001/* 002 * The contents of this file are subject to the terms of the Common Development and 003 * Distribution License (the License). You may not use this file except in compliance with the 004 * License. 005 * 006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the 007 * specific language governing permission and limitations under the License. 008 * 009 * When distributing Covered Software, include this CDDL Header Notice in each file and include 010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL 011 * Header, with the fields enclosed by brackets [] replaced by your own identifying 012 * information: "Portions Copyright [year] [name of copyright owner]". 013 * 014 * Copyright 2008 Sun Microsystems, Inc. 015 */ 016package org.forgerock.opendj.server.config.meta; 017 018 019 020import java.util.Collection; 021import java.util.SortedSet; 022import java.util.TreeSet; 023import org.forgerock.opendj.config.AdministratorAction; 024import org.forgerock.opendj.config.AggregationPropertyDefinition; 025import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 026import org.forgerock.opendj.config.BooleanPropertyDefinition; 027import org.forgerock.opendj.config.ClassPropertyDefinition; 028import org.forgerock.opendj.config.client.ConcurrentModificationException; 029import org.forgerock.opendj.config.client.ManagedObject; 030import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 031import org.forgerock.opendj.config.client.OperationRejectedException; 032import org.forgerock.opendj.config.conditions.Conditions; 033import org.forgerock.opendj.config.DefaultBehaviorProvider; 034import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 035import org.forgerock.opendj.config.DurationPropertyDefinition; 036import org.forgerock.opendj.config.EnumPropertyDefinition; 037import org.forgerock.opendj.config.IntegerPropertyDefinition; 038import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 039import org.forgerock.opendj.config.ManagedObjectDefinition; 040import org.forgerock.opendj.config.PropertyOption; 041import org.forgerock.opendj.config.PropertyProvider; 042import org.forgerock.opendj.config.server.ConfigurationChangeListener; 043import org.forgerock.opendj.config.server.ServerManagedObject; 044import org.forgerock.opendj.config.StringPropertyDefinition; 045import org.forgerock.opendj.config.Tag; 046import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 047import org.forgerock.opendj.ldap.DN; 048import org.forgerock.opendj.ldap.LdapException; 049import org.forgerock.opendj.ldap.schema.AttributeType; 050import org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient; 051import org.forgerock.opendj.server.config.client.PasswordGeneratorCfgClient; 052import org.forgerock.opendj.server.config.client.PasswordPolicyCfgClient; 053import org.forgerock.opendj.server.config.client.PasswordStorageSchemeCfgClient; 054import org.forgerock.opendj.server.config.client.PasswordValidatorCfgClient; 055import org.forgerock.opendj.server.config.server.AccountStatusNotificationHandlerCfg; 056import org.forgerock.opendj.server.config.server.AuthenticationPolicyCfg; 057import org.forgerock.opendj.server.config.server.PasswordGeneratorCfg; 058import org.forgerock.opendj.server.config.server.PasswordPolicyCfg; 059import org.forgerock.opendj.server.config.server.PasswordStorageSchemeCfg; 060import org.forgerock.opendj.server.config.server.PasswordValidatorCfg; 061 062 063 064/** 065 * An interface for querying the Password Policy managed object 066 * definition meta information. 067 * <p> 068 * Password Policies define a number of password management rules, as 069 * well as requirements for authentication processing. 070 */ 071public final class PasswordPolicyCfgDefn extends ManagedObjectDefinition<PasswordPolicyCfgClient, PasswordPolicyCfg> { 072 073 /** The singleton configuration definition instance. */ 074 private static final PasswordPolicyCfgDefn INSTANCE = new PasswordPolicyCfgDefn(); 075 076 077 078 /** 079 * Defines the set of permissable values for the "state-update-failure-policy" property. 080 * <p> 081 * Specifies how the server deals with the inability to update 082 * password policy state information during an authentication 083 * attempt. 084 * <p> 085 * In particular, this property can be used to control whether an 086 * otherwise successful bind operation fails if a failure occurs 087 * while attempting to update password policy state information (for 088 * example, to clear a record of previous authentication failures or 089 * to update the last login time). It can also be used to control 090 * whether to reject a bind request if it is known ahead of time that 091 * it will not be possible to update the authentication failure times 092 * in the event of an unsuccessful bind attempt (for example, if the 093 * backend writability mode is disabled). 094 */ 095 public static enum StateUpdateFailurePolicy { 096 097 /** 098 * If a bind attempt would otherwise be successful, then do not 099 * reject it if a problem occurs while attempting to update the 100 * password policy state information for the user. 101 */ 102 IGNORE("ignore"), 103 104 105 106 /** 107 * Proactively reject any bind attempt if it is known ahead of 108 * time that it would not be possible to update the user's password 109 * policy state information. 110 */ 111 PROACTIVE("proactive"), 112 113 114 115 /** 116 * Even if a bind attempt would otherwise be successful, reject it 117 * if a problem occurs while attempting to update the password 118 * policy state information for the user. 119 */ 120 REACTIVE("reactive"); 121 122 123 124 /** String representation of the value. */ 125 private final String name; 126 127 128 129 /** Private constructor. */ 130 private StateUpdateFailurePolicy(String name) { this.name = name; } 131 132 133 134 /** {@inheritDoc} */ 135 public String toString() { return name; } 136 137 } 138 139 140 141 /** The "account-status-notification-handler" property definition. */ 142 private static final AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER; 143 144 145 146 /** The "allow-expired-password-changes" property definition. */ 147 private static final BooleanPropertyDefinition PD_ALLOW_EXPIRED_PASSWORD_CHANGES; 148 149 150 151 /** The "allow-multiple-password-values" property definition. */ 152 private static final BooleanPropertyDefinition PD_ALLOW_MULTIPLE_PASSWORD_VALUES; 153 154 155 156 /** The "allow-pre-encoded-passwords" property definition. */ 157 private static final BooleanPropertyDefinition PD_ALLOW_PRE_ENCODED_PASSWORDS; 158 159 160 161 /** The "allow-user-password-changes" property definition. */ 162 private static final BooleanPropertyDefinition PD_ALLOW_USER_PASSWORD_CHANGES; 163 164 165 166 /** The "default-password-storage-scheme" property definition. */ 167 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEFAULT_PASSWORD_STORAGE_SCHEME; 168 169 170 171 /** The "deprecated-password-storage-scheme" property definition. */ 172 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEPRECATED_PASSWORD_STORAGE_SCHEME; 173 174 175 176 /** The "expire-passwords-without-warning" property definition. */ 177 private static final BooleanPropertyDefinition PD_EXPIRE_PASSWORDS_WITHOUT_WARNING; 178 179 180 181 /** The "force-change-on-add" property definition. */ 182 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_ADD; 183 184 185 186 /** The "force-change-on-reset" property definition. */ 187 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_RESET; 188 189 190 191 /** The "grace-login-count" property definition. */ 192 private static final IntegerPropertyDefinition PD_GRACE_LOGIN_COUNT; 193 194 195 196 /** The "idle-lockout-interval" property definition. */ 197 private static final DurationPropertyDefinition PD_IDLE_LOCKOUT_INTERVAL; 198 199 200 201 /** The "java-class" property definition. */ 202 private static final ClassPropertyDefinition PD_JAVA_CLASS; 203 204 205 206 /** The "last-login-time-attribute" property definition. */ 207 private static final AttributeTypePropertyDefinition PD_LAST_LOGIN_TIME_ATTRIBUTE; 208 209 210 211 /** The "last-login-time-format" property definition. */ 212 private static final StringPropertyDefinition PD_LAST_LOGIN_TIME_FORMAT; 213 214 215 216 /** The "lockout-duration" property definition. */ 217 private static final DurationPropertyDefinition PD_LOCKOUT_DURATION; 218 219 220 221 /** The "lockout-failure-count" property definition. */ 222 private static final IntegerPropertyDefinition PD_LOCKOUT_FAILURE_COUNT; 223 224 225 226 /** The "lockout-failure-expiration-interval" property definition. */ 227 private static final DurationPropertyDefinition PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL; 228 229 230 231 /** The "max-password-age" property definition. */ 232 private static final DurationPropertyDefinition PD_MAX_PASSWORD_AGE; 233 234 235 236 /** The "max-password-reset-age" property definition. */ 237 private static final DurationPropertyDefinition PD_MAX_PASSWORD_RESET_AGE; 238 239 240 241 /** The "min-password-age" property definition. */ 242 private static final DurationPropertyDefinition PD_MIN_PASSWORD_AGE; 243 244 245 246 /** The "password-attribute" property definition. */ 247 private static final AttributeTypePropertyDefinition PD_PASSWORD_ATTRIBUTE; 248 249 250 251 /** The "password-change-requires-current-password" property definition. */ 252 private static final BooleanPropertyDefinition PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD; 253 254 255 256 /** The "password-expiration-warning-interval" property definition. */ 257 private static final DurationPropertyDefinition PD_PASSWORD_EXPIRATION_WARNING_INTERVAL; 258 259 260 261 /** The "password-generator" property definition. */ 262 private static final AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> PD_PASSWORD_GENERATOR; 263 264 265 266 /** The "password-history-count" property definition. */ 267 private static final IntegerPropertyDefinition PD_PASSWORD_HISTORY_COUNT; 268 269 270 271 /** The "password-history-duration" property definition. */ 272 private static final DurationPropertyDefinition PD_PASSWORD_HISTORY_DURATION; 273 274 275 276 /** The "password-validator" property definition. */ 277 private static final AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> PD_PASSWORD_VALIDATOR; 278 279 280 281 /** The "previous-last-login-time-format" property definition. */ 282 private static final StringPropertyDefinition PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT; 283 284 285 286 /** The "require-change-by-time" property definition. */ 287 private static final StringPropertyDefinition PD_REQUIRE_CHANGE_BY_TIME; 288 289 290 291 /** The "require-secure-authentication" property definition. */ 292 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_AUTHENTICATION; 293 294 295 296 /** The "require-secure-password-changes" property definition. */ 297 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_PASSWORD_CHANGES; 298 299 300 301 /** The "skip-validation-for-administrators" property definition. */ 302 private static final BooleanPropertyDefinition PD_SKIP_VALIDATION_FOR_ADMINISTRATORS; 303 304 305 306 /** The "state-update-failure-policy" property definition. */ 307 private static final EnumPropertyDefinition<StateUpdateFailurePolicy> PD_STATE_UPDATE_FAILURE_POLICY; 308 309 310 311 /** Build the "account-status-notification-handler" property definition. */ 312 static { 313 AggregationPropertyDefinition.Builder<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "account-status-notification-handler"); 314 builder.setOption(PropertyOption.MULTI_VALUED); 315 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "account-status-notification-handler")); 316 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 317 builder.setParentPath("/"); 318 builder.setRelationDefinition("account-status-notification-handler"); 319 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 320 PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER = builder.getInstance(); 321 INSTANCE.registerPropertyDefinition(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER); 322 INSTANCE.registerConstraint(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER.getSourceConstraint()); 323 } 324 325 326 327 /** Build the "allow-expired-password-changes" property definition. */ 328 static { 329 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-expired-password-changes"); 330 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-expired-password-changes")); 331 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 332 builder.setDefaultBehaviorProvider(provider); 333 PD_ALLOW_EXPIRED_PASSWORD_CHANGES = builder.getInstance(); 334 INSTANCE.registerPropertyDefinition(PD_ALLOW_EXPIRED_PASSWORD_CHANGES); 335 } 336 337 338 339 /** Build the "allow-multiple-password-values" property definition. */ 340 static { 341 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-multiple-password-values"); 342 builder.setOption(PropertyOption.ADVANCED); 343 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-multiple-password-values")); 344 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 345 builder.setDefaultBehaviorProvider(provider); 346 PD_ALLOW_MULTIPLE_PASSWORD_VALUES = builder.getInstance(); 347 INSTANCE.registerPropertyDefinition(PD_ALLOW_MULTIPLE_PASSWORD_VALUES); 348 } 349 350 351 352 /** Build the "allow-pre-encoded-passwords" property definition. */ 353 static { 354 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-pre-encoded-passwords"); 355 builder.setOption(PropertyOption.ADVANCED); 356 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-pre-encoded-passwords")); 357 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 358 builder.setDefaultBehaviorProvider(provider); 359 PD_ALLOW_PRE_ENCODED_PASSWORDS = builder.getInstance(); 360 INSTANCE.registerPropertyDefinition(PD_ALLOW_PRE_ENCODED_PASSWORDS); 361 } 362 363 364 365 /** Build the "allow-user-password-changes" property definition. */ 366 static { 367 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-user-password-changes"); 368 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-user-password-changes")); 