Package com.unboundid.ldap.sdk.unboundidds.tasks

Class AuditDataSecurityTask

java.lang.Object
com.unboundid.ldap.sdk.unboundidds.tasks.Task
com.unboundid.ldap.sdk.unboundidds.tasks.AuditDataSecurityTask
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class AuditDataSecurityTask extends Task
This class defines a Directory Server task that can be used to cause the server to initiate a data security audit, which can look for potential issues in the environment that can impact the security of the directory environment.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

The properties that are available for use with this type of task include:
  • The names of the auditors to include or exclude from the audit. This is optional, and if it is not provided, then all enabled auditors will be used.
  • The backend IDs for the backends containing the data to be audited. This is optional, and if it is not provided then the server will run the audit in all backends that support this capability.
  • A set of filters which identify the entries that should be examined by the audit. This is optional, and if it is not provided, then all entries in the selected backends will be included.
  • The path to the directory in which the output files should be generated. This is optional, and if it is not provided then the server will use a default output directory.
  • The minimum number of previous reports to retain.
  • The minimum age of previous reports to retain.
See Also:

  • Constructor Details

    • AuditDataSecurityTask

      public AuditDataSecurityTask()
      Creates a new uninitialized audit data security task instance which should only be used for obtaining general information about this task, including the task name, description, and supported properties. Attempts to use a task created with this constructor for any other reason will likely fail.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@Nullable List<String> includeAuditors, @Nullable List<String> excludeAuditors, @Nullable List<String> backendIDs, @Nullable List<String> reportFilters, @Nullable String outputDirectory)
      Creates a new audit data security task with the provided information and default settings for all general task properties.
      Parameters:
      includeAuditors - The names of the auditors that should be used to examine the data. It may be null or empty if an exclude list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      excludeAuditors - The names of the auditors that should be excluded when examining the data. It may be null or empty if an include list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      backendIDs - The backend IDs of the backends containing the data to examine. It may be null or empty if all supported backends should be selected.
      reportFilters - A set of filters which identify entries that should be examined. It may be null or empty if all entries should be examined.
      outputDirectory - The path to the output directory (on the server filesystem) in which report data files should be written. It may be null if a default output directory should be used.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@Nullable String taskID, @Nullable List<String> includeAuditors, @Nullable List<String> excludeAuditors, @Nullable List<String> backendIDs, @Nullable List<String> reportFilters, @Nullable String outputDirectory, @Nullable Date scheduledStartTime, @Nullable List<String> dependencyIDs, @Nullable FailedDependencyAction failedDependencyAction, @Nullable List<String> notifyOnCompletion, @Nullable List<String> notifyOnError)
      Creates a new audit data security task with the provided information.
      Parameters:
      taskID - The task ID to use for this task. If it is null then a UUID will be generated for use as the task ID.
      includeAuditors - The names of the auditors that should be used to examine the data. It may be null or empty if an exclude list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      excludeAuditors - The names of the auditors that should be excluded when examining the data. It may be null or empty if an include list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      backendIDs - The backend IDs of the backends containing the data to examine. It may be null or empty if all supported backends should be selected.
      reportFilters - A set of filters which identify entries that should be examined. It may be null or empty if all entries should be examined.
      outputDirectory - The path to the output directory (on the server filesystem) in which report data files should be written. It may be null if a default output directory should be used.
      scheduledStartTime - The time that this task should start running.
      dependencyIDs - The list of task IDs that will be required to complete before this task will be eligible to start.
      failedDependencyAction - Indicates what action should be taken if any of the dependencies for this task do not complete successfully.
      notifyOnCompletion - The list of e-mail addresses of individuals that should be notified when this task completes.
      notifyOnError - The list of e-mail addresses of individuals that should be notified if this task does not complete successfully.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@Nullable String taskID, @Nullable List<String> includeAuditors, @Nullable List<String> excludeAuditors, @Nullable List<String> backendIDs, @Nullable List<String> reportFilters, @Nullable String outputDirectory, @Nullable Date scheduledStartTime, @Nullable List<String> dependencyIDs, @Nullable FailedDependencyAction failedDependencyAction, @Nullable List<String> notifyOnStart, @Nullable List<String> notifyOnCompletion, @Nullable List<String> notifyOnSuccess, @Nullable List<String> notifyOnError, @Nullable Boolean alertOnStart, @Nullable Boolean alertOnSuccess, @Nullable Boolean alertOnError)
      Creates a new audit data security task with the provided information.
      Parameters:
      taskID - The task ID to use for this task. If it is null then a UUID will be generated for use as the task ID.
      includeAuditors - The names of the auditors that should be used to examine the data. It may be null or empty if an exclude list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      excludeAuditors - The names of the auditors that should be excluded when examining the data. It may be null or empty if an include list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      backendIDs - The backend IDs of the backends containing the data to examine. It may be null or empty if all supported backends should be selected.
