org.opends.server.admin.std.client
Interface PasswordPolicyCfgClient

All Superinterfaces:
ConfigurationClient

public interface PasswordPolicyCfgClient
extends ConfigurationClient

A client-side interface for reading and modifying Password Policy settings.

Password Policies define a number of password management rules, as well as requirements for authentication processing.


Method Summary
 ManagedObjectDefinition<? extends PasswordPolicyCfgClient,? extends PasswordPolicyCfg> definition()
          Get the configuration definition associated with this Password Policy.
 java.util.SortedSet<java.lang.String> getAccountStatusNotificationHandler()
          Gets the "account-status-notification-handler" property.
 java.util.SortedSet<java.lang.String> getDefaultPasswordStorageScheme()
          Gets the "default-password-storage-scheme" property.
 java.util.SortedSet<java.lang.String> getDeprecatedPasswordStorageScheme()
          Gets the "deprecated-password-storage-scheme" property.
 int getGraceLoginCount()
          Gets the "grace-login-count" property.
 long getIdleLockoutInterval()
          Gets the "idle-lockout-interval" property.
 AttributeType getLastLoginTimeAttribute()
          Gets the "last-login-time-attribute" property.
 java.lang.String getLastLoginTimeFormat()
          Gets the "last-login-time-format" property.
 long getLockoutDuration()
          Gets the "lockout-duration" property.
 int getLockoutFailureCount()
          Gets the "lockout-failure-count" property.
 long getLockoutFailureExpirationInterval()
          Gets the "lockout-failure-expiration-interval" property.
 long getMaxPasswordAge()
          Gets the "max-password-age" property.
 long getMaxPasswordResetAge()
          Gets the "max-password-reset-age" property.
 long getMinPasswordAge()
          Gets the "min-password-age" property.
 AttributeType getPasswordAttribute()
          Gets the "password-attribute" property.
 long getPasswordExpirationWarningInterval()
          Gets the "password-expiration-warning-interval" property.
 java.lang.String getPasswordGenerator()
          Gets the "password-generator" property.
 int getPasswordHistoryCount()
          Gets the "password-history-count" property.
 long getPasswordHistoryDuration()
          Gets the "password-history-duration" property.
 java.util.SortedSet<java.lang.String> getPasswordValidator()
          Gets the "password-validator" property.
 java.util.SortedSet<java.lang.String> getPreviousLastLoginTimeFormat()
          Gets the "previous-last-login-time-format" property.
 java.lang.String getRequireChangeByTime()
          Gets the "require-change-by-time" property.
 PasswordPolicyCfgDefn.StateUpdateFailurePolicy getStateUpdateFailurePolicy()
          Gets the "state-update-failure-policy" property.
 boolean isAllowExpiredPasswordChanges()
          Gets the "allow-expired-password-changes" property.
 boolean isAllowMultiplePasswordValues()
          Gets the "allow-multiple-password-values" property.
 boolean isAllowPreEncodedPasswords()
          Gets the "allow-pre-encoded-passwords" property.
 boolean isAllowUserPasswordChanges()
          Gets the "allow-user-password-changes" property.
 boolean isExpirePasswordsWithoutWarning()
          Gets the "expire-passwords-without-warning" property.
 boolean isForceChangeOnAdd()
          Gets the "force-change-on-add" property.
 boolean isForceChangeOnReset()
          Gets the "force-change-on-reset" property.
 boolean isPasswordChangeRequiresCurrentPassword()
          Gets the "password-change-requires-current-password" property.
 boolean isRequireSecureAuthentication()
          Gets the "require-secure-authentication" property.
 boolean isRequireSecurePasswordChanges()
          Gets the "require-secure-password-changes" property.
 boolean isSkipValidationForAdministrators()
          Gets the "skip-validation-for-administrators" property.
