddress.getLocalHost().getHostName();
      } catch (Exception e) {
        // Not much we can do here.
        defaultHostName = "localhost";
      }
      hostName =
          new StringArgument(
              OPTION_LONG_HOST.toLowerCase(),
              OPTION_SHORT_HOST,
              OPTION_LONG_HOST,
              false,
              false,
              true,
              INFO_HOST_PLACEHOLDER.get(),
              defaultHostName,
              null,
              INFO_INSTALLDS_DESCRIPTION_HOST_NAME.get());
      argParser.addArgument(hostName);

      ldapPort =
          new IntegerArgument(
              "ldapport",
              OPTION_SHORT_PORT,
              "ldapPort",
              false,
              false,
              true,
              INFO_LDAPPORT_PLACEHOLDER.get(),
              389,
              null,
              true,
              1,
              true,
              65535,
              INFO_CONFIGDS_DESCRIPTION_LDAP_PORT.get());
      argParser.addArgument(ldapPort);

      adminConnectorPort =
          new IntegerArgument(
              "adminConnectorPort".toLowerCase(),
              null,
              "adminConnectorPort",
              false,
              false,
              true,
              INFO_PORT_PLACEHOLDER.get(),
              4444,
              "adminConnectorPort",
              true,
              1,
              true,
              65535,
              INFO_INSTALLDS_DESCRIPTION_ADMINCONNECTORPORT.get());
      argParser.addArgument(adminConnectorPort);

      ldapsPort =
          new IntegerArgument(
              "ldapsPort",
              'P',
              "ldapsPort",
              false,
              false,
              true,
              INFO_LDAPPORT_PLACEHOLDER.get(),
              636,
              null,
              true,
              1,
              true,
              65535,
              INFO_CONFIGDS_DESCRIPTION_LDAPS_PORT.get());
      argParser.addArgument(ldapsPort);

      enableStartTLS =
          new BooleanArgument(
              "enableStartTLS",
              OPTION_SHORT_START_TLS,
              "enableStartTLS",
              INFO_CONFIGDS_DESCRIPTION_ENABLE_START_TLS.get());
      argParser.addArgument(enableStartTLS);

      jmxPort =
          new IntegerArgument(
              "jmxport",
              'x',
              "jmxPort",
              false,
              false,
              true,
              INFO_JMXPORT_PLACEHOLDER.get(),
              SetupUtils.getDefaultJMXPort(),
              null,
              true,
              1,
              true,
              65535,
              INFO_CONFIGDS_DESCRIPTION_JMX_PORT.get());
      argParser.addArgument(jmxPort);

      keyManagerProviderDN =
          new StringArgument(
              "keymanagerproviderdn",
              'k',
              "keyManagerProviderDN",
              false,
              false,
              true,
              INFO_KEY_MANAGER_PROVIDER_DN_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PROVIDER_DN.get());
      argParser.addArgument(keyManagerProviderDN);

      trustManagerProviderDN =
          new StringArgument(
              "trustmanagerproviderdn",
              't',
              "trustManagerProviderDN",
              false,
              false,
              true,
              INFO_TRUST_MANAGER_PROVIDER_DN_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_TRUSTMANAGER_PROVIDER_DN.get());
      argParser.addArgument(trustManagerProviderDN);

      keyManagerPath =
          new StringArgument(
              "keymanagerpath",
              'm',
              "keyManagerPath",
              false,
              false,
              true,
              INFO_KEY_MANAGER_PATH_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_KEYMANAGER_PATH.get());
      argParser.addArgument(keyManagerPath);

      certNickName =
          new StringArgument(
              "certnickname",
              'a',
              "certNickName",
              false,
              false,
              true,
              INFO_NICKNAME_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_CERTNICKNAME.get());
      argParser.addArgument(certNickName);

      baseDNString =
          new StringArgument(
              "basedn",
              OPTION_SHORT_BASEDN,
              OPTION_LONG_BASEDN,
              false,
              true,
              true,
              INFO_BASEDN_PLACEHOLDER.get(),
              "dc=example,dc=com",
              null,
              INFO_CONFIGDS_DESCRIPTION_BASE_DN.get());
      argParser.addArgument(baseDNString);

