/*
 * Copyright 2013-2017 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.cloudfoundry.uaa.identityproviders;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
import org.cloudfoundry.Nullable;
import org.immutables.value.Value;

/**
 * The payload for the ldap identity provider configuration
 */
@JsonDeserialize
@Value.Immutable
abstract class _LdapConfiguration extends AbstractExternalIdentityProviderConfiguration {

    /**
     * Determines whether or not shadow users must be created before login by an administrator.
     */
    @JsonProperty("addShadowUserOnLogin")
    @Nullable
    abstract Boolean getAddShadowUserOnLogin();

    /**
     * The auto add group flag
     */
    @JsonProperty("autoAddGroups")
    @Nullable
    abstract Boolean getAutoAddGroups();

    /**
     * The URL to the ldap server, must start with ldap:// or ldaps://
     */
    @JsonProperty("baseUrl")
    abstract String getBaseUrl();

    /**
     * If you specified BindUserDN, then specify the corresponding password to be used for binding here.
     */
    @JsonProperty("bindPassword")
    @Nullable
    abstract String getBindPassword();

    /**
     * The distinguished name the gatekeeper uses to bind to the LDAP server.
     */
    @JsonProperty("bindUserDn")
    @Nullable
    abstract String getBindUserDistinguishedName();

    /**
     * The group role attribute
     */
    @JsonProperty("groupRoleAttribute")
    @Nullable
    abstract String getGroupRoleAttribute();

    /**
     * The group search base
     */
    @JsonProperty("groupSearchBase")
    @Nullable
    abstract String getGroupSearchBase();

    /**
     * The maximum group search depth limit
     */
    @JsonProperty("maxGroupSearchDepth")
    @Nullable
    abstract Integer getGroupSearchDepthLimit();

    /**
     * The group search filter
     */
    @JsonProperty("groupSearchFilter")
    @Nullable
    abstract String getGroupSearchFilter();

    /**
     * The group search subtree
     */
    @JsonProperty("groupSearchSubTree")
    @Nullable
    abstract Boolean getGroupSearchSubTree();

    /**
     * The group ignore partial search result flag
     */
    @JsonProperty("groupsIgnorePartialResults")
    @Nullable
    abstract Boolean getGroupsIgnorePartialResults();

    /**
     * The file to be used for group integration.
     */
    @JsonProperty("ldapGroupFile")
    abstract LdapGroupFile getLdapGroupFile();

    /**
     * The file to be used for configuring the LDAP authentication.
     */
    @JsonProperty("ldapProfileFile")
    abstract LdapProfileFile getLdapProfileFile();

    /**
     *
     */
    @JsonProperty("localPasswordCompare")
    @Nullable
    abstract Boolean getLocalPasswordCompare();

    /**
     * The name of the LDAP attribute that contains the user’s email address
     */
    @JsonProperty("mailAttributeName")
    @Nullable
    abstract String getMailAttributeName();

    /**
     * Defines an email pattern containing a {0} to generate an email address for an LDAP user during authentication
     */
    @JsonProperty("mailSubstitute")
    @Nullable
    abstract String getMailSubstitute();

    /**
     * Set to true if you wish to override an LDAP user email address with a generated one
     */
    @JsonProperty("mailSubstituteOverridesLdap")
    @Nullable
    abstract Boolean getMailSubstituteOverridesLdap();

    /**
     * The password attribute name
     */
    @JsonProperty("passwordAttributeName")
    @Nullable
    abstract String getPasswordAttributeName();

    /**
     * The password encoder
     */
    @JsonProperty("passwordEncoder")
    @Nullable
    abstract String getPasswordEncoder();

    /**
     * Configures the UAA LDAP referral behavior. The following values are possible: - follow → Referrals are followed - ignore → Referrals are ignored and the partial result is returned - throw → An
     * error is thrown and the authentication is aborted
     */
    @JsonProperty("referral")
    @Nullable
    abstract String getReferral();

    /**
     * Skips validation of the LDAP cert if set to true.
     */
    @JsonProperty("skipSSLVerification")
    @Nullable
    abstract Boolean getSkipSSLVerification();

    /**
     * The StartTLS options
     */
    @JsonProperty("tlsConfiguration")
    @Nullable
    abstract TlsConfiguration getTlsConfiguration();

    /**
     * The user distinguished name pattern
     */
    @JsonProperty("userDNPattern")
    @Nullable
    abstract String getUserDistinguishedNamePattern();

    /**
     * The user distinguished name pattern delimiter
     */
    @JsonProperty("userDNPatternDelimiter")
    @Nullable
    abstract String getUserDistinguishedNamePatternDelimiter();

    /**
     * The user search base
     */
    @JsonProperty("userSearchBase")
    @Nullable
    abstract String getUserSearchBase();

    /**
     * The user search filter
     */
    @JsonProperty("userSearchFilter")
    @Nullable
    abstract String getUserSearchFilter();

}