369 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true"); 370 builder.setDefaultBehaviorProvider(provider); 371 PD_ALLOW_USER_PASSWORD_CHANGES = builder.getInstance(); 372 INSTANCE.registerPropertyDefinition(PD_ALLOW_USER_PASSWORD_CHANGES); 373 } 374 375 376 377 /** Build the "default-password-storage-scheme" property definition. */ 378 static { 379 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "default-password-storage-scheme"); 380 builder.setOption(PropertyOption.MULTI_VALUED); 381 builder.setOption(PropertyOption.MANDATORY); 382 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-password-storage-scheme")); 383 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 384 builder.setParentPath("/"); 385 builder.setRelationDefinition("password-storage-scheme"); 386 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 387 PD_DEFAULT_PASSWORD_STORAGE_SCHEME = builder.getInstance(); 388 INSTANCE.registerPropertyDefinition(PD_DEFAULT_PASSWORD_STORAGE_SCHEME); 389 INSTANCE.registerConstraint(PD_DEFAULT_PASSWORD_STORAGE_SCHEME.getSourceConstraint()); 390 } 391 392 393 394 /** Build the "deprecated-password-storage-scheme" property definition. */ 395 static { 396 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "deprecated-password-storage-scheme"); 397 builder.setOption(PropertyOption.MULTI_VALUED); 398 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "deprecated-password-storage-scheme")); 399 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 400 builder.setParentPath("/"); 401 builder.setRelationDefinition("password-storage-scheme"); 402 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 403 PD_DEPRECATED_PASSWORD_STORAGE_SCHEME = builder.getInstance(); 404 INSTANCE.registerPropertyDefinition(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME); 405 INSTANCE.registerConstraint(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME.getSourceConstraint()); 406 } 407 408 409 410 /** Build the "expire-passwords-without-warning" property definition. */ 411 static { 412 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "expire-passwords-without-warning"); 413 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "expire-passwords-without-warning")); 414 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 415 builder.setDefaultBehaviorProvider(provider); 416 PD_EXPIRE_PASSWORDS_WITHOUT_WARNING = builder.getInstance(); 417 INSTANCE.registerPropertyDefinition(PD_EXPIRE_PASSWORDS_WITHOUT_WARNING); 418 } 419 420 421 422 /** Build the "force-change-on-add" property definition. */ 423 static { 424 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-add"); 425 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-add")); 426 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 427 builder.setDefaultBehaviorProvider(provider); 428 PD_FORCE_CHANGE_ON_ADD = builder.getInstance(); 429 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_ADD); 430 } 431 432 433 434 /** Build the "force-change-on-reset" property definition. */ 435 static { 436 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-reset"); 437 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-reset")); 438 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 439 builder.setDefaultBehaviorProvider(provider); 440 PD_FORCE_CHANGE_ON_RESET = builder.getInstance(); 441 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_RESET); 442 } 443 444 445 446 /** Build the "grace-login-count" property definition. */ 447 static { 448 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "grace-login-count"); 449 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "grace-login-count")); 450 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 451 builder.setDefaultBehaviorProvider(provider); 452 builder.setUpperLimit(2147483647); 453 builder.setLowerLimit(0); 454 PD_GRACE_LOGIN_COUNT = builder.getInstance(); 455 INSTANCE.registerPropertyDefinition(PD_GRACE_LOGIN_COUNT); 456 } 457 458 459 460 /** Build the "idle-lockout-interval" property definition. */ 461 static { 462 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "idle-lockout-interval"); 463 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "idle-lockout-interval")); 464 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 465 builder.setDefaultBehaviorProvider(provider); 466 builder.setUpperLimit("2147483647"); 467 builder.setLowerLimit("0"); 468 PD_IDLE_LOCKOUT_INTERVAL = builder.getInstance(); 469 INSTANCE.registerPropertyDefinition(PD_IDLE_LOCKOUT_INTERVAL); 470 } 471 472 473 474 /** Build the "java-class" property definition. */ 475 static { 476 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 477 builder.setOption(PropertyOption.MANDATORY); 478 builder.setOption(PropertyOption.ADVANCED); 479 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 480 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.core.PasswordPolicyFactory"); 481 builder.setDefaultBehaviorProvider(provider); 482 builder.addInstanceOf("org.opends.server.api.AuthenticationPolicyFactory"); 483 PD_JAVA_CLASS = builder.getInstance(); 484 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 485 } 486 487 488 489 /** Build the "last-login-time-attribute" property definition. */ 490 static { 491 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "last-login-time-attribute"); 492 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-attribute")); 493 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 494 PD_LAST_LOGIN_TIME_ATTRIBUTE = builder.getInstance(); 495 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_ATTRIBUTE); 496 } 497 498 499 500 /** Build the "last-login-time-format" property definition. */ 501 static { 502 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "last-login-time-format"); 503 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-format")); 504 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 505 builder.setPattern(".*", "STRING"); 506 PD_LAST_LOGIN_TIME_FORMAT = builder.getInstance(); 507 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_FORMAT); 508 } 509 510 511 512 /** Build the "lockout-duration" property definition. */ 513 static { 514 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-duration"); 515 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-duration")); 516 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 517 builder.setDefaultBehaviorProvider(provider); 518 builder.setBaseUnit("s"); 519 builder.setUpperLimit("2147483647"); 520 builder.setLowerLimit("0"); 521 PD_LOCKOUT_DURATION = builder.getInstance(); 522 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_DURATION); 523 } 524 525 526 527 /** Build the "lockout-failure-count" property definition. */ 528 static { 529 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-count"); 530 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-count")); 531 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 532 builder.setDefaultBehaviorProvider(provider); 533 builder.setUpperLimit(2147483647); 534 builder.setLowerLimit(0); 535 PD_LOCKOUT_FAILURE_COUNT = builder.getInstance(); 536 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_COUNT); 