      rootDNString =
          new StringArgument(
              "rootdn",
              OPTION_SHORT_ROOT_USER_DN,
              OPTION_LONG_ROOT_USER_DN,
              false,
              false,
              true,
              INFO_ROOT_USER_DN_PLACEHOLDER.get(),
              "cn=Directory Manager",
              null,
              INFO_CONFIGDS_DESCRIPTION_ROOT_DN.get());
      argParser.addArgument(rootDNString);

      rootPassword =
          new StringArgument(
              "rootpw",
              OPTION_SHORT_BINDPWD,
              "rootPassword",
              false,
              false,
              true,
              INFO_ROOT_USER_PWD_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_ROOT_PW.get());
      argParser.addArgument(rootPassword);

      rootPasswordFile =
          new FileBasedArgument(
              "rootpwfile",
              OPTION_SHORT_BINDPWD_FILE,
              "rootPasswordFile",
              false,
              false,
              INFO_FILE_PLACEHOLDER.get(),
              null,
              null,
              INFO_CONFIGDS_DESCRIPTION_ROOT_PW_FILE.get());
      argParser.addArgument(rootPasswordFile);

      showUsage =
          new BooleanArgument(
              "showusage", OPTION_SHORT_HELP, OPTION_LONG_HELP, INFO_DESCRIPTION_USAGE.get());
      argParser.addArgument(showUsage);
      argParser.setUsageArgument(showUsage);

      serverRoot =
          new StringArgument(
              "serverRoot",
              ToolConstants.OPTION_SHORT_SERVER_ROOT,
              ToolConstants.OPTION_LONG_SERVER_ROOT,
              false,
              false,
              true,
              INFO_SERVER_ROOT_DIR_PLACEHOLDER.get(),
              null,
              null,
              null);
      serverRoot.setHidden(true);
      argParser.addArgument(serverRoot);
    } catch (ArgumentException ae) {
      Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    // Parse the command-line arguments provided to the program.
    try {
      argParser.parseArguments(args);
    } catch (ArgumentException ae) {
      Message message = ERR_ERROR_PARSING_ARGS.get(ae.getMessage());

      err.println(wrapText(message, MAX_LINE_WIDTH));
      err.println(argParser.getUsage());
      return LDAPResultCode.CLIENT_SIDE_PARAM_ERROR;
    }

    // If we should just display usage or version information,
    // then print it and exit.
    if (argParser.usageOrVersionDisplayed()) {
      return 0;
    }

    // Make sure that the user actually tried to configure something.
    if (!(baseDNString.isPresent()
        || ldapPort.isPresent()
        || jmxPort.isPresent()
        || rootDNString.isPresent())) {
      Message message = ERR_CONFIGDS_NO_CONFIG_CHANGES.get();
      err.println(wrapText(message, MAX_LINE_WIDTH));
      err.println(argParser.getUsage());
      return 1;
    }

    try {
      Set<Integer> ports = new HashSet<Integer>();
      if (ldapPort.isPresent()) {
        ports.add(ldapPort.getIntValue());
      }
      if (adminConnectorPort.isPresent()) {
        if (ports.contains(adminConnectorPort.getIntValue())) {
          Message message =
              ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(
                  String.valueOf(adminConnectorPort.getIntValue()));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          err.println(argParser.getUsage());
          return 1;
        } else {
          ports.add(adminConnectorPort.getIntValue());
        }
      }
      if (ldapsPort.isPresent()) {
        if (ports.contains(ldapsPort.getIntValue())) {
          Message message =
              ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(ldapsPort.getIntValue()));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          err.println(argParser.getUsage());
          return 1;
        } else {
          ports.add(ldapsPort.getIntValue());
        }
      }
      if (jmxPort.isPresent()) {
        if (ports.contains(jmxPort.getIntValue())) {
          Message message =
              ERR_CONFIGDS_PORT_ALREADY_SPECIFIED.get(String.valueOf(jmxPort.getIntValue()));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          err.println(argParser.getUsage());
          return 1;
        } else {
          ports.add(jmxPort.getIntValue());
        }
      }
    } catch (ArgumentException ae) {
      Message message = ERR_CANNOT_INITIALIZE_ARGS.get(ae.getMessage());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    if (serverRoot.isPresent()) {
      DirectoryEnvironmentConfig env = DirectoryServer.getEnvironmentConfig();
      String root = serverRoot.getValue();
      try {
        env.setServerRoot(new File(serverRoot.getValue()));
      } catch (InitializationException e) {
        ERR_INITIALIZE_SERVER_ROOT.get(root, e.getMessageObject());
      }
    }