      reportFilters - A set of filters which identify entries that should be examined. It may be null or empty if all entries should be examined.
      outputDirectory - The path to the output directory (on the server filesystem) in which report data files should be written. It may be null if a default output directory should be used.
      scheduledStartTime - The time that this task should start running.
      dependencyIDs - The list of task IDs that will be required to complete before this task will be eligible to start.
      failedDependencyAction - Indicates what action should be taken if any of the dependencies for this task do not complete successfully.
      notifyOnStart - The list of e-mail addresses of individuals that should be notified when this task starts running.
      notifyOnCompletion - The list of e-mail addresses of individuals that should be notified when this task completes.
      notifyOnSuccess - The list of e-mail addresses of individuals that should be notified if this task completes successfully.
      notifyOnError - The list of e-mail addresses of individuals that should be notified if this task does not complete successfully.
      alertOnStart - Indicates whether the server should send an alert notification when this task starts.
      alertOnSuccess - Indicates whether the server should send an alert notification if this task completes successfully.
      alertOnError - Indicates whether the server should send an alert notification if this task fails to complete successfully.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@Nullable String taskID, @Nullable List<String> includeAuditors, @Nullable List<String> excludeAuditors, @Nullable List<String> backendIDs, @Nullable List<String> reportFilters, @Nullable String outputDirectory, @Nullable Integer retainPreviousReportCount, @Nullable String retainPreviousReportAge, @Nullable Date scheduledStartTime, @Nullable List<String> dependencyIDs, @Nullable FailedDependencyAction failedDependencyAction, @Nullable List<String> notifyOnStart, @Nullable List<String> notifyOnCompletion, @Nullable List<String> notifyOnSuccess, @Nullable List<String> notifyOnError, @Nullable Boolean alertOnStart, @Nullable Boolean alertOnSuccess, @Nullable Boolean alertOnError)
      Creates a new audit data security task with the provided information.
      Parameters:
      taskID - The task ID to use for this task. If it is null then a UUID will be generated for use as the task ID.
      includeAuditors - The names of the auditors that should be used to examine the data. It may be null or empty if an exclude list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      excludeAuditors - The names of the auditors that should be excluded when examining the data. It may be null or empty if an include list should be provided, or if all enabled auditors should be invoked. You must not provide both include and exclude auditors.
      backendIDs - The backend IDs of the backends containing the data to examine. It may be null or empty if all supported backends should be selected.
      reportFilters - A set of filters which identify entries that should be examined. It may be null or empty if all entries should be examined.
      outputDirectory - The path to the output directory (on the server filesystem) in which report data files should be written. It may be null if a default output directory should be used.
      retainPreviousReportCount - The minimum number of previous reports to retain.
      retainPreviousReportAge - A string representation of the minimum age of previous reports to retain. The age should be formatted in the same way as values for the DurationArgument class.
      scheduledStartTime - The time that this task should start running.
      dependencyIDs - The list of task IDs that will be required to complete before this task will be eligible to start.
      failedDependencyAction - Indicates what action should be taken if any of the dependencies for this task do not complete successfully.
      notifyOnStart - The list of e-mail addresses of individuals that should be notified when this task starts running.
      notifyOnCompletion - The list of e-mail addresses of individuals that should be notified when this task completes.
      notifyOnSuccess - The list of e-mail addresses of individuals that should be notified if this task completes successfully.
      notifyOnError - The list of e-mail addresses of individuals that should be notified if this task does not complete successfully.
      alertOnStart - Indicates whether the server should send an alert notification when this task starts.
      alertOnSuccess - Indicates whether the server should send an alert notification if this task completes successfully.
      alertOnError - Indicates whether the server should send an alert notification if this task fails to complete successfully.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@NotNull Entry entry) throws TaskException
      Creates a new audit data security task from the provided entry.
      Parameters:
      entry - The entry to use to create this audit data security task.
      Throws:
      TaskException - If the provided entry cannot be parsed as an audit data security task entry.

    • AuditDataSecurityTask

      public AuditDataSecurityTask(@NotNull Map<TaskProperty,List<Object>> properties) throws TaskException
      Creates a new audit data security task from the provided set of task properties.
      Parameters:
      properties - The set of task properties and their corresponding values to use for the task. It must not be null.
      Throws:
      TaskException - If the provided set of properties cannot be used to create a valid audit data security task.

  • Method Details

    • getTaskName

      @NotNull public String getTaskName()
      Retrieves a human-readable name for this task.
      Overrides:
      getTaskName in class Task
      Returns:
      A human-readable name for this task.

    • getTaskDescription

      @NotNull public String getTaskDescription()
      Retrieves a human-readable description for this task.
      Overrides:
      getTaskDescription in class Task
      Returns:
      A human-readable description for this task.

    • getIncludeAuditors

      @NotNull public List<String> getIncludeAuditors()
      Retrieves the names of the auditors that should be invoked during the data security audit.
      Returns:
      The names of the include auditors that should be used for the task, or an empty list if either an exclude list should be used or all enabled auditors should be used.