 void setAccountStatusNotificationHandler(java.util.Collection<java.lang.String> values)
          Sets the "account-status-notification-handler" property.
 void setAllowExpiredPasswordChanges(java.lang.Boolean value)
          Sets the "allow-expired-password-changes" property.
 void setAllowMultiplePasswordValues(java.lang.Boolean value)
          Sets the "allow-multiple-password-values" property.
 void setAllowPreEncodedPasswords(java.lang.Boolean value)
          Sets the "allow-pre-encoded-passwords" property.
 void setAllowUserPasswordChanges(java.lang.Boolean value)
          Sets the "allow-user-password-changes" property.
 void setDefaultPasswordStorageScheme(java.util.Collection<java.lang.String> values)
          Sets the "default-password-storage-scheme" property.
 void setDeprecatedPasswordStorageScheme(java.util.Collection<java.lang.String> values)
          Sets the "deprecated-password-storage-scheme" property.
 void setExpirePasswordsWithoutWarning(java.lang.Boolean value)
          Sets the "expire-passwords-without-warning" property.
 void setForceChangeOnAdd(java.lang.Boolean value)
          Sets the "force-change-on-add" property.
 void setForceChangeOnReset(java.lang.Boolean value)
          Sets the "force-change-on-reset" property.
 void setGraceLoginCount(java.lang.Integer value)
          Sets the "grace-login-count" property.
 void setIdleLockoutInterval(java.lang.Long value)
          Sets the "idle-lockout-interval" property.
 void setLastLoginTimeAttribute(AttributeType value)
          Sets the "last-login-time-attribute" property.
 void setLastLoginTimeFormat(java.lang.String value)
          Sets the "last-login-time-format" property.
 void setLockoutDuration(java.lang.Long value)
          Sets the "lockout-duration" property.
 void setLockoutFailureCount(java.lang.Integer value)
          Sets the "lockout-failure-count" property.
 void setLockoutFailureExpirationInterval(java.lang.Long value)
          Sets the "lockout-failure-expiration-interval" property.
 void setMaxPasswordAge(java.lang.Long value)
          Sets the "max-password-age" property.
 void setMaxPasswordResetAge(java.lang.Long value)
          Sets the "max-password-reset-age" property.
 void setMinPasswordAge(java.lang.Long value)
          Sets the "min-password-age" property.
 void setPasswordAttribute(AttributeType value)
          Sets the "password-attribute" property.
 void setPasswordChangeRequiresCurrentPassword(java.lang.Boolean value)
          Sets the "password-change-requires-current-password" property.
 void setPasswordExpirationWarningInterval(java.lang.Long value)
          Sets the "password-expiration-warning-interval" property.
 void setPasswordGenerator(java.lang.String value)
          Sets the "password-generator" property.
 void setPasswordHistoryCount(java.lang.Integer value)
          Sets the "password-history-count" property.
 void setPasswordHistoryDuration(java.lang.Long value)
          Sets the "password-history-duration" property.
 void setPasswordValidator(java.util.Collection<java.lang.String> values)
          Sets the "password-validator" property.
 void setPreviousLastLoginTimeFormat(java.util.Collection<java.lang.String> values)
          Sets the "previous-last-login-time-format" property.
 void setRequireChangeByTime(java.lang.String value)
          Sets the "require-change-by-time" property.
 void setRequireSecureAuthentication(java.lang.Boolean value)
          Sets the "require-secure-authentication" property.
 void setRequireSecurePasswordChanges(java.lang.Boolean value)
          Sets the "require-secure-password-changes" property.
 void setSkipValidationForAdministrators(java.lang.Boolean value)
          Sets the "skip-validation-for-administrators" property.
 void setStateUpdateFailurePolicy(PasswordPolicyCfgDefn.StateUpdateFailurePolicy value)
          Sets the "state-update-failure-policy" property.
 