    // Initialize the Directory Server configuration handler using the
    // information that was provided.
    DirectoryServer directoryServer = DirectoryServer.getInstance();
    DirectoryServer.bootstrapClient();

    try {
      DirectoryServer.initializeJMX();
    } catch (Exception e) {
      Message message =
          ERR_CONFIGDS_CANNOT_INITIALIZE_JMX.get(
              String.valueOf(configFile.getValue()), e.getMessage());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    try {
      directoryServer.initializeConfiguration(configClass.getValue(), configFile.getValue());
    } catch (Exception e) {
      Message message =
          ERR_CONFIGDS_CANNOT_INITIALIZE_CONFIG.get(
              String.valueOf(configFile.getValue()), e.getMessage());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    try {
      directoryServer.initializeSchema();
    } catch (Exception e) {
      Message message =
          ERR_CONFIGDS_CANNOT_INITIALIZE_SCHEMA.get(
              String.valueOf(configFile.getValue()), e.getMessage());
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    // Make sure that we can get an exclusive lock for the Directory Server, so
    // that no other operation will be allowed while this is in progress.
    String serverLockFileName = LockFileManager.getServerLockFileName();
    StringBuilder failureReason = new StringBuilder();
    if (!LockFileManager.acquireExclusiveLock(serverLockFileName, failureReason)) {
      Message message =
          ERR_CONFIGDS_CANNOT_ACQUIRE_SERVER_LOCK.get(
              String.valueOf(serverLockFileName), String.valueOf(failureReason));
      err.println(wrapText(message, MAX_LINE_WIDTH));
      return 1;
    }

    try {
      // If one or more base DNs were provided, then make sure that they can be
      // parsed as valid DNs.
      LinkedList<DN> baseDNs = null;
      if (baseDNString.isPresent()) {
        baseDNs = new LinkedList<DN>();
        for (String dnString : baseDNString.getValues()) {
          try {
            baseDNs.add(DN.decode(dnString));
          } catch (DirectoryException de) {
            Message message =
                ERR_CONFIGDS_CANNOT_PARSE_BASE_DN.get(
                    String.valueOf(dnString), de.getMessageObject());
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }
      }

      // If a root user DN was provided, then make sure it can be parsed.  Also,
      // make sure that either a password or password file was specified.
      DN rootDN = null;
      String rootPW = null;
      if (rootDNString.isPresent()) {
        try {
          rootDN = DN.decode(rootDNString.getValue());
        } catch (DirectoryException de) {
          Message message =
              ERR_CONFIGDS_CANNOT_PARSE_ROOT_DN.get(
                  String.valueOf(rootDNString.getValue()), de.getMessageObject());
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }

        if (rootPassword.isPresent()) {
          rootPW = rootPassword.getValue();
        } else if (rootPasswordFile.isPresent()) {
          rootPW = rootPasswordFile.getValue();
        } else {
          Message message = ERR_CONFIGDS_NO_ROOT_PW.get();
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // Get the Directory Server configuration handler and use it to make the
      // appropriate configuration changes.
      ConfigHandler configHandler = DirectoryServer.getConfigHandler();

