View Javadoc
1   /*
2    *   Licensed to the Apache Software Foundation (ASF) under one
3    *   or more contributor license agreements.  See the NOTICE file
4    *   distributed with this work for additional information
5    *   regarding copyright ownership.  The ASF licenses this file
6    *   to you under the Apache License, Version 2.0 (the
7    *   "License"); you may not use this file except in compliance
8    *   with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *   Unless required by applicable law or agreed to in writing,
13   *   software distributed under the License is distributed on an
14   *   "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   *   KIND, either express or implied.  See the License for the
16   *   specific language governing permissions and limitations
17   *   under the License.
18   *
19   */
20  package org.apache.directory.server.core.api;
21  
22  
23  import java.io.IOException;
24  import java.net.SocketAddress;
25  import java.util.List;
26  import java.util.Set;
27  
28  import org.apache.directory.api.ldap.model.constants.AuthenticationLevel;
29  import org.apache.directory.api.ldap.model.cursor.Cursor;
30  import org.apache.directory.api.ldap.model.entry.Entry;
31  import org.apache.directory.api.ldap.model.entry.Modification;
32  import org.apache.directory.api.ldap.model.exception.LdapException;
33  import org.apache.directory.api.ldap.model.filter.ExprNode;
34  import org.apache.directory.api.ldap.model.message.AddRequest;
35  import org.apache.directory.api.ldap.model.message.AliasDerefMode;
36  import org.apache.directory.api.ldap.model.message.CompareRequest;
37  import org.apache.directory.api.ldap.model.message.Control;
38  import org.apache.directory.api.ldap.model.message.DeleteRequest;
39  import org.apache.directory.api.ldap.model.message.ModifyDnRequest;
40  import org.apache.directory.api.ldap.model.message.ModifyRequest;
41  import org.apache.directory.api.ldap.model.message.SearchRequest;
42  import org.apache.directory.api.ldap.model.message.SearchScope;
43  import org.apache.directory.api.ldap.model.message.UnbindRequest;
44  import org.apache.directory.api.ldap.model.name.Dn;
45  import org.apache.directory.api.ldap.model.name.Rdn;
46  import org.apache.directory.server.constants.ServerDNConstants;
47  import org.apache.directory.server.core.api.changelog.LogChange;
48  import org.apache.directory.server.core.api.interceptor.context.OperationContext;
49  import org.apache.directory.server.core.api.partition.Partition;
50  import org.apache.directory.server.core.api.partition.PartitionTxn;
51  
52  
53  /**
54   * An interface representing a session with the core DirectoryService. These 
55   * sessions may either be real representing LDAP sessions associated with an 
56   * actual LDAP network client, or may be virtual in which case there is no 
57   * real LDAP client associated with the session.  This interface is used by 
58   * the DirectoryService core to track session specific parameters used to make 
59   * various decisions during the course of operation handling.
60   * 
61   * @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
62   */
63  public interface CoreSession
64  {
65      /**
66       * Gets the DirectoryService this session is bound to.
67       *
68       * @return the DirectoryService associated with this session
69       */
70      DirectoryService getDirectoryService();
71  
72  
73      /**
74       * Gets the anonymous LDAP principal used to authenticate.
75       *
76       * @return the LdapPrincipal used to authenticate.
77       */
78      LdapPrincipal getAnonymousPrincipal();
79  
80  
81      /**
82       * Gets the LDAP principal used to authenticate.  This is the identity 
83       * used to establish this session on authentication.
84       *
85       * @return the LdapPrincipal used to authenticate.
86       */
87      LdapPrincipal getAuthenticatedPrincipal();
88  
89  
90      /**
91       * Gets the LDAP principal used for the effective identity associated with
92       * this session which may not be the same as the authenticated principal.  
93       * This principal is often the same as the authenticated principal.  
94       * Sometimes however, a user authenticating as one principal, may request 
95       * to have all operations performed in the session as if they were another 
96       * principal.  The SASL mechanism allows setting an authorized principal 
97       * which is in effect for the duration of the session.  In this case all 
98       * operations are performed as if they are being performed by this 
99       * principal.  This method will then return the authorized principal which
100      * will be different from the authenticated principal.