    • getExcludeAuditors

      @NotNull public List<String> getExcludeAuditors()
      Retrieves the names of the auditors that should not be invoked during the audit.
      Returns:
      The names of the exclude auditors that should be used for the task, or an empty list if either an include list should be used or all enabled auditors should be used.

    • getBackendIDs

      @NotNull public List<String> getBackendIDs()
      Retrieves the backend IDs of the backends that should be examined during the course of the audit.
      Returns:
      The backend IDs of the backends that should be examined during the course of the audit, or an empty list if all backends that support this capability should be used.

    • getReportFilterStrings

      @NotNull public List<String> getReportFilterStrings()
      Retrieves the string representations of the report filters that should be used to identify which entries should be examined during the course of the audit.
      Returns:
      The string representations of the report filters that should be used to identify which entries should be examined during the course of the audit, or an empty list if all entries should be examined.

    • getReportFilters

      @NotNull public List<Filter> getReportFilters() throws LDAPException
      Retrieves the parsed report filters that should be used to identify which entries should be examined during the course of the audit.
      Returns:
      The parsed report filters that should be used to identify which entries should be examined during the course of the audit, or an empty list if all entries should be examined.
      Throws:
      LDAPException - If any of the filter strings cannot be parsed as a valid filter.

    • getOutputDirectory

      @Nullable public String getOutputDirectory()
      Retrieves the path to the directory on the server filesystem in which the report output files should be written.
      Returns:
      The path to the directory on the server filesystem in which the report output files should be written.

    • getRetainPreviousReportCount

      @Nullable public Integer getRetainPreviousReportCount()
      Retrieves the minimum number of previous audit data security reports that should be retained on the server after creating the new report, and any other reports may be candidates for removal.

      If neither a retain count nor a retain age is specified, then no attempt will be made to remove any previous reports. If both a retain count and a retain age are specified, then only reports that fall outside both sets of criteria will be candidates for removal.

      Retention functionality may only be used if the output directory is named with a valid timestamp formatted in accordance with the generalized time syntax. In such cases, any reports contained in a directory that are a peer of the specified output directory whose names are also valid timestamps will be considered. If any previous reports are to be removed, they will be removed in chronological order from oldest to youngest.
      Returns:
      The minimum number of previous audit data security reports that should be retained after creating the new report, or null if no retain count has been specified.

    • getRetainPreviousReportAge

      @Nullable public String getRetainPreviousReportAge()
      Retrieves the minimum age of previous audit data security reports that should be retained on the server after creating the new report, and any other reports may be candidates for removal. The age should be specified as a duration in a format compatible with the DurationArgument class (that is, an integer followed by a time unit).

      If neither a retain count nor a retain age is specified, then no attempt will be made to remove any previous reports. If both a retain count and a retain age are specified, then only reports that fall outside both sets of criteria will be candidates for removal.

      Retention functionality may only be used if the output directory is named with a valid timestamp formatted in accordance with the generalized time syntax. In such cases, any reports contained in a directory that are a peer of the specified output directory whose names are also valid timestamps will be considered. If any previous reports are to be removed, they will be removed in chronological order from oldest to youngest.
      Returns:
      The minimum length of time to retain previous audit data security reports after creating the new report, or null if no retain age has been specified.

    • getAdditionalObjectClasses

      @NotNull protected List<String> getAdditionalObjectClasses()
      Retrieves a list of the additional object classes (other than the base "top" and "ds-task" classes) that should be included when creating new task entries of this type.
      Overrides:
      getAdditionalObjectClasses in class Task
      Returns:
      A list of the additional object classes that should be included in new task entries of this type, or an empty list if there do not need to be any additional classes.

    • getAdditionalAttributes

      @NotNull protected List<Attribute> getAdditionalAttributes()
      Retrieves a list of the additional attributes (other than attributes common to all task types) that should be included when creating new task entries of this type.
      Overrides:
      getAdditionalAttributes in class Task
      Returns:
      A list of the additional attributes that should be included in new task entries of this type, or an empty list if there do not need to be any additional attributes.

    • getTaskSpecificProperties

      @NotNull public List<TaskProperty> getTaskSpecificProperties()
      Retrieves a list of task-specific properties that may be provided when scheduling a task of this type. This method should be overridden by subclasses in order to provide an appropriate set of properties.
      Overrides:
      getTaskSpecificProperties in class Task
      Returns:
      A list of task-specific properties that may be provided when scheduling a task of this type.

    • getTaskPropertyValues

      @NotNull public Map<TaskProperty,List<Object>> getTaskPropertyValues()
      Retrieves the values of the task properties for this task. The data type of the values will vary based on the data type of the corresponding task property and may be one of the following types: Boolean, Date, Long, or String. Task properties which do not have any values will be included in the map with an empty value list.

      Note that subclasses which have additional task properties should override this method and return a map which contains both the property values from this class (obtained from super.getTaskPropertyValues() and the values of their own task-specific properties.
      Overrides:
      getTaskPropertyValues in class Task
      Returns:
      A map of the task property values for this task.