      // Check that the key manager provided is valid.
      if (keyManagerProviderDN.isPresent()) {
        DN dn = null;
        DN JCEKSProviderDN = null;
        try {
          dn = DN.decode(keyManagerProviderDN.getValue());
          JCEKSProviderDN = DN.decode("cn=JCEKS,cn=Key Manager Providers,cn=config");
        } catch (DirectoryException de) {
          Message message =
              ERR_CONFIGDS_CANNOT_PARSE_KEYMANAGER_PROVIDER_DN.get(
                  keyManagerProviderDN.getValue(), de.getMessageObject());
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }

        if (dn.equals(JCEKSProviderDN)) {
          // Create the JCEKSProvider entry
          try {
            String ldif =
                "dn: cn=JCEKS,cn=Key Manager Providers,cn=config\n"
                    + "objectClass: top\n"
                    + "objectClass: ds-cfg-key-manager-provider\n"
                    + "objectClass: ds-cfg-file-based-key-manager-provider\n"
                    + "cn: JCEKS\n"
                    + "ds-cfg-java-class: org.opends.server.extensions."
                    + "FileBasedKeyManagerProvider\n"
                    + "ds-cfg-enabled: true\n"
                    + "ds-cfg-key-store-type: JCEKS\n"
                    + "ds-cfg-key-store-file: config/keystore.jceks\n"
                    + "ds-cfg-key-store-pin-file: config/keystore.pin";

            LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif));
            LDIFReader reader = new LDIFReader(ldifImportConfig);
            Entry providerConfigEntry;
            while ((providerConfigEntry = reader.readEntry()) != null) {
              configHandler.addEntry(providerConfigEntry, null);
            }
          } catch (Exception e) {
            Message message =
                ERR_CONFIG_KEYMANAGER_CANNOT_CREATE_JCEKS_PROVIDER.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        } else {
          try {
            configHandler.getConfigEntry(dn);
          } catch (Exception e) {
            Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }
      }

      // Check that the trust manager provided is valid.
      if (trustManagerProviderDN.isPresent()) {
        DN dn = null;
        DN JCEKSTrustManagerDN = null;
        try {
          dn = DN.decode(trustManagerProviderDN.getValue());
          JCEKSTrustManagerDN = DN.decode("cn=JCEKS,cn=Trust Manager Providers,cn=config");
        } catch (DirectoryException de) {
          Message message =
              ERR_CONFIGDS_CANNOT_PARSE_TRUSTMANAGER_PROVIDER_DN.get(
                  trustManagerProviderDN.getValue(), de.getMessageObject());
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }

        if (dn.equals(JCEKSTrustManagerDN)) {
          try {
            String ldif =
                "dn: cn=JCEKS,cn=Trust Manager Providers,cn=config\n"
                    + "objectClass: top\n"
                    + "objectClass: ds-cfg-trust-manager-provider\n"
                    + "objectClass: ds-cfg-file-based-trust-manager-provider\n"
                    + "cn: JCEKS\n"
                    + "ds-cfg-java-class: org.opends.server.extensions."
                    + "FileBasedTrustManagerProvider\n"
                    + "ds-cfg-enabled: false\n"
                    + "ds-cfg-trust-store-type: JCEKS\n"
                    + "ds-cfg-trust-store-file: config/truststore\n";

            LDIFImportConfig ldifImportConfig = new LDIFImportConfig(new StringReader(ldif));
            LDIFReader reader = new LDIFReader(ldifImportConfig);
            Entry trustManagerConfigEntry;
            while ((trustManagerConfigEntry = reader.readEntry()) != null) {
              configHandler.addEntry(trustManagerConfigEntry, null);
            }
          } catch (Exception e) {
            Message message = ERR_CONFIG_KEYMANAGER_CANNOT_GET_BASE.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        } else {
          try {
            configHandler.getConfigEntry(dn);
          } catch (Exception e) {
            Message message = ERR_CONFIG_TRUSTMANAGER_CANNOT_GET_BASE.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }
      }