537 } 538 539 540 541 /** Build the "lockout-failure-expiration-interval" property definition. */ 542 static { 543 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-expiration-interval"); 544 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-expiration-interval")); 545 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 546 builder.setDefaultBehaviorProvider(provider); 547 builder.setBaseUnit("s"); 548 builder.setUpperLimit("2147483647"); 549 builder.setLowerLimit("0"); 550 PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL = builder.getInstance(); 551 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL); 552 } 553 554 555 556 /** Build the "max-password-age" property definition. */ 557 static { 558 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-age"); 559 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-age")); 560 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 561 builder.setDefaultBehaviorProvider(provider); 562 builder.setBaseUnit("s"); 563 builder.setUpperLimit("2147483647"); 564 builder.setLowerLimit("0"); 565 PD_MAX_PASSWORD_AGE = builder.getInstance(); 566 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_AGE); 567 } 568 569 570 571 /** Build the "max-password-reset-age" property definition. */ 572 static { 573 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-reset-age"); 574 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-reset-age")); 575 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 576 builder.setDefaultBehaviorProvider(provider); 577 builder.setBaseUnit("s"); 578 builder.setUpperLimit("2147483647"); 579 builder.setLowerLimit("0"); 580 PD_MAX_PASSWORD_RESET_AGE = builder.getInstance(); 581 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_RESET_AGE); 582 } 583 584 585 586 /** Build the "min-password-age" property definition. */ 587 static { 588 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "min-password-age"); 589 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-password-age")); 590 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 591 builder.setDefaultBehaviorProvider(provider); 592 builder.setBaseUnit("s"); 593 builder.setUpperLimit("2147483647"); 594 builder.setLowerLimit("0"); 595 PD_MIN_PASSWORD_AGE = builder.getInstance(); 596 INSTANCE.registerPropertyDefinition(PD_MIN_PASSWORD_AGE); 597 } 598 599 600 601 /** Build the "password-attribute" property definition. */ 602 static { 603 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "password-attribute"); 604 builder.setOption(PropertyOption.MANDATORY); 605 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-attribute")); 606 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 607 PD_PASSWORD_ATTRIBUTE = builder.getInstance(); 608 INSTANCE.registerPropertyDefinition(PD_PASSWORD_ATTRIBUTE); 609 } 610 611 612 613 /** Build the "password-change-requires-current-password" property definition. */ 614 static { 615 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "password-change-requires-current-password"); 616 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-change-requires-current-password")); 617 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 618 builder.setDefaultBehaviorProvider(provider); 619 PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD = builder.getInstance(); 620 INSTANCE.registerPropertyDefinition(PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD); 621 } 622 623 624 625 /** Build the "password-expiration-warning-interval" property definition. */ 626 static { 627 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-expiration-warning-interval"); 628 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-expiration-warning-interval")); 629 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("5 days"); 630 builder.setDefaultBehaviorProvider(provider); 631 PD_PASSWORD_EXPIRATION_WARNING_INTERVAL = builder.getInstance(); 632 INSTANCE.registerPropertyDefinition(PD_PASSWORD_EXPIRATION_WARNING_INTERVAL); 633 } 634 635 636 637 /** Build the "password-generator" property definition. */ 638 static { 639 AggregationPropertyDefinition.Builder<PasswordGeneratorCfgClient, PasswordGeneratorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-generator"); 640 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-generator")); 641 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 642 builder.setParentPath("/"); 643 builder.setRelationDefinition("password-generator"); 644 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 645 PD_PASSWORD_GENERATOR = builder.getInstance(); 646 INSTANCE.registerPropertyDefinition(PD_PASSWORD_GENERATOR); 647 INSTANCE.registerConstraint(PD_PASSWORD_GENERATOR.getSourceConstraint()); 648 } 649 650 651 652 /** Build the "password-history-count" property definition. */ 653 static { 654 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "password-history-count"); 655 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-count")); 656 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 657 builder.setDefaultBehaviorProvider(provider); 658 builder.setUpperLimit(2147483647); 659 builder.setLowerLimit(0); 660 PD_PASSWORD_HISTORY_COUNT = builder.getInstance(); 661 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_COUNT); 662 } 663 664 665 666 /** Build the "password-history-duration" property definition. */ 667 static { 668 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-history-duration"); 669 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-duration")); 670 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 671 builder.setDefaultBehaviorProvider(provider); 672 builder.setAllowUnlimited(false); 673 builder.setBaseUnit("s"); 674 builder.setUpperLimit("2147483647"); 675 builder.setLowerLimit("0"); 676 PD_PASSWORD_HISTORY_DURATION = builder.getInstance(); 677 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_DURATION); 678 } 679 680 681 682 /** Build the "password-validator" property definition. */ 683 static { 684 AggregationPropertyDefinition.Builder<PasswordValidatorCfgClient, PasswordValidatorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-validator"); 685 builder.setOption(PropertyOption.MULTI_VALUED); 686 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-validator")); 687 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 688 builder.setParentPath("/"); 689 builder.setRelationDefinition("password-validator"); 690 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 691 PD_PASSWORD_VALIDATOR = builder.getInstance(); 692 INSTANCE.registerPropertyDefinition(PD_PASSWORD_VALIDATOR); 693 INSTANCE.registerConstraint(PD_PASSWORD_VALIDATOR.getSourceConstraint()); 694 } 695 696 697 698 /** Build the "previous-last-login-time-format" property definition. */ 699 static { 700 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "previous-last-login-time-format"); 701 builder.setOption(PropertyOption.MULTI_VALUED); 702 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "previous-last-login-time-format")); 703 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 704 builder.setPattern(".