Methods inherited from interface org.opends.server.admin.ConfigurationClient
commit, properties
 

Method Detail

definition

ManagedObjectDefinition<? extends PasswordPolicyCfgClient,? extends PasswordPolicyCfg> definition()
Get the configuration definition associated with this Password Policy.

Specified by:
definition in interface ConfigurationClient
Returns:
Returns the configuration definition associated with this Password Policy.

getAccountStatusNotificationHandler

java.util.SortedSet<java.lang.String> getAccountStatusNotificationHandler()
Gets the "account-status-notification-handler" property.

Specifies the names of the account status notification handlers that are used with the associated password storage scheme.

Returns:
Returns the values of the "account-status-notification-handler" property.

setAccountStatusNotificationHandler

void setAccountStatusNotificationHandler(java.util.Collection<java.lang.String> values)
                                         throws IllegalPropertyValueException
Sets the "account-status-notification-handler" property.

Specifies the names of the account status notification handlers that are used with the associated password storage scheme.

Parameters:
values - The values of the "account-status-notification-handler" property.
Throws:
IllegalPropertyValueException - If one or more of the new values are invalid.

isAllowExpiredPasswordChanges

boolean isAllowExpiredPasswordChanges()
Gets the "allow-expired-password-changes" property.

Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation.

Returns:
Returns the value of the "allow-expired-password-changes" property.

setAllowExpiredPasswordChanges

void setAllowExpiredPasswordChanges(java.lang.Boolean value)
                                    throws IllegalPropertyValueException
Sets the "allow-expired-password-changes" property.

Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation.

Parameters:
value - The value of the "allow-expired-password-changes" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isAllowMultiplePasswordValues

boolean isAllowMultiplePasswordValues()
Gets the "allow-multiple-password-values" property.

Indicates whether user entries can have multiple distinct values for the password attribute.

This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints.

Returns:
Returns the value of the "allow-multiple-password-values" property.

setAllowMultiplePasswordValues

void setAllowMultiplePasswordValues(java.lang.Boolean value)
                                    throws IllegalPropertyValueException
Sets the "allow-multiple-password-values" property.

Indicates whether user entries can have multiple distinct values for the password attribute.

This is potentially dangerous because many mechanisms used to change the password do not work well with such a configuration. If multiple password values are allowed, then any of them can be used to authenticate, and they are all subject to the same policy constraints.

Parameters:
value - The value of the "allow-multiple-password-values" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isAllowPreEncodedPasswords

boolean isAllowPreEncodedPasswords()
Gets the "allow-pre-encoded-passwords" property.

Indicates whether users can change their passwords by providing a pre-encoded value.

This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it.

Returns:
Returns the value of the "allow-pre-encoded-passwords" property.

setAllowPreEncodedPasswords

void setAllowPreEncodedPasswords(java.lang.Boolean value)
                                 throws IllegalPropertyValueException
Sets the "allow-pre-encoded-passwords" property.

Indicates whether users can change their passwords by providing a pre-encoded value.

This can cause a security risk because the clear-text version of the password is not known and therefore validation checks cannot be applied to it.

Parameters:
value - The value of the "allow-pre-encoded-passwords" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isAllowUserPasswordChanges

boolean isAllowUserPasswordChanges()
Gets the "allow-user-password-changes" property.

Indicates whether users can change their own passwords.

This check is made in addition to access control evaluation. Both must allow the password change for it to occur.

Returns:
Returns the value of the "allow-user-password-changes" property.

setAllowUserPasswordChanges

void setAllowUserPasswordChanges(java.lang.Boolean value)
                                 throws IllegalPropertyValueException
Sets the "allow-user-password-changes" property.

Indicates whether users can change their own passwords.

This check is made in addition to access control evaluation. Both must allow the password change for it to occur.

Parameters:
value - The value of the "allow-user-password-changes" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getDefaultPasswordStorageScheme

java.util.SortedSet<java.lang.String> getDefaultPasswordStorageScheme()
Gets the "default-password-storage-scheme" property.

Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy.

Returns:
Returns the values of the "default-password-storage-scheme" property.

setDefaultPasswordStorageScheme

void setDefaultPasswordStorageScheme(java.util.Collection<java.lang.String> values)
                                     throws IllegalPropertyValueException
Sets the "default-password-storage-scheme" property.

Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy.

Parameters:
values - The values of the "default-password-storage-scheme" property.
Throws:
IllegalPropertyValueException - If one or more of the new values are invalid.

getDeprecatedPasswordStorageScheme

java.util.SortedSet<java.lang.String> getDeprecatedPasswordStorageScheme()
Gets the "deprecated-password-storage-scheme" property.

Specifies the names of the password storage schemes that are considered deprecated for this password policy.

If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s).

Returns:
Returns the values of the "deprecated-password-storage-scheme" property.

setDeprecatedPasswordStorageScheme

void setDeprecatedPasswordStorageScheme(java.util.Collection<java.lang.String> values)
                                        throws IllegalPropertyValueException
Sets the "deprecated-password-storage-scheme" property.