      // Check that the keystore path values are valid.
      if (keyManagerPath.isPresent()) {
        if (!keyManagerProviderDN.isPresent()) {
          Message message =
              ERR_CONFIGDS_KEYMANAGER_PROVIDER_DN_REQUIRED.get(
                  keyManagerProviderDN.getLongIdentifier(), keyManagerPath.getLongIdentifier());
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // If one or more base DNs were specified, then update the config
      // accordingly.
      if (baseDNs != null) {
        try {
          DN jeBackendDN = DN.decode(DN_JE_BACKEND);
          ConfigEntry configEntry = configHandler.getConfigEntry(jeBackendDN);

          DNConfigAttribute baseDNAttr =
              new DNConfigAttribute(
                  ATTR_BACKEND_BASE_DN,
                  INFO_CONFIG_BACKEND_ATTR_DESCRIPTION_BASE_DNS.get(),
                  true,
                  true,
                  false,
                  baseDNs);
          configEntry.putConfigAttribute(baseDNAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_BASE_DN.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // If an LDAP port was specified, then update the config accordingly.
      if (ldapPort.isPresent()) {
        try {
          DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

          IntegerConfigAttribute portAttr =
              new IntegerConfigAttribute(
                  ATTR_LISTEN_PORT,
                  INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(),
                  true,
                  false,
                  true,
                  true,
                  1,
                  true,
                  65535,
                  ldapPort.getIntValue());
          configEntry.putConfigAttribute(portAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAP_PORT.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // If an Admin Connector port was specified, then update the config
      // accordingly.
      if (adminConnectorPort.isPresent()) {
        try {
          DN adminConnectorDN = DN.decode(DN_ADMIN_CONNECTOR);
          ConfigEntry configEntry = configHandler.getConfigEntry(adminConnectorDN);

          IntegerConfigAttribute portAttr =
              new IntegerConfigAttribute(
                  ATTR_LISTEN_PORT,
                  INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(),
                  true,
                  false,
                  true,
                  true,
                  1,
                  true,
                  65535,
                  adminConnectorPort.getIntValue());
          configEntry.putConfigAttribute(portAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_ADMIN_CONNECTOR_PORT.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      //    If an LDAPS port was specified, then update the config accordingly.
      if (ldapsPort.isPresent()) {
        try {
          DN ldapListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

          IntegerConfigAttribute portAttr =
              new IntegerConfigAttribute(
                  ATTR_LISTEN_PORT,
                  INFO_LDAP_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(),
                  true,
                  false,
                  true,
                  true,
                  1,
                  true,
                  65535,
                  ldapsPort.getIntValue());
          configEntry.putConfigAttribute(portAttr);

          BooleanConfigAttribute enablePortAttr =
              new BooleanConfigAttribute(
                  ATTR_CONNECTION_HANDLER_ENABLED,
                  INFO_LDAPS_CONNHANDLER_DESCRIPTION_ENABLE.get(),
                  true,
                  true);
          configEntry.putConfigAttribute(enablePortAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_LDAPS_PORT.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      //    If an JMX port was specified, then update the config accordingly.
      if (jmxPort.isPresent()) {
        try {
          DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(jmxListenerDN);

          IntegerConfigAttribute portAttr =
              new IntegerConfigAttribute(
                  ATTR_LISTEN_PORT,
                  INFO_JMX_CONNHANDLER_DESCRIPTION_LISTEN_PORT.get(),
                  true,
                  false,
                  true,
                  true,
                  1,
                  true,
                  65535,
                  jmxPort.getIntValue());
          configEntry.putConfigAttribute(portAttr);

          BooleanConfigAttribute enablePortAttr =
              new BooleanConfigAttribute(
                  ATTR_CONNECTION_HANDLER_ENABLED,
                  INFO_JMX_CONNHANDLER_DESCRIPTION_ENABLE.get(),
                  true,
                  true);
          configEntry.putConfigAttribute(enablePortAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_JMX_PORT.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // Start TLS configuration
      if (enableStartTLS.isPresent()) {
        try {
          DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