*", "STRING"); 705 PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT = builder.getInstance(); 706 INSTANCE.registerPropertyDefinition(PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT); 707 } 708 709 710 711 /** Build the "require-change-by-time" property definition. */ 712 static { 713 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "require-change-by-time"); 714 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-change-by-time")); 715 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 716 builder.setPattern(".*", "STRING"); 717 PD_REQUIRE_CHANGE_BY_TIME = builder.getInstance(); 718 INSTANCE.registerPropertyDefinition(PD_REQUIRE_CHANGE_BY_TIME); 719 } 720 721 722 723 /** Build the "require-secure-authentication" property definition. */ 724 static { 725 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-authentication"); 726 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-authentication")); 727 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 728 builder.setDefaultBehaviorProvider(provider); 729 PD_REQUIRE_SECURE_AUTHENTICATION = builder.getInstance(); 730 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_AUTHENTICATION); 731 } 732 733 734 735 /** Build the "require-secure-password-changes" property definition. */ 736 static { 737 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-password-changes"); 738 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-password-changes")); 739 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 740 builder.setDefaultBehaviorProvider(provider); 741 PD_REQUIRE_SECURE_PASSWORD_CHANGES = builder.getInstance(); 742 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_PASSWORD_CHANGES); 743 } 744 745 746 747 /** Build the "skip-validation-for-administrators" property definition. */ 748 static { 749 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "skip-validation-for-administrators"); 750 builder.setOption(PropertyOption.ADVANCED); 751 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "skip-validation-for-administrators")); 752 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 753 builder.setDefaultBehaviorProvider(provider); 754 PD_SKIP_VALIDATION_FOR_ADMINISTRATORS = builder.getInstance(); 755 INSTANCE.registerPropertyDefinition(PD_SKIP_VALIDATION_FOR_ADMINISTRATORS); 756 } 757 758 759 760 /** Build the "state-update-failure-policy" property definition. */ 761 static { 762 EnumPropertyDefinition.Builder<StateUpdateFailurePolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "state-update-failure-policy"); 763 builder.setOption(PropertyOption.ADVANCED); 764 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "state-update-failure-policy")); 765 DefaultBehaviorProvider<StateUpdateFailurePolicy> provider = new DefinedDefaultBehaviorProvider<StateUpdateFailurePolicy>("reactive"); 766 builder.setDefaultBehaviorProvider(provider); 767 builder.setEnumClass(StateUpdateFailurePolicy.class); 768 PD_STATE_UPDATE_FAILURE_POLICY = builder.getInstance(); 769 INSTANCE.registerPropertyDefinition(PD_STATE_UPDATE_FAILURE_POLICY); 770 } 771 772 773 774 // Register the tags associated with this managed object definition. 775 static { 776 INSTANCE.registerTag(Tag.valueOf("user-management")); 777 } 778 779 780 781 /** 782 * Get the Password Policy configuration definition singleton. 783 * 784 * @return Returns the Password Policy configuration definition 785 * singleton. 786 */ 787 public static PasswordPolicyCfgDefn getInstance() { 788 return INSTANCE; 789 } 790 791 792 793 /** 794 * Private constructor. 795 */ 796 private PasswordPolicyCfgDefn() { 797 super("password-policy", AuthenticationPolicyCfgDefn.getInstance()); 798 } 799 800 801 802 /** {@inheritDoc} */ 803 public PasswordPolicyCfgClient createClientConfiguration( 804 ManagedObject<? extends PasswordPolicyCfgClient> impl) { 805 return new PasswordPolicyCfgClientImpl(impl); 806 } 807 808 809 810 /** {@inheritDoc} */ 811 public PasswordPolicyCfg createServerConfiguration( 812 ServerManagedObject<? extends PasswordPolicyCfg> impl) { 813 return new PasswordPolicyCfgServerImpl(impl); 814 } 815 816 817 818 /** {@inheritDoc} */ 819 public Class<PasswordPolicyCfg> getServerConfigurationClass() { 820 return PasswordPolicyCfg.class; 821 } 822 823 824 825 /** 826 * Get the "account-status-notification-handler" property definition. 827 * <p> 828 * Specifies the names of the account status notification handlers 829 * that are used with the associated password storage scheme. 830 * 831 * @return Returns the "account-status-notification-handler" property definition. 832 */ 833 public AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> getAccountStatusNotificationHandlerPropertyDefinition() { 834 return PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER; 835 } 836 837 838 839 /** 840 * Get the "allow-expired-password-changes" property definition. 841 * <p> 842 * Indicates whether a user whose password is expired is still 843 * allowed to change that password using the password modify extended 844 * operation. 845 * 846 * @return Returns the "allow-expired-password-changes" property definition. 847 */ 848 public BooleanPropertyDefinition getAllowExpiredPasswordChangesPropertyDefinition() { 849 return PD_ALLOW_EXPIRED_PASSWORD_CHANGES; 850 } 851 852 853 854 /** 855 * Get the "allow-multiple-password-values" property definition. 856 * <p> 857 * Indicates whether user entries can have multiple distinct values 858 * for the password attribute. 859 * <p> 860 * This is potentially dangerous because many mechanisms used to 861 * change the password do not work well with such a configuration. If 862 * multiple password values are allowed, then any of them can be used 863 * to authenticate, and they are all subject to the same policy 864 * constraints. 865 * 866 * @return Returns the "allow-multiple-password-values" property definition. 867 */ 868 public BooleanPropertyDefinition getAllowMultiplePasswordValuesPropertyDefinition() { 869 return PD_ALLOW_MULTIPLE_PASSWORD_VALUES; 870 } 871 872 873 874 /** 875 * Get the "allow-pre-encoded-passwords" property definition. 876 * <p> 877 * Indicates whether users can change their passwords by providing a 878 * pre-encoded value. 879 * <p> 880 * This can cause a security risk because the clear-text version of 881 * the password is not known and therefore validation checks cannot 882 * be applied to it. 883 * 884 * @return Returns the "allow-pre-encoded-passwords" property definition. 885 */ 886 public BooleanPropertyDefinition getAllowPreEncodedPasswordsPropertyDefinition() { 887 return PD_ALLOW_PRE_ENCODED_PASSWORDS; 888 } 889 890 891 892 /** 893 * Get the "allow-user-password-changes" property definition. 894 * <p> 895 * Indicates whether users can change their own passwords. 896 * <p> 897 * This check is made in addition to access control evaluation. Both 898 * must allow the password change for it to occur. 899 * 900 * @return Returns the "allow-user-password-changes" property definition. 