101      * 
102      * Implementations of this interface may have a means to set the 
103      * authorized principal which may or may not be the same as the 
104      * authenticated principal.  Implementations should default to return the 
105      * authenticated principal when an authorized principal is not provided.
106      *
107      * @return the LdapPrincipal to use as the effective principal
108      */
109     LdapPrincipal getEffectivePrincipal();
110 
111 
112     /**
113      * Gets whether or not confidentiality is enabled for this session.
114      * 
115      * @return true if confidentiality is enabled, false otherwise
116      */
117     boolean isConfidential();
118 
119 
120     /**
121      * Gets whether or not this user is anonymous.
122      *
123      * @return true if the identity is anonymous false otherwise
124      */
125     boolean isAnonymous();
126 
127 
128     /**
129      * Returns true if the effective principal associated with this session is 
130      * the administrator.
131      * 
132      * @see ServerDNConstants#ADMIN_SYSTEM_DN
133      * @return true if authorized as the administrator, false otherwise
134      */
135     boolean isAdministrator();
136 
137 
138     /**
139      * Returns true if the effective principal associated with this session is 
140      * the administrator or is within the administrators group.
141      *
142      * @see ServerDNConstants#ADMIN_SYSTEM_DN
143      * @see ServerDNConstants#ADMINISTRATORS_GROUP_DN
144      * @return true if authorized as an administrator, false otherwise
145      */
146     boolean isAnAdministrator();
147 
148 
149     /**
150      * Gets the authentication level associated with this session.
151      * 
152      * @return the authentication level associated with the session
153      */
154     AuthenticationLevel getAuthenticationLevel();
155 
156 
157     /**
158      * Gets the controls enabled for this session.
159      * 
160      * @return the session controls as a Set
161      */
162     Set<Control> getControls();
163 
164 
165     /**
166      * Gets all outstanding operations currently being performed that have yet 
167      * to be completed.
168      * 
169      * @return the set of outstanding operations
170      */
171     Set<OperationContext> getOutstandingOperations();
172 
173 
174     /**
175      * Gets whether or not this session is virtual.  Virtual sessions verses 
176      * real sessions represent logical sessions established by non-LDAP 
177      * services or embedding applications which do not expose the LDAP access.
178      *
179      * @return true if the session is virtual, false otherwise
180      */
181     boolean isVirtual();
182 
183 
184     /**
185      * Gets the socket address of the LDAP client or null if there is no LDAP
186      * client associated with the session.  Some calls to the core can be made
187      * by embedding applications or by non-LDAP services using a programmatic
188      * (virtual) session.  In these cases no client address is available.
189      * 
190      * @return null if the session is virtual, non-null when the session is 
191      * associated with a real LDAP client
192      */
193     SocketAddress getClientAddress();
194 
195 
196     /**
197      * Gets the socket address of the LDAP server or null if there is no LDAP
198      * service associated with the session.  Some calls to the core can be 
199      * made by embedding applications or by non-LDAP services using a 
200      * programmatic (virtual) session.  In these cases no service address is 
201      * available.
202      * 
203      * @return null if the session is virtual, non-null when the session is 
204      * associated with a real LDAP service
205      */
206     SocketAddress getServiceAddress();
207 
208 
209     // -----------------------------------------------------------------------
210     // Operation Methods
211     // -----------------------------------------------------------------------
212     /**
213      * Adds an entry into the DirectoryService associated with this CoreSession.
214      * 
215      * @param entry the entry to add
216      * @exception LdapException on failures to add the entry
217      */
218     void add( Entry entry ) throws LdapException;
219 
220 
221     /**
222      * Adds an entry into the DirectoryService associated with this CoreSession.
223      * 
224      * @param entry the entry to add
225      * @param log a flag set if the added entry should be stored in the changeLog
226      * @exception LdapException on failures to add the entry
227      */
228     void add( Entry entry, LogChange log ) throws LdapException;
229 
230 
231     /**
232      * Adds an entry into the DirectoryService associated with this CoreSession.