          BooleanConfigAttribute startTLS =
              new BooleanConfigAttribute(
                  ATTR_ALLOW_STARTTLS,
                  INFO_LDAP_CONNHANDLER_DESCRIPTION_ALLOW_STARTTLS.get(),
                  true,
                  true);
          configEntry.putConfigAttribute(startTLS);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_ENABLE_STARTTLS.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // Key manager provider
      if (keyManagerProviderDN.isPresent()) {
        if (enableStartTLS.isPresent() || ldapsPort.isPresent()) {
          try {
            // Enable the key manager
            DN dn = DN.decode(keyManagerProviderDN.getValue());
            ConfigEntry configEntry = configHandler.getConfigEntry(dn);

            BooleanConfigAttribute enableAttr =
                new BooleanConfigAttribute(
                    ATTR_KEYMANAGER_ENABLED,
                    INFO_CONFIG_KEYMANAGER_DESCRIPTION_ENABLED.get(),
                    true,
                    true);
            configEntry.putConfigAttribute(enableAttr);
          } catch (Exception e) {
            Message message = ERR_CONFIGDS_CANNOT_ENABLE_KEYMANAGER.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }

        try {
          if (enableStartTLS.isPresent()) {
            // Use the key manager specified for the LDAP connection handler.
            DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
            ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

            StringConfigAttribute keyManagerProviderAttr =
                new StringConfigAttribute(
                    ATTR_KEYMANAGER_DN,
                    INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(),
                    false,
                    false,
                    true,
                    keyManagerProviderDN.getValue());
            configEntry.putConfigAttribute(keyManagerProviderAttr);
          }

          if (ldapsPort.isPresent()) {
            // Use the key manager specified for the LDAPS connection handler.
            DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
            ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN);

            StringConfigAttribute keyManagerProviderAttr =
                new StringConfigAttribute(
                    ATTR_KEYMANAGER_DN,
                    INFO_LDAP_CONNHANDLER_DESCRIPTION_KEYMANAGER_DN.get(),
                    false,
                    false,
                    true,
                    keyManagerProviderDN.getValue());
            configEntry.putConfigAttribute(keyManagerProviderAttr);
          }
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_KEYMANAGER_REFERENCE.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }

        if (keyManagerPath.isPresent()) {
          try {
            // Enable the key manager
            DN dn = DN.decode(keyManagerProviderDN.getValue());
            ConfigEntry configEntry = configHandler.getConfigEntry(dn);

            StringConfigAttribute pathAttr =
                new StringConfigAttribute(
                    ATTR_KEYSTORE_FILE,
                    INFO_FILE_KEYMANAGER_DESCRIPTION_FILE.get(),
                    true,
                    true,
                    true,
                    keyManagerPath.getValue());
            configEntry.putConfigAttribute(pathAttr);
          } catch (Exception e) {
            String message = String.valueOf(e);
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }
      }
      if (trustManagerProviderDN.isPresent()) {
        if (enableStartTLS.isPresent() || ldapsPort.isPresent()) {
          // Enable the trust manager
          try {
            DN dn = DN.decode(trustManagerProviderDN.getValue());
            ConfigEntry configEntry = configHandler.getConfigEntry(dn);

            BooleanConfigAttribute enableAttr =
                new BooleanConfigAttribute(
                    ATTR_TRUSTMANAGER_ENABLED,
                    ERR_CONFIG_TRUSTMANAGER_DESCRIPTION_ENABLED.get(),
                    true,
                    true);
            configEntry.putConfigAttribute(enableAttr);
          } catch (Exception e) {
            Message message = ERR_CONFIGDS_CANNOT_ENABLE_TRUSTMANAGER.get(String.valueOf(e));
            err.println(wrapText(message, MAX_LINE_WIDTH));
            return 1;
          }
        }

        try {
          if (enableStartTLS.isPresent()) {
            // Use the trust manager specified for the LDAP connection handler.
            DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
            ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