Specifies the names of the password storage schemes that are considered deprecated for this password policy.

If a user with this password policy authenticates to the server and his/her password is encoded with a deprecated scheme, those values are removed and replaced with values encoded using the default password storage scheme(s).

Parameters:
values - The values of the "deprecated-password-storage-scheme" property.
Throws:
IllegalPropertyValueException - If one or more of the new values are invalid.

isExpirePasswordsWithoutWarning

boolean isExpirePasswordsWithoutWarning()
Gets the "expire-passwords-without-warning" property.

Indicates whether the Directory Server allows a user's password to expire even if that user has never seen an expiration warning notification.

If this property is true, accounts always expire when the expiration time arrives. If this property is false disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval.

Returns:
Returns the value of the "expire-passwords-without-warning" property.

setExpirePasswordsWithoutWarning

void setExpirePasswordsWithoutWarning(java.lang.Boolean value)
                                      throws IllegalPropertyValueException
Sets the "expire-passwords-without-warning" property.

Indicates whether the Directory Server allows a user's password to expire even if that user has never seen an expiration warning notification.

If this property is true, accounts always expire when the expiration time arrives. If this property is false disabled, the user always receives at least one warning notification, and the password expiration is set to the warning time plus the warning interval.

Parameters:
value - The value of the "expire-passwords-without-warning" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isForceChangeOnAdd

boolean isForceChangeOnAdd()
Gets the "force-change-on-add" property.

Indicates whether users are forced to change their passwords upon first authenticating to the Directory Server after their account has been created.

Returns:
Returns the value of the "force-change-on-add" property.

setForceChangeOnAdd

void setForceChangeOnAdd(java.lang.Boolean value)
                         throws IllegalPropertyValueException
Sets the "force-change-on-add" property.

Indicates whether users are forced to change their passwords upon first authenticating to the Directory Server after their account has been created.

Parameters:
value - The value of the "force-change-on-add" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isForceChangeOnReset

boolean isForceChangeOnReset()
Gets the "force-change-on-reset" property.

Indicates whether users are forced to change their passwords if they are reset by an administrator.

For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator.

Returns:
Returns the value of the "force-change-on-reset" property.

setForceChangeOnReset

void setForceChangeOnReset(java.lang.Boolean value)
                           throws IllegalPropertyValueException
Sets the "force-change-on-reset" property.

Indicates whether users are forced to change their passwords if they are reset by an administrator.

For this purpose, anyone with permission to change a given user's password other than that user is considered an administrator.

Parameters:
value - The value of the "force-change-on-reset" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getGraceLoginCount

int getGraceLoginCount()
Gets the "grace-login-count" property.

Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password.

A value of 0 indicates that no grace logins are allowed.

Returns:
Returns the value of the "grace-login-count" property.

setGraceLoginCount

void setGraceLoginCount(java.lang.Integer value)
                        throws IllegalPropertyValueException
Sets the "grace-login-count" property.

Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password.

A value of 0 indicates that no grace logins are allowed.

Parameters:
value - The value of the "grace-login-count" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getIdleLockoutInterval

long getIdleLockoutInterval()
Gets the "idle-lockout-interval" property.

Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained.

Returns:
Returns the value of the "idle-lockout-interval" property.

setIdleLockoutInterval

void setIdleLockoutInterval(java.lang.Long value)
                            throws IllegalPropertyValueException
Sets the "idle-lockout-interval" property.

Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that idle accounts are not automatically locked out. This feature is available only if the last login time is maintained.

Parameters:
value - The value of the "idle-lockout-interval" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getLastLoginTimeAttribute

AttributeType getLastLoginTimeAttribute()
Gets the "last-login-time-attribute" property.

Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy.

This attribute type must be defined in the Directory Server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy.

Returns:
Returns the value of the "last-login-time-attribute" property.

setLastLoginTimeAttribute

void setLastLoginTimeAttribute(AttributeType value)
                               throws IllegalPropertyValueException
Sets the "last-login-time-attribute" property.

Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy.

This attribute type must be defined in the Directory Server schema and must either be defined as an operational attribute or must be allowed by the set of objectClasses for all users with the associated password policy.