233      * The flag is used to tell the server to ignore the referrals and manipulate
234      * them as if they were normal entries.
235      * 
236      * @param entry the entry to add
237      * @param ignoreReferral a flag to tell the server to ignore referrals
238      * @exception LdapException on failures to add the entry
239      */
240     void add( Entry entry, boolean ignoreReferral ) throws LdapException;
241 
242 
243     /**
244      * Adds an entry into the DirectoryService associated with this CoreSession.
245      * The flag is used to tell the server to ignore the referrals and manipulate
246      * them as if they were normal entries.
247      * 
248      * @param entry the entry to add
249      * @param ignoreReferral a flag to tell the server to ignore referrals
250      * @param log a flag set if the added entry should be stored in the changeLog
251      * @exception LdapException on failures to add the entry
252      */
253     void add( Entry entry, boolean ignoreReferral, LogChange log ) throws LdapException;
254 
255 
256     /**
257      * Adds an entry into the DirectoryService associated with this CoreSession.
258      * The entry is built using the received AddRequest.
259      * 
260      * @param addRequest the request to execute
261      * @exception LdapException on failures to add the entry
262      */
263     void add( AddRequest addRequest ) throws LdapException;
264 
265 
266     /**
267      * Adds an entry into the DirectoryService associated with this CoreSession.
268      * The entry is built using the received AddRequest.
269      * 
270      * @param addRequest the request to execute
271      * @param log a flag set if the added entry should be stored in the changeLog
272      * @exception LdapException on failures to add the entry
273      */
274     void add( AddRequest addRequest, LogChange log ) throws LdapException;
275 
276 
277     /**
278      * Checks to see if an attribute in an entry contains a value.
279      *
280      * @param dn the distinguished name of the entry to check
281      * @param oid the OID of the attribute to check for the value
282      * @param value the value to check for
283      * @return <tt>true</tt> if the value exists in the entry
284      * @throws LdapException if there are failures while comparing
285      */
286     boolean compare( Dn dn, String oid, Object value ) throws LdapException;
287 
288 
289     /**
290      * Checks to see if an attribute in an entry contains a value.
291      * The flag is used to tell the server to ignore the referrals and manipulate
292      * them as if they were normal entries.
293      *
294      * @param dn the distinguished name of the entry to check
295      * @param oid the OID of the attribute to check for the value
296      * @param value the value to check for
297      * @param ignoreReferral a flag to tell the server to ignore referrals
298      * @return <tt>true</tt> if the value exists in the entry
299      * @throws LdapException if there are failures while comparing
300      */
301     boolean compare( Dn dn, String oid, Object value, boolean ignoreReferral ) throws LdapException;
302 
303 
304     /**
305      * Checks to see if an attribute in an entry contains a value.
306      *
307      * @param compareRequest the received request
308      * @return <tt>true</tt> if the value exists in the entry
309      * @throws LdapException if there are failures while comparing
310      */
311     boolean compare( CompareRequest compareRequest ) throws LdapException;
312 
313 
314     /**
315      * Deletes an entry in the server.
316      *
317      * @param dn the distinguished name of the entry to delete
318      * @throws LdapException if there are failures while deleting the entry
319      */
320     void delete( Dn dn ) throws LdapException;
321 
322 
323     /**
324      * Deletes an entry in the server.
325      *
326      * @param dn the distinguished name of the entry to delete
327      * @param log a flag set if the added entry should be stored in the changeLog
328      * @throws LdapException if there are failures while deleting the entry
329      */
330     void delete( Dn dn, LogChange log ) throws LdapException;
331 
332 
333     /**
334      * Deletes an entry in the server.