            StringConfigAttribute trustManagerProviderAttr =
                new StringConfigAttribute(
                    ATTR_TRUSTMANAGER_DN,
                    INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(),
                    false,
                    false,
                    true,
                    trustManagerProviderDN.getValue());
            configEntry.putConfigAttribute(trustManagerProviderAttr);
          }

          if (ldapsPort.isPresent()) {
            // Use the trust manager specified for the LDAPS connection handler.
            DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
            ConfigEntry configEntry = configHandler.getConfigEntry(ldapsListenerDN);

            StringConfigAttribute trustManagerProviderAttr =
                new StringConfigAttribute(
                    ATTR_TRUSTMANAGER_DN,
                    INFO_LDAP_CONNHANDLER_DESCRIPTION_TRUSTMANAGER_DN.get(),
                    false,
                    false,
                    true,
                    trustManagerProviderDN.getValue());
            configEntry.putConfigAttribute(trustManagerProviderAttr);
          }
        } catch (Exception e) {
          Message message =
              ERR_CONFIGDS_CANNOT_UPDATE_TRUSTMANAGER_REFERENCE.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      if (certNickName.isPresent()) {
        try {
          StringConfigAttribute certNickNameAttr =
              new StringConfigAttribute(
                  ATTR_SSL_CERT_NICKNAME,
                  INFO_LDAP_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(),
                  false,
                  false,
                  true,
                  certNickName.getValue());

          DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);
          if (ldapPort.isPresent()) {
            // Use the key manager specified for the LDAP connection handler.
            configEntry.putConfigAttribute(certNickNameAttr);
          } else {
            configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }

          // Use the key manager specified for the LDAPS connection handler.
          DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
          configEntry = configHandler.getConfigEntry(ldapsListenerDN);
          if (ldapsPort.isPresent()) {
            configEntry.putConfigAttribute(certNickNameAttr);
          } else {
            configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }

          certNickNameAttr =
              new StringConfigAttribute(
                  ATTR_SSL_CERT_NICKNAME,
                  INFO_JMX_CONNHANDLER_DESCRIPTION_SSL_CERT_NICKNAME.get(),
                  false,
                  false,
                  true,
                  certNickName.getValue());

          // Use the key manager specified for the JMX connection handler.
          DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER);
          configEntry = configHandler.getConfigEntry(jmxListenerDN);
          if (jmxPort.isPresent()) {
            configEntry.putConfigAttribute(certNickNameAttr);
          } else {
            configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());
          }
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      } else {
        try {
          // Use the key manager specified for the LDAP connection handler.
          DN ldapListenerDN = DN.decode(DN_LDAP_CONNECTION_HANDLER);
          ConfigEntry configEntry = configHandler.getConfigEntry(ldapListenerDN);

          configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());

          // Use the key manager specified for the LDAPS connection handler.
          DN ldapsListenerDN = DN.decode(DN_LDAPS_CONNECTION_HANDLER);
          configEntry = configHandler.getConfigEntry(ldapsListenerDN);

          configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());

          // Use the key manager specified for the JMX connection handler.
          DN jmxListenerDN = DN.decode(DN_JMX_CONNECTION_HANDLER);
          configEntry = configHandler.getConfigEntry(jmxListenerDN);

          configEntry.removeConfigAttribute(ATTR_SSL_CERT_NICKNAME.toLowerCase());
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_CERT_NICKNAME.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // If a root user DN and password were specified, then update the config
      // accordingly.
      if (rootDN != null) {
        try {
          DN rootUserDN = DN.decode(DN_ROOT_USER);
          ConfigEntry configEntry = configHandler.getConfigEntry(rootUserDN);