901 */ 902 public BooleanPropertyDefinition getAllowUserPasswordChangesPropertyDefinition() { 903 return PD_ALLOW_USER_PASSWORD_CHANGES; 904 } 905 906 907 908 /** 909 * Get the "default-password-storage-scheme" property definition. 910 * <p> 911 * Specifies the names of the password storage schemes that are used 912 * to encode clear-text passwords for this password policy. 913 * 914 * @return Returns the "default-password-storage-scheme" property definition. 915 */ 916 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDefaultPasswordStorageSchemePropertyDefinition() { 917 return PD_DEFAULT_PASSWORD_STORAGE_SCHEME; 918 } 919 920 921 922 /** 923 * Get the "deprecated-password-storage-scheme" property definition. 924 * <p> 925 * Specifies the names of the password storage schemes that are 926 * considered deprecated for this password policy. 927 * <p> 928 * If a user with this password policy authenticates to the server 929 * and his/her password is encoded with a deprecated scheme, those 930 * values are removed and replaced with values encoded using the 931 * default password storage scheme(s). 932 * 933 * @return Returns the "deprecated-password-storage-scheme" property definition. 934 */ 935 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDeprecatedPasswordStorageSchemePropertyDefinition() { 936 return PD_DEPRECATED_PASSWORD_STORAGE_SCHEME; 937 } 938 939 940 941 /** 942 * Get the "expire-passwords-without-warning" property definition. 943 * <p> 944 * Indicates whether the directory server allows a user's password 945 * to expire even if that user has never seen an expiration warning 946 * notification. 947 * <p> 948 * If this property is true, accounts always expire when the 949 * expiration time arrives. If this property is false or disabled, 950 * the user always receives at least one warning notification, and 951 * the password expiration is set to the warning time plus the 952 * warning interval. 953 * 954 * @return Returns the "expire-passwords-without-warning" property definition. 955 */ 956 public BooleanPropertyDefinition getExpirePasswordsWithoutWarningPropertyDefinition() { 957 return PD_EXPIRE_PASSWORDS_WITHOUT_WARNING; 958 } 959 960 961 962 /** 963 * Get the "force-change-on-add" property definition. 964 * <p> 965 * Indicates whether users are forced to change their passwords upon 966 * first authenticating to the directory server after their account 967 * has been created. 968 * 969 * @return Returns the "force-change-on-add" property definition. 970 */ 971 public BooleanPropertyDefinition getForceChangeOnAddPropertyDefinition() { 972 return PD_FORCE_CHANGE_ON_ADD; 973 } 974 975 976 977 /** 978 * Get the "force-change-on-reset" property definition. 979 * <p> 980 * Indicates whether users are forced to change their passwords if 981 * they are reset by an administrator. 982 * <p> 983 * For this purpose, anyone with permission to change a given user's 984 * password other than that user is considered an administrator. 985 * 986 * @return Returns the "force-change-on-reset" property definition. 987 */ 988 public BooleanPropertyDefinition getForceChangeOnResetPropertyDefinition() { 989 return PD_FORCE_CHANGE_ON_RESET; 990 } 991 992 993 994 /** 995 * Get the "grace-login-count" property definition. 996 * <p> 997 * Specifies the number of grace logins that a user is allowed after 998 * the account has expired to allow that user to choose a new 999 * password. 1000 * <p> 1001 * A value of 0 indicates that no grace logins are allowed. 1002 * 1003 * @return Returns the "grace-login-count" property definition. 1004 */ 1005 public IntegerPropertyDefinition getGraceLoginCountPropertyDefinition() { 1006 return PD_GRACE_LOGIN_COUNT; 1007 } 1008 1009 1010 1011 /** 1012 * Get the "idle-lockout-interval" property definition. 1013 * <p> 1014 * Specifies the maximum length of time that an account may remain 1015 * idle (that is, the associated user does not authenticate to the 1016 * server) before that user is locked out. 1017 * <p> 1018 * The value of this attribute is an integer followed by a unit of 1019 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1020 * indicates that idle accounts are not automatically locked out. 1021 * This feature is available only if the last login time is 1022 * maintained. 1023 * 1024 * @return Returns the "idle-lockout-interval" property definition. 1025 */ 1026 public DurationPropertyDefinition getIdleLockoutIntervalPropertyDefinition() { 1027 return PD_IDLE_LOCKOUT_INTERVAL; 1028 } 1029 1030 1031 1032 /** 1033 * Get the "java-class" property definition. 1034 * <p> 1035 * Specifies the fully-qualified name of the Java class which 1036 * provides the Password Policy implementation. 1037 * 1038 * @return Returns the "java-class" property definition. 1039 */ 1040 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 1041 return PD_JAVA_CLASS; 1042 } 1043 1044 1045 1046 /** 1047 * Get the "last-login-time-attribute" property definition. 1048 * <p> 1049 * Specifies the name or OID of the attribute type that is used to 1050 * hold the last login time for users with the associated password 1051 * policy. 1052 * <p> 1053 * This attribute type must be defined in the directory server 1054 * schema and must either be defined as an operational attribute or 1055 * must be allowed by the set of objectClasses for all users with the 1056 * associated password policy. 1057 * 1058 * @return Returns the "last-login-time-attribute" property definition. 1059 */ 1060 public AttributeTypePropertyDefinition getLastLoginTimeAttributePropertyDefinition() { 1061 return PD_LAST_LOGIN_TIME_ATTRIBUTE; 1062 } 1063 1064 1065 1066 /** 1067 * Get the "last-login-time-format" property definition. 1068 * <p> 1069 * Specifies the format string that is used to generate the last 1070 * login time value for users with the associated password policy. 1071 * <p> 1072 * This format string conforms to the syntax described in the API 1073 * documentation for the java.text.SimpleDateFormat class. 1074 * 1075 * @return Returns the "last-login-time-format" property definition. 1076 */ 1077 public StringPropertyDefinition getLastLoginTimeFormatPropertyDefinition() { 1078 return PD_LAST_LOGIN_TIME_FORMAT; 1079 } 1080 1081 1082 1083 /** 1084 * Get the "lockout-duration" property definition. 1085 * <p> 1086 * Specifies the length of time that an account is locked after too 1087 * many authentication failures. 1088 * <p> 1089 * The value of this attribute is an integer followed by a unit of 1090 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1091 * indicates that the account must remain locked until an 1092 * administrator resets the password. 1093 * 1094 * @return Returns the "lockout-duration" property definition. 1095 */ 1096 public DurationPropertyDefinition getLockoutDurationPropertyDefinition() { 1097 return PD_LOCKOUT_DURATION; 1098 } 1099 1100 1101 1102 /** 1103 * Get the "lockout-failure-count" property definition. 1104 * <p> 1105 * Specifies the maximum number of authentication failures that a 1106 * user is allowed before the account is locked out. 1107 * <p> 1108 * A value of 0 indicates that accounts are never locked out due to 1109 * failed attempts. 1110 * 1111 * @return Returns the "lockout-failure-count" property definition. 1112 */ 1113 public IntegerPropertyDefinition getLockoutFailureCountPropertyDefinition() { 1114 return PD_LOCKOUT_FAILURE_COUNT; 1115 } 1116 1117 1118 1119 /** 1120 * Get the "lockout-failure-expiration-interval" property definition. 1121 * <p> 1122 * Specifies the length of time before an authentication failure is 1123 * no longer counted against a user for the purposes of account 1124 * lockout. 1125 * <p> 1126 * The value of this attribute is an integer followed by a unit of 1127 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1128 * indicates that the authentication failures must never expire. The 1129 * failure count is always cleared upon a successful authentication. 1130 * 1131 * @return Returns the "lockout-failure-expiration-interval" property definition. 1132 */ 1133 public DurationPropertyDefinition getLockoutFailureExpirationIntervalPropertyDefinition() { 1134 return PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL; 1135 } 1136 1137 1138 1139 /** 1140 * Get the "max-password-age" property definition. 1141 * <p> 1142 * Specifies the maximum length of time that a user can continue 1143 * using the same password before it must be changed (that is, the 1144 * password expiration interval). 1145 * <p> 1146 * The value of this attribute is an integer followed by a unit of 1147 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1148 * disables password expiration. 1149 * 1150 * @return Returns the "max-password-age" property definition. 1151 */ 1152 public DurationPropertyDefinition getMaxPasswordAgePropertyDefinition() { 1153 return PD_MAX_PASSWORD_AGE; 1154 } 1155 1156 1157 1158 /** 1159 * Get the "max-password-reset-age" property definition. 1160 * <p> 1161 * Specifies the maximum length of time that users have to change 1162 * passwords after they have been reset by an administrator before 1163 * they become locked. 1164 * <p> 1165 * The value of this attribute is an integer followed by a unit of 1166 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1167 * disables this feature. 1168 * 1169 * @return Returns the "max-password-reset-age" property definition. 1170 */ 1171 public DurationPropertyDefinition getMaxPasswordResetAgePropertyDefinition() { 1172 return PD_MAX_PASSWORD_RESET_AGE; 1173 } 1174 1175 1176 1177 /** 1178 * Get the "min-password-age" property definition. 1179 * <p> 1180 * Specifies the minimum length of time after a password change 1181 * before the user is allowed to change the password again. 1182 * <p> 1183 * The value of this attribute is an integer followed by a unit of 1184 * seconds, minutes, hours, days, or weeks. This setting can be used 1185 * to prevent users from changing their passwords repeatedly over a 1186 * short period of time to flush an old password from the history so 1187 * that it can be re-used. 1188 * 1189 * @return Returns the "min-password-age" property definition. 1190 */ 1191 public DurationPropertyDefinition getMinPasswordAgePropertyDefinition() { 1192 return PD_MIN_PASSWORD_AGE; 1193 } 1194 1195 1196 1197 /** 1198 * Get the "password-attribute" property definition. 1199 * <p> 1200 * Specifies the attribute type used to hold user passwords. 1201 * <p> 1202 * This attribute type must be defined in the server schema, and it 1203 * must have either the user password or auth password syntax. 1204 * 1205 * @return Returns the "password-attribute" property definition. 1206 */ 1207 public AttributeTypePropertyDefinition getPasswordAttributePropertyDefinition() { 1208 return PD_PASSWORD_ATTRIBUTE; 1209 } 1210 1211 1212 1213 /** 1214 * Get the "password-change-requires-current-password" property definition. 1215 * <p> 1216 * Indicates whether user password changes must use the password 1217 * modify extended operation and must include the user's current 1218 * password before the change is allowed. 1219 * 1220 * @return Returns the "password-change-requires-current-password" property definition. 1221 */ 1222 public BooleanPropertyDefinition getPasswordChangeRequiresCurrentPasswordPropertyDefinition() { 1223 return PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD; 1224 } 1225 1226 1227 1228 /** 1229 * Get the "password-expiration-warning-interval" property definition. 1230 * <p> 1231 * Specifies the maximum length of time before a user's password 1232 * actually expires that the server begins to include warning 1233 * notifications in bind responses for that user. 1234 * <p> 1235 * The value of this attribute is an integer followed by a unit of 1236 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1237 * disables the warning interval. 1238 * 1239 * @return Returns the "password-expiration-warning-interval" property definition. 1240 */ 1241 public DurationPropertyDefinition getPasswordExpirationWarningIntervalPropertyDefinition() { 1242 return PD_PASSWORD_EXPIRATION_WARNING_INTERVAL; 1243 } 1244 1245 1246 1247 /** 1248 * Get the "password-generator" property definition. 1249 * <p> 1250 * Specifies the name of the password generator that is used with 1251 * the associated password policy. 1252 * <p> 1253 * This is used in conjunction with the password modify extended 1254 * operation to generate a new password for a user when none was 1255 * provided in the request. 1256 * 1257 * @return Returns the "password-generator" property definition. 1258 */ 1259 public AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> getPasswordGeneratorPropertyDefinition() { 1260 return PD_PASSWORD_GENERATOR; 1261 } 1262 1263 1264 1265 /** 1266 * Get the "password-history-count" property definition. 1267 * <p> 1268 * Specifies the maximum number of former passwords to maintain in 1269 * the password history. 1270 * <p> 1271 * When choosing a new password, the proposed password is checked to 1272 * ensure that it does not match the current password, nor any other 1273 * password in the history list. A value of zero indicates that 1274 * either no password history is to be maintained (if the password 1275 * history duration has a value of zero seconds), or that there is no 1276 * maximum number of passwords to maintain in the history (if the 1277 * password history duration has a value greater than zero seconds). 1278 * 1279 * @return Returns the "password-history-count" property definition. 1280 */ 1281 public IntegerPropertyDefinition getPasswordHistoryCountPropertyDefinition() { 1282 return PD_PASSWORD_HISTORY_COUNT; 1283 } 1284 1285 1286 1287 /** 1288 * Get the "password-history-duration" property definition. 1289 * <p> 1290 * Specifies the maximum length of time that passwords remain in the 1291 * password history. 1292 * <p> 1293 * When choosing a new password, the proposed password is checked to 1294 * ensure that it does not match the current password, nor any other 1295 * password in the history list. A value of zero seconds indicates 1296 * that either no password history is to be maintained (if the 1297 * password history count has a value of zero), or that there is no 1298 * maximum duration for passwords in the history (if the password 1299 * history count has a value greater than zero). 1300 * 1301 * @return Returns the "password-history-duration" property definition. 1302 */ 1303 public DurationPropertyDefinition getPasswordHistoryDurationPropertyDefinition() { 1304 return PD_PASSWORD_HISTORY_DURATION; 1305 } 1306 1307 1308 1309 /** 1310 * Get the "password-validator" property definition. 1311 * <p> 1312 * Specifies the names of the password validators that are used with 1313 * the associated password storage scheme. 1314 * <p> 1315 * The password validators are invoked when a user attempts to 1316 * provide a new password, to determine whether the new password is 1317 * acceptable. 1318 * 1319 * @return Returns the "password-validator" property definition. 1320 */ 1321 public AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> getPasswordValidatorPropertyDefinition() { 1322 return PD_PASSWORD_VALIDATOR; 1323 } 1324 1325 1326 1327 /** 1328 * Get the "previous-last-login-time-format" property definition. 1329 * <p> 1330 * Specifies the format string(s) that might have been used with the 1331 * last login time at any point in the past for users associated with 1332 * the password policy. 1333 * <p> 1334 * These values are used to make it possible to parse previous 1335 * values, but are not used to set new values. The format strings 1336 * conform to the syntax described in the API documentation for the 1337 * java.text.SimpleDateFormat class. 1338 * 1339 * @return Returns the "previous-last-login-time-format" property definition. 1340 */ 1341 public StringPropertyDefinition getPreviousLastLoginTimeFormatPropertyDefinition() { 1342 return PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT; 1343 } 1344 1345 1346 1347 /** 1348 * Get the "require-change-by-time" property definition. 1349 * <p> 1350 * Specifies the time by which all users with the associated 1351 * password policy must change their passwords. 1352 * <p> 1353 * The value is expressed in a generalized time format. If this time 1354 * is equal to the current time or is in the past, then all users are 1355 * required to change their passwords immediately. The behavior of 1356 * the server in this mode is identical to the behavior observed when 1357 * users are forced to change their passwords after an administrative 1358 * reset. 1359 * 1360 * @return Returns the "require-change-by-time" property definition. 1361 */ 1362 public StringPropertyDefinition getRequireChangeByTimePropertyDefinition() { 1363 return PD_REQUIRE_CHANGE_BY_TIME; 1364 } 1365 1366 1367 1368 /** 1369 * Get the "require-secure-authentication" property definition. 1370 * <p> 1371 * Indicates whether users with the associated password policy are 1372 * required to authenticate in a secure manner. 1373 * <p> 1374 * This might mean either using a secure communication channel 1375 * between the client and the server, or using a SASL mechanism that 1376 * does not expose the credentials. 1377 * 1378 * @return Returns the "require-secure-authentication" property definition. 1379 */ 1380 public BooleanPropertyDefinition getRequireSecureAuthenticationPropertyDefinition() { 1381 return PD_REQUIRE_SECURE_AUTHENTICATION; 1382 } 1383 1384 1385 1386 /** 1387 * Get the "require-secure-password-changes" property definition. 1388 * <p> 1389 * Indicates whether users with the associated password policy are 1390 * required to change their password in a secure manner that does not 1391 * expose the credentials. 1392 * 1393 * @return Returns the "require-secure-password-changes" property definition. 1394 */ 1395 public BooleanPropertyDefinition getRequireSecurePasswordChangesPropertyDefinition() { 1396 return PD_REQUIRE_SECURE_PASSWORD_CHANGES; 1397 } 1398 1399 1400 1401 /** 1402 * Get the "skip-validation-for-administrators" property definition. 1403 * <p> 1404 * Indicates whether passwords set by administrators are allowed to 1405 * bypass the password validation process that is required for user 1406 * password changes. 1407 * 1408 * @return Returns the "skip-validation-for-administrators" property definition. 1409 */ 1410 public BooleanPropertyDefinition getSkipValidationForAdministratorsPropertyDefinition() { 1411 return PD_SKIP_VALIDATION_FOR_ADMINISTRATORS; 1412 } 1413 1414 1415 1416 /** 1417 * Get the "state-update-failure-policy" property definition. 1418 * <p> 1419 * Specifies how the server deals with the inability to update 1420 * password policy state information during an authentication 1421 * attempt. 1422 * <p> 1423 * In particular, this property can be used to control whether an 1424 * otherwise successful bind operation fails if a failure occurs 1425 * while attempting to update password policy state information (for 1426 * example, to clear a record of previous authentication failures or 1427 * to update the last login time). It can also be used to control 1428 * whether to reject a bind request if it is known ahead of time that 1429 * it will not be possible to update the authentication failure times 1430 * in the event of an unsuccessful bind attempt (for example, if the 1431 * backend writability mode is disabled). 1432 * 1433 * @return Returns the "state-update-failure-policy" property definition. 1434 */ 1435 public EnumPropertyDefinition<StateUpdateFailurePolicy> getStateUpdateFailurePolicyPropertyDefinition() { 1436 return PD_STATE_UPDATE_FAILURE_POLICY; 1437 } 1438 1439 1440 1441 /** 1442 * Managed object client implementation. 1443 */ 1444 private static class PasswordPolicyCfgClientImpl implements 1445 PasswordPolicyCfgClient { 1446 1447 /** Private implementation. */ 1448 private ManagedObject<? extends PasswordPolicyCfgClient> impl; 1449 1450 1451 1452 /** Private constructor. */ 1453 private PasswordPolicyCfgClientImpl( 1454 ManagedObject<? extends PasswordPolicyCfgClient> impl) { 1455 this.impl = impl; 1456 } 1457 1458 1459 1460 /** {@inheritDoc} */ 1461 public SortedSet<String> getAccountStatusNotificationHandler() { 1462 return impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition()); 1463 } 1464 1465 1466 1467 /** {@inheritDoc} */ 1468 public void setAccountStatusNotificationHandler(Collection<String> values) { 1469 impl.setPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition(), values); 1470 } 1471 1472 1473 1474 /** {@inheritDoc} */ 1475 public boolean isAllowExpiredPasswordChanges() { 1476 return impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition()); 1477 } 1478 1479 1480 1481 /** {@inheritDoc} */ 1482 public void setAllowExpiredPasswordChanges(Boolean value) { 1483 impl.setPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition(), value); 1484 } 1485 1486 1487 1488 /** {@inheritDoc} */ 1489 public boolean isAllowMultiplePasswordValues() { 1490 return impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition()); 1491 } 1492 1493 1494 1495 /** {@inheritDoc} */ 1496 public void setAllowMultiplePasswordValues(Boolean value) { 1497 impl.setPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition(), value); 1498 } 1499 1500 1501 1502 /** {@inheritDoc} */ 1503 public boolean