335      *
336      * @param deleteRequest the delete request containing all the informations 
337      * necessary to delete the entry
338      * @throws LdapException if there are failures while deleting the entry
339      */
340     void delete( DeleteRequest deleteRequest ) throws LdapException;
341 
342 
343     /**
344      * Deletes an entry in the server. The operation can be logged if requested
345      *
346      * @param deleteRequest the delete request containing all the informations 
347      * necessary to delete the entry
348      * @param log Tells if we should log the deletion in the ChangeLog interceptor
349      * @throws LdapException if there are failures while deleting the entry
350      */
351     void delete( DeleteRequest deleteRequest, LogChange log ) throws LdapException;
352 
353 
354     /**
355      * Deletes an entry in the server.
356      * The flag is used to tell the server to ignore the referrals and manipulate
357      * them as if they were normal entries.
358      *
359      * @param dn the distinguished name of the entry to delete
360      * @param ignoreReferral a flag to tell the server to ignore referrals
361      * @throws LdapException if there are failures while deleting the entry
362      */
363     void delete( Dn dn, boolean ignoreReferral ) throws LdapException;
364 
365 
366     /**
367      * Deletes an entry in the server.
368      * The flag is used to tell the server to ignore the referrals and manipulate
369      * them as if they were normal entries.
370      *
371      * @param dn the distinguished name of the entry to delete
372      * @param ignoreReferral a flag to tell the server to ignore referrals
373      * @param log a flag set if the added entry should be stored in the changeLog
374      * @throws LdapException if there are failures while deleting the entry
375      */
376     void delete( Dn dn, boolean ignoreReferral, LogChange log ) throws LdapException;
377 
378 
379     /**
380      * Checks to see if an entry exists.
381      * 
382      * @param dn The Dn for the entry  to find
383      * @return <tt>true</tt> if the entry exists
384      * @throws LdapException If we weren't able to fetch the entry
385      */
386     boolean exists( String dn ) throws LdapException;
387 
388 
389     /**
390      * Checks to see if an entry exists.
391      *  
392      * @param dn The Dn for the entry  to find
393      * @return <tt>true</tt> if the entry exists
394      * @throws LdapException If we weren't able to fetch the entry
395      */
396     boolean exists( Dn dn ) throws LdapException;
397 
398 
399     /**
400      * Looks up an entry in the server returning all attributes: both user and
401      * operational attributes.
402      *
403      * @param dn the name of the entry to lookup
404      * @param atIds The list of attributes to return
405      * @return The found Entry
406      * @throws LdapException if there are failures while looking up the entry
407      */
408     Entry lookup( Dn dn, String... atIds ) throws LdapException;
409 
410 
411     /**
412      * Looks up an entry in the server returning all attributes: both user and
413      * operational attributes.
414      *
415      * @param dn the name of the entry to lookup
416      * @param controls the Controls to use 
417      * @param atIds The list of attributes to return
418      * @return The found Entry
419      * @throws LdapException if there are failures while looking up the entry
420      */
421     Entry lookup( Dn dn, Control[] controls, String... atIds ) throws LdapException;
422 
423 
424     /**
425      * Modifies an entry within the server by applying a list of modifications 
426      * to the entry.
427      *
428      * @param dn the distinguished name of the entry to modify
429      * @param mods the list of modifications to apply
430      * @throws LdapException if there are failures while modifying the entry
431      */
432     void modify( Dn dn, List<Modification> mods ) throws LdapException;
433 
434 
435     /**
436      * Modifies an entry within the server by applying a list of modifications 
437      * to the entry.
438      *
439      * @param dn the distinguished name of the entry to modify
440      * @param mods the list of modifications to apply
441      * @throws LdapException if there are failures while modifying the entry
442      */
443     void modify( Dn dn, Modification... mods ) throws LdapException;
444 
445 
446     /**
447      * Modifies an entry within the server by applying a list of modifications 
448      * to the entry.
449      *
450      * @param dn the distinguished name of the entry to modify
451      * @param mods the list of modifications to apply
452      * @param log a flag set if the added entry should be stored in the changeLog
453      * @throws LdapException if there are failures while modifying the entry
454      */
455     void modify( Dn dn, List<Modification> mods, LogChange log ) throws LdapException;
456 
457 
458     /**
459      * Modifies an entry within the server by applying a list of modifications 
460      * to the entry.