          DNConfigAttribute bindDNAttr =
              new DNConfigAttribute(
                  ATTR_ROOTDN_ALTERNATE_BIND_DN,
                  INFO_CONFIG_ROOTDN_DESCRIPTION_ALTERNATE_BIND_DN.get(),
                  false,
                  true,
                  false,
                  rootDN);
          configEntry.putConfigAttribute(bindDNAttr);

          byte[] rootPWBytes = getBytes(rootPW);
          String encodedPassword = SaltedSHA512PasswordStorageScheme.encodeOffline(rootPWBytes);
          StringConfigAttribute bindPWAttr =
              new StringConfigAttribute(
                  ATTR_USER_PASSWORD, Message.EMPTY, false, false, false, encodedPassword);
          configEntry.putConfigAttribute(bindPWAttr);
        } catch (Exception e) {
          Message message = ERR_CONFIGDS_CANNOT_UPDATE_ROOT_USER.get(String.valueOf(e));
          err.println(wrapText(message, MAX_LINE_WIDTH));
          return 1;
        }
      }

      // Set the FQDN for the DIGEST-MD5 SASL mechanism.
      try {
        DN digestMD5DN = DN.decode(DN_DIGEST_MD5_SASL_MECHANISM);
        ConfigEntry configEntry = configHandler.getConfigEntry(digestMD5DN);
        StringConfigAttribute fqdnAttr =
            new StringConfigAttribute(
                "ds-cfg-server-fqdn", Message.EMPTY, false, false, false, hostName.getValue());
        configEntry.putConfigAttribute(fqdnAttr);
      } catch (Exception e) {
        Message message = ERR_CONFIGDS_CANNOT_UPDATE_DIGEST_MD5_FQDN.get(String.valueOf(e));
        err.println(wrapText(message, MAX_LINE_WIDTH));
        return 1;
      }

      // Check that the cipher specified is supported.  This is intended to
      // fix issues with JVM that do not support the default cipher (see
      // issue 3075 for instance).
      CryptoManagerCfgDefn cryptoManager = CryptoManagerCfgDefn.getInstance();
      StringPropertyDefinition prop =
          cryptoManager.getKeyWrappingTransformationPropertyDefinition();
      String defaultCipher = null;
      DefaultBehaviorProvider<?> p = prop.getDefaultBehaviorProvider();
      if (p instanceof DefinedDefaultBehaviorProvider) {
        Collection<?> defaultValues = ((DefinedDefaultBehaviorProvider<?>) p).getDefaultValues();
        if (!defaultValues.isEmpty()) {
          defaultCipher = defaultValues.iterator().next().toString();
        }
      }
      if (defaultCipher != null) {
        // Check that the default cipher is supported by the JVM.
        try {
          Cipher.getInstance(defaultCipher);
        } catch (GeneralSecurityException ex) {
          // The cipher is not supported: try to find an alternative one.
          String alternativeCipher = getAlternativeCipher();
          if (alternativeCipher != null) {
            try {
              DN cipherDN = DN.decode(DN_CRYPTO_MANAGER);
              ConfigEntry configEntry = configHandler.getConfigEntry(cipherDN);

              // Set the alternative cipher
              StringConfigAttribute keyWrappingTransformation =
                  new StringConfigAttribute(
                      ATTR_CRYPTO_CIPHER_KEY_WRAPPING_TRANSFORMATION,
                      Message.EMPTY,
                      false,
                      false,
                      true,
                      alternativeCipher);
              configEntry.putConfigAttribute(keyWrappingTransformation);
            } catch (Exception e) {
              Message message = ERR_CONFIGDS_CANNOT_UPDATE_CRYPTO_MANAGER.get(String.valueOf(e));
              err.println(wrapText(message, MAX_LINE_WIDTH));
              return 1;
            }
          }
        }
      }

      // Write the updated configuration.
      try {
        configHandler.writeUpdatedConfig();

        Message message = INFO_CONFIGDS_WROTE_UPDATED_CONFIG.get();
        out.println(wrapText(message, MAX_LINE_WIDTH));
      } catch (DirectoryException de) {
        Message message = ERR_CONFIGDS_CANNOT_WRITE_UPDATED_CONFIG.get(de.getMessageObject());
        err.println(wrapText(message, MAX_LINE_WIDTH));
        return 1;
      }
    } finally {
      LockFileManager.releaseLock(serverLockFileName, failureReason);
    }

    // If we've gotten here, then everything was successful.
    return 0;
  }