Parameters:
value - The value of the "last-login-time-attribute" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getLastLoginTimeFormat

java.lang.String getLastLoginTimeFormat()
Gets the "last-login-time-format" property.

Specifies the format string that is used to generate the last login time value for users with the associated password policy.

This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

Returns:
Returns the value of the "last-login-time-format" property.

setLastLoginTimeFormat

void setLastLoginTimeFormat(java.lang.String value)
                            throws IllegalPropertyValueException
Sets the "last-login-time-format" property.

Specifies the format string that is used to generate the last login time value for users with the associated password policy.

This format string conforms to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

Parameters:
value - The value of the "last-login-time-format" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getLockoutDuration

long getLockoutDuration()
Gets the "lockout-duration" property.

Specifies the length of time that an account is locked after too many authentication failures.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password.

Returns:
Returns the value of the "lockout-duration" property.

setLockoutDuration

void setLockoutDuration(java.lang.Long value)
                        throws IllegalPropertyValueException
Sets the "lockout-duration" property.

Specifies the length of time that an account is locked after too many authentication failures.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the account must remain locked until an administrator resets the password.

Parameters:
value - The value of the "lockout-duration" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getLockoutFailureCount

int getLockoutFailureCount()
Gets the "lockout-failure-count" property.

Specifies the maximum number of authentication failures that a user is allowed before the account is locked out.

A value of 0 indicates that accounts are never locked out due to failed attempts.

Returns:
Returns the value of the "lockout-failure-count" property.

setLockoutFailureCount

void setLockoutFailureCount(java.lang.Integer value)
                            throws IllegalPropertyValueException
Sets the "lockout-failure-count" property.

Specifies the maximum number of authentication failures that a user is allowed before the account is locked out.

A value of 0 indicates that accounts are never locked out due to failed attempts.

Parameters:
value - The value of the "lockout-failure-count" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getLockoutFailureExpirationInterval

long getLockoutFailureExpirationInterval()
Gets the "lockout-failure-expiration-interval" property.

Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication.

Returns:
Returns the value of the "lockout-failure-expiration-interval" property.

setLockoutFailureExpirationInterval

void setLockoutFailureExpirationInterval(java.lang.Long value)
                                         throws IllegalPropertyValueException
Sets the "lockout-failure-expiration-interval" property.

Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds indicates that the authentication failures must never expire. The failure count is always cleared upon a successful authentication.

Parameters:
value - The value of the "lockout-failure-expiration-interval" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getMaxPasswordAge

long getMaxPasswordAge()
Gets the "max-password-age" property.

Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval).

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration.

Returns:
Returns the value of the "max-password-age" property.

setMaxPasswordAge

void setMaxPasswordAge(java.lang.Long value)
                       throws IllegalPropertyValueException
Sets the "max-password-age" property.

Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval).

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables password expiration.

Parameters:
value - The value of the "max-password-age" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getMaxPasswordResetAge

long getMaxPasswordResetAge()
Gets the "max-password-reset-age" property.

Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature.

Returns:
Returns the value of the "max-password-reset-age" property.

setMaxPasswordResetAge

void setMaxPasswordResetAge(java.lang.Long value)
                            throws IllegalPropertyValueException
Sets the "max-password-reset-age" property.

Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables this feature.

Parameters:
value - The value of the "max-password-reset-age" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getMinPasswordAge

long getMinPasswordAge()
Gets the "min-password-age" property.

Specifies the minimum length of time after a password change before the user is allowed to change the password again.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used.

Returns:
Returns the value of the "min-password-age" property.

setMinPasswordAge

void setMinPasswordAge(java.lang.Long value)
                       throws IllegalPropertyValueException
Sets the "min-password-age" property.

Specifies the minimum length of time after a password change before the user is allowed to change the password again.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. This setting can be used to prevent users from changing their passwords repeatedly over a short period of time to flush an old password from the history so that it can be re-used.

Parameters:
value - The value of the "min-password-age" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordAttribute

AttributeType getPasswordAttribute()
Gets the "password-attribute" property.

Specifies the attribute type used to hold user passwords.

This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax.

Returns:
Returns the value of the "password-attribute" property.

setPasswordAttribute

void setPasswordAttribute(AttributeType value)
                          throws IllegalPropertyValueException
Sets the "password-attribute" property.