461      * The flag is used to tell the server to ignore the referrals and manipulate
462      * them as if they were normal entries.
463      *
464      * @param dn the distinguished name of the entry to modify
465      * @param ignoreReferral a flag to tell the server to ignore referrals
466      * @param mods the list of modifications to apply
467      * @throws LdapException if there are failures while modifying the entry
468      */
469     void modify( Dn dn, List<Modification> mods, boolean ignoreReferral ) throws LdapException;
470 
471 
472     /**
473      * Modifies an entry within the server by applying a list of modifications 
474      * to the entry.
475      * The flag is used to tell the server to ignore the referrals and manipulate
476      * them as if they were normal entries.
477      *
478      * @param dn the distinguished name of the entry to modify
479      * @param ignoreReferral a flag to tell the server to ignore referrals
480      * @param mods the list of modifications to apply
481      * @param log a flag set if the added entry should be stored in the changeLog
482      * @throws LdapException if there are failures while modifying the entry
483      */
484     void modify( Dn dn, List<Modification> mods, boolean ignoreReferral, LogChange log ) throws LdapException;
485 
486 
487     void modify( ModifyRequest modifyRequest ) throws LdapException;
488 
489 
490     void modify( ModifyRequest modifyRequest, LogChange log ) throws LdapException;
491 
492 
493     /**
494      * Moves an entry or a branch of entries at a specified distinguished name
495      * to a position under a new parent.
496      * 
497      * @param dn the distinguished name of the entry/branch to move
498      * @param newParent the new parent under which the entry/branch is moved
499      * @exception LdapException if there are failures while moving the entry/branch
500      */
501     void move( Dn dn, Dn newParent ) throws LdapException;
502 
503 
504     /**
505      * Moves an entry or a branch of entries at a specified distinguished name
506      * to a position under a new parent.
507      * 
508      * @param dn the distinguished name of the entry/branch to move
509      * @param newParent the new parent under which the entry/branch is moved
510      * @param log a flag set if the added entry should be stored in the changeLog
511      * @exception LdapException if there are failures while moving the entry/branch
512      */
513     void move( Dn dn, Dn newParent, LogChange log ) throws LdapException;
514 
515 
516     /**
517      * Moves an entry or a branch of entries at a specified distinguished name
518      * to a position under a new parent.
519      * 
520      * @param dn the distinguished name of the entry/branch to move
521      * @param newParent the new parent under which the entry/branch is moved
522      * @param ignoreReferral a flag to tell the server to ignore referrals
523      * @exception LdapException if there are failures while moving the entry/branch
524      */
525     void move( Dn dn, Dn newParent, boolean ignoreReferral ) throws Exception;
526 
527 
528     /**
529      * Moves an entry or a branch of entries at a specified distinguished name
530      * to a position under a new parent.
531      * 
532      * @param dn the distinguished name of the entry/branch to move
533      * @param newParent the new parent under which the entry/branch is moved
534      * @param ignoreReferral a flag to tell the server to ignore referrals
535      * @param log a flag set if the added entry should be stored in the changeLog
536      * @exception LdapException if there are failures while moving the entry/branch
537      */
538     void move( Dn dn, Dn newParent, boolean ignoreReferral, LogChange log ) throws LdapException;
539 
540 
541     /**
542      * Move an entry by changing its superior.
543      *
544      * @param modifyDnRequest The ModifyDN request
545      * @throws LdapException if there are failures while moving the entry/branch
546      */
547     void move( ModifyDnRequest modifyDnRequest ) throws LdapException;
548 
549 
550     /**
551      * Move an entry by changing its superior.
552      *
553      * @param modifyDnRequest The ModifyDN request
554      * @param log a flag set if the added entry should be stored in the changeLog
555      * @throws LdapException if there are failures while moving the entry/branch
556      */
557     void move( ModifyDnRequest modifyDnRequest, LogChange log ) throws LdapException;
558 
559 
560     /**
561      * Moves and renames (the relative distinguished name of) an entry (or a 
562      * branch if the entry has children) at a specified distinguished name to 
563      * a position under a new parent.