Specifies the attribute type used to hold user passwords.

This attribute type must be defined in the server schema, and it must have either the user password or auth password syntax.

Parameters:
value - The value of the "password-attribute" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isPasswordChangeRequiresCurrentPassword

boolean isPasswordChangeRequiresCurrentPassword()
Gets the "password-change-requires-current-password" property.

Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed.

Returns:
Returns the value of the "password-change-requires-current-password" property.

setPasswordChangeRequiresCurrentPassword

void setPasswordChangeRequiresCurrentPassword(java.lang.Boolean value)
                                              throws IllegalPropertyValueException
Sets the "password-change-requires-current-password" property.

Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed.

Parameters:
value - The value of the "password-change-requires-current-password" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordExpirationWarningInterval

long getPasswordExpirationWarningInterval()
Gets the "password-expiration-warning-interval" property.

Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval.

Returns:
Returns the value of the "password-expiration-warning-interval" property.

setPasswordExpirationWarningInterval

void setPasswordExpirationWarningInterval(java.lang.Long value)
                                          throws IllegalPropertyValueException
Sets the "password-expiration-warning-interval" property.

Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user.

The value of this attribute is an integer followed by a unit of seconds, minutes, hours, days, or weeks. A value of 0 seconds disables the warning interval.

Parameters:
value - The value of the "password-expiration-warning-interval" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordGenerator

java.lang.String getPasswordGenerator()
Gets the "password-generator" property.

Specifies the name of the password generator that is used with the associated password policy.

This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request.

Returns:
Returns the value of the "password-generator" property.

setPasswordGenerator

void setPasswordGenerator(java.lang.String value)
                          throws IllegalPropertyValueException
Sets the "password-generator" property.

Specifies the name of the password generator that is used with the associated password policy.

This is used in conjunction with the password modify extended operation to generate a new password for a user when none was provided in the request.

Parameters:
value - The value of the "password-generator" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordHistoryCount

int getPasswordHistoryCount()
Gets the "password-history-count" property.

Specifies the maximum number of former passwords to maintain in the password history.

When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds).

Returns:
Returns the value of the "password-history-count" property.

setPasswordHistoryCount

void setPasswordHistoryCount(java.lang.Integer value)
                             throws IllegalPropertyValueException
Sets the "password-history-count" property.

Specifies the maximum number of former passwords to maintain in the password history.

When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero indicates that either no password history is to be maintained (if the password history duration has a value of zero seconds), or that there is no maximum number of passwords to maintain in the history (if the password history duration has a value greater than zero seconds).

Parameters:
value - The value of the "password-history-count" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordHistoryDuration

long getPasswordHistoryDuration()
Gets the "password-history-duration" property.

Specifies the maximum length of time that passwords remain in the password history.

When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero).

Returns:
Returns the value of the "password-history-duration" property.

setPasswordHistoryDuration

void setPasswordHistoryDuration(java.lang.Long value)
                                throws IllegalPropertyValueException
Sets the "password-history-duration" property.

Specifies the maximum length of time that passwords remain in the password history.

When choosing a new password, the proposed password is checked to ensure that it does not match the current password, nor any other password in the history list. A value of zero seconds indicates that either no password history is to be maintained (if the password history count has a value of zero), or that there is no maximum duration for passwords in the history (if the password history count has a value greater than zero).

Parameters:
value - The value of the "password-history-duration" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getPasswordValidator

java.util.SortedSet<java.lang.String> getPasswordValidator()
Gets the "password-validator" property.

Specifies the names of the password validators that are used with the associated password storage scheme.

The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable.

Returns:
Returns the values of the "password-validator" property.

setPasswordValidator

void setPasswordValidator(java.util.Collection<java.lang.String> values)
                          throws IllegalPropertyValueException
Sets the "password-validator" property.

Specifies the names of the password validators that are used with the associated password storage scheme.

The password validators are invoked when a user attempts to provide a new password, to determine whether the new password is acceptable.

Parameters:
values - The values of the "password-validator" property.
Throws:
IllegalPropertyValueException - If one or more of the new values are invalid.

getPreviousLastLoginTimeFormat

java.util.SortedSet<java.lang.String> getPreviousLastLoginTimeFormat()
Gets the "previous-last-login-time-format" property.

Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy.

These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

Returns:
Returns the values of the "previous-last-login-time-format" property.

setPreviousLastLoginTimeFormat

void setPreviousLastLoginTimeFormat(java.util.Collection<java.lang.String> values)
                                    throws IllegalPropertyValueException
Sets the "previous-last-login-time-format" property.

Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy.

These values are used to make it possible to parse previous values, but are not used to set new values. The format strings conform to the syntax described in the API documentation for the java.text.SimpleDateFormat class.

Parameters:
values - The values of the "previous-last-login-time-format" property.
Throws:
IllegalPropertyValueException - If one or more of the new values are invalid.

getRequireChangeByTime

java.lang.String getRequireChangeByTime()
Gets the "require-change-by-time" property.

Specifies the time by which all users with the associated password policy must change their passwords.

The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset.

Returns:
Returns the value of the "require-change-by-time" property.

setRequireChangeByTime

void setRequireChangeByTime(java.lang.String value)
                            throws IllegalPropertyValueException
Sets the "require-change-by-time" property.

Specifies the time by which all users with the associated password policy must change their passwords.

The value is expressed in a generalized time format. If this time is equal to the current time or is in the past, then all users are required to change their passwords immediately. The behavior of the server in this mode is identical to the behavior observed when users are forced to change their passwords after an administrative reset.

Parameters:
value - The value of the "require-change-by-time" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isRequireSecureAuthentication

boolean isRequireSecureAuthentication()
Gets the "require-secure-authentication" property.

Indicates whether users with the associated password policy are required to authenticate in a secure manner.

This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials.

Returns:
Returns the value of the "require-secure-authentication" property.

setRequireSecureAuthentication

void setRequireSecureAuthentication(java.lang.Boolean value)
                                    throws IllegalPropertyValueException
Sets the "require-secure-authentication" property.

Indicates whether users with the associated password policy are required to authenticate in a secure manner.

This might mean either using a secure communication channel between the client and the server, or using a SASL mechanism that does not expose the credentials.

Parameters:
value - The value of the "require-secure-authentication" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isRequireSecurePasswordChanges

boolean isRequireSecurePasswordChanges()
Gets the "require-secure-password-changes" property.

Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials.

Returns:
Returns the value of the "require-secure-password-changes" property.

setRequireSecurePasswordChanges

void setRequireSecurePasswordChanges(java.lang.Boolean value)
                                     throws IllegalPropertyValueException
Sets the "require-secure-password-changes" property.

Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials.

Parameters:
value - The value of the "require-secure-password-changes" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

isSkipValidationForAdministrators

boolean isSkipValidationForAdministrators()
Gets the "skip-validation-for-administrators" property.

Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes.

Returns:
Returns the value of the "skip-validation-for-administrators" property.

setSkipValidationForAdministrators

void setSkipValidationForAdministrators(java.lang.Boolean value)
                                        throws IllegalPropertyValueException
Sets the "skip-validation-for-administrators" property.

Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes.

Parameters:
value - The value of the "skip-validation-for-administrators" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.

getStateUpdateFailurePolicy

PasswordPolicyCfgDefn.StateUpdateFailurePolicy getStateUpdateFailurePolicy()
Gets the "state-update-failure-policy" property.

Specifies how the server deals with the inability to update password policy state information during an authentication attempt.

In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled).

Returns:
Returns the value of the "state-update-failure-policy" property.

setStateUpdateFailurePolicy

void setStateUpdateFailurePolicy(PasswordPolicyCfgDefn.StateUpdateFailurePolicy value)
                                 throws IllegalPropertyValueException
Sets the "state-update-failure-policy" property.

Specifies how the server deals with the inability to update password policy state information during an authentication attempt.

In particular, this property can be used to control whether an otherwise successful bind operation fails if a failure occurs while attempting to update password policy state information (for example, to clear a record of previous authentication failures or to update the last login time). It can also be used to control whether to reject a bind request if it is known ahead of time that it will not be possible to update the authentication failure times in the event of an unsuccessful bind attempt (for example, if the backend writability mode is disabled).

Parameters:
value - The value of the "state-update-failure-policy" property.
Throws:
IllegalPropertyValueException - If the new value is invalid.