564      * 
565      * @param dn the distinguished name of the entry/branch to move
566      * @param newParent the new parent under which the entry/branch is moved
567      * @param newRdn the new relative distinguished name of the entry at the 
568      * root of the branch
569      * @param deleteOldRdn If the old Rdn must be deleted
570      * @exception LdapException if there are failures while moving and renaming the entry
571      * or branch
572      */
573     void moveAndRename( Dn dn, Dn newParent, Rdn newRdn, boolean deleteOldRdn ) throws LdapException;
574 
575 
576     /**
577      * Moves and renames (the relative distinguished name of) an entry (or a 
578      * branch if the entry has children) at a specified distinguished name to 
579      * a position under a new parent.
580      * 
581      * @param dn the distinguished name of the entry/branch to move
582      * @param newParent the new parent under which the entry/branch is moved
583      * @param newRdn the new relative distinguished name of the entry at the 
584      * root of the branch
585      * @param deleteOldRdn If the old Rdn must be deleted
586      * @param log a flag set if the added entry should be stored in the changeLog
587      * @exception LdapException if there are failures while moving and renaming the entry
588      * or branch
589      */
590     void moveAndRename( Dn dn, Dn newParent, Rdn newRdn, boolean deleteOldRdn, LogChange log ) throws LdapException;
591 
592 
593     /**
594      * Moves and renames (the relative distinguished name of) an entry (or a 
595      * branch if the entry has children) at a specified distinguished name to 
596      * a position under a new parent.
597      * 
598      * @param dn the distinguished name of the entry/branch to move
599      * @param newParent the new parent under which the entry/branch is moved
600      * @param newRdn the new relative distinguished name of the entry at the 
601      * root of the branch
602      * @param deleteOldRdn If the old Rdn must be deleted
603      * @param ignoreReferral  a flag to tell the server to ignore referrals
604      * @exception LdapException if there are failures while moving and renaming the entry
605      * or branch
606      */
607     void moveAndRename( Dn dn, Dn newParent, Rdn newRdn, boolean deleteOldRdn, boolean ignoreReferral )
608         throws LdapException;
609 
610 
611     /**
612      * Moves and renames (the relative distinguished name of) an entry (or a 
613      * branch if the entry has children) at a specified distinguished name to 
614      * a position under a new parent.
615      * 
616      * @param dn the distinguished name of the entry/branch to move
617      * @param newParent the new parent under which the entry/branch is moved
618      * @param newRdn the new relative distinguished name of the entry at the 
619      * root of the branch
620      * @param deleteOldRdn If the old Rdn must be deleted
621      * @param ignoreReferral  a flag to tell the server to ignore referrals
622      * @param log a flag set if the added entry should be stored in the changeLog
623      * @exception LdapException if there are failures while moving and renaming the entry
624      * or branch
625      */
626     void moveAndRename( Dn dn, Dn newParent, Rdn newRdn, boolean deleteOldRdn, boolean ignoreReferral, LogChange log )
627         throws LdapException;
628 
629 
630     /**
631      * Move and rename an entry. We change the Rdn and the superior.
632      *
633      * @param modifyDnRequest The move and rename request
634      * @throws LdapException if there are failures while moving and renaming the entry
635      * or branch
636      */
637     void moveAndRename( ModifyDnRequest modifyDnRequest ) throws LdapException;
638 
639 
640     /**
641      * Move and rename an entry. We change the Rdn and the superior.
642      *
643      * @param modifyDnRequest The move and rename request
644      * @param log a flag set if the added entry should be stored in the changeLog
645      * @throws LdapException if there are failures while moving and renaming the entry
646      * or branch
647      */
648     void moveAndRename( ModifyDnRequest modifyDnRequest, LogChange log ) throws LdapException;
649 
650 
651     /**
652      * Renames an entry by changing it's relative distinguished name.  This 
653      * has the side effect of changing the distinguished name of all entries
654      * directly or indirectly subordinate to the named entry if it has 
655      * descendants.
656      *
657      * @param dn the distinguished name of the entry to rename
658      * @param newRdn the new relative distinguished name for the entry
659      * @param deleteOldRdn whether or not the old value for the relative 
660      * distinguished name is to be deleted from the entry
661      * @throws LdapException if there are failures while renaming the entry
662      */
663     void rename( Dn dn, Rdn newRdn, boolean deleteOldRdn ) throws LdapException;
664 
665 
666     /**
667      * Renames an entry by changing it's relative distinguished name.  This 
668      * has the side effect of changing the distinguished name of all entries
669      * directly or indirectly subordinate to the named entry if it has 
670      * descendants.
671      *
672      * @param dn the distinguished name of the entry to rename
673      * @param newRdn the new relative distinguished name for the entry
674      * @param deleteOldRdn whether or not the old value for the relative 
675      * distinguished name is to be deleted from the entry
676      * @param log a flag set if the added entry should be stored in the changeLog
677      * @throws LdapException if there are failures while renaming the entry
678      */
679     void rename( Dn dn, Rdn newRdn, boolean deleteOldRdn, LogChange log ) throws LdapException;
680 
681 
682     /**
683      * Renames an entry by changing it's relative distinguished name.  This 
684      * has the side effect of changing the distinguished name of all entries
685      * directly or indirectly subordinate to the named entry if it has 
686      * descendants.
687      *
688      * @param dn the distinguished name of the entry to rename
689      * @param newRdn the new relative distinguished name for the entry
690      * @param deleteOldRdn whether or not the old value for the relative 
691      * distinguished name is to be deleted from the entry
692      * @param ignoreReferral a flag to tell the server to ignore referrals
693      * @throws LdapException if there are failures while renaming the entry
694      */
695     void rename( Dn dn, Rdn newRdn, boolean deleteOldRdn, boolean ignoreReferral ) throws LdapException;
696 
697 
698     /**
699      * Renames an entry by changing it's relative distinguished name.  This 
700      * has the side effect of changing the distinguished name of all entries
701      * directly or indirectly subordinate to the named entry if it has 
702      * descendants.
703      *
704      * @param dn the distinguished name of the entry to rename
705      * @param newRdn the new relative distinguished name for the entry
706      * @param deleteOldRdn whether or not the old value for the relative 
707      * distinguished name is to be deleted from the entry
708      * @param ignoreReferral a flag to tell the server to ignore referrals
709      * @param log a flag set if the added entry should be stored in the changeLog
710      * @throws LdapException if there are failures while renaming the entry
711      */
712     void rename( Dn dn, Rdn newRdn, boolean deleteOldRdn, boolean ignoreReferral, LogChange log ) throws LdapException;
713 
714 
715     /**
716      * Rename an entry applying the ModifyDN request 
717      *
718      * @param modifyDnRequest The requested modification
719      * @throws LdapException if there are failures while renaming the entry
720      */
721     void rename( ModifyDnRequest modifyDnRequest ) throws LdapException;
722 
723 
724     /**
725      * Rename an entry applying the ModifyDN request 
726      *
727      * @param modifyDnRequest The requested modification
728      * @param log a flag set if the added entry should be stored in the changeLog
729      * @throws LdapException if there are failures while renaming the entry
730      */
731     void rename( ModifyDnRequest modifyDnRequest, LogChange log ) throws LdapException;
732 
733 
734     /**
735      * An optimized search operation using one level search scope which 
736      * returns all the children of an entry specified by distinguished name.
737      * This is equivalent to a search operation with one level scope using
738      * the <code>(objectClass=*)</code> filter.
739      *
740      * @param dn the distinguished name of the entry to list the children of
741      * @param aliasDerefMode the alias dereferencing mode used
742      * @param returningAttributes the attributes to return
743      * @return A cursor to brows the search results
744      * @throws LdapException if there are failures while listing children
745      */
746     Cursor<Entry> list( Dn dn, AliasDerefMode aliasDerefMode,
747         String... returningAttributes ) throws LdapException;
748 
749 
750     /**
751      * Searches the directory using a specified filter. The scope is defaulting
752      * to 'base'. The alias dereferencing default to 'always'. the returned attributes 
753      * defaults to 'all the user attributes)
754      *
755      * @param dn the distinguished name of the entry to list the children of
756      * @param filter the search filter
757      * @return A cursor to brows the search results
758      * @throws LdapException if there are failures while listing children
759      */
760     Cursor<Entry> search( Dn dn, String filter ) throws LdapException;
761 
762 
763     /**
764      * Searches the directory using a specified filter. The scope is defaulting
765      * to 'base'. The alias dereferencing default to 'always'. the returned attributes 
766      * defaults to 'all the user attributes)
767      *
768      * @param dn the distinguished name of the entry to list the children of
769      * @param filter the search filter
770      * @param ignoreReferrals a flag to tell the server to ignore referrals
771      * @return A cursor to brows the search results
772      * @throws LdapException if there are failures while listing children
773      */
774     Cursor<Entry> search( Dn dn, String filter, boolean ignoreReferrals ) throws LdapException;
775 
776 
777     /**
778      * Searches the directory using a specified search scope and filter.
779      *
780      * @param dn the distinguished name of the entry to list the children of
781      * @param scope the search scope to apply
782      * @param filter the search filter
783      * @param aliasDerefMode the alias dereferencing mode used
784      * @param returningAttributes the attributes to return
785      * @return A cursor to brows the search results
786      * @throws LdapException if there are failures while listing children
787      */
788     Cursor<Entry> search( Dn dn, SearchScope scope, ExprNode filter, AliasDerefMode aliasDerefMode,
789         String... returningAttributes ) throws LdapException;
790 
791 
792     Cursor<Entry> search( SearchRequest searchRequest ) throws LdapException;
793 
794 
795     /**
796      * Unbind from the current LdapSession.
797      * 
798      * @throws LdapException If the operation failed
799      */
800     void unbind() throws LdapException;
801 
802 
803     /**
804      * Unbind from the current LdapSession.
805      * 
806      * @param unbindRequest The Unbind requst, potentially containing some controls
807      * @throws LdapException If the operation failed
808      */
809     void unbind( UnbindRequest unbindRequest ) throws LdapException;
810     
811     
812     /**
813      * @return true if the password must be changed
814      */
815     boolean isPwdMustChange();
816 
817     
818     /**
819      * Sets if the passwords must be changed. If set to true then this session is
820      * only allowed to perform modify password, bind, unbind, abandon and StartTLS
821      * extended operation only as specified in section #8.1.2.2 of the password policy
822      * <a href="http://tools.ietf.org/id/draft-behera-ldap-password-policy-10.txt">spec</a> 
823      * 
824      * @param pwdMustChange If the password must change or not
825      */
826     void setPwdMustChange( boolean pwdMustChange );
827     
828     
829     /**
830      * @return <tt>true</tt> if a session transaction has been started
831      */
832     boolean hasSessionTransaction();
833     
834     
835     /**
836      * Set the flag indicating we have received the startTransaction extended operation
837      * 
838      * @return The transaction ID
839      */
840     long beginSessionTransaction();
841     
842     
843     /**
844      * Set the flag indicating we have received the sendTransaction extended operation
845      * 
846      * @param commit If we have to commit or rollback the transaction
847      * @throws IOException If one of the transaction cannot be closed
848      */
849     void endSessionTransaction( boolean commit ) throws IOException;
850     
851     
852     /**
853      * Retrieve a transaction associated with a partition, if we have one.
854      * 
855      * @return The found transaction, or null if no transaction  has been started
856      * @param partition The Partition 
857      */
858     PartitionTxn getTransaction( Partition partition );
859     
860     
861     /**
862      * Add a transaction associated with a partition if it's not already stored in teh 
863      * transaction map.
864      * 
865      * @param partition The Partition which will be associated with the transaction
866      * @param transaction The transaction to set
867      */
868     void addTransaction( Partition partition, PartitionTxn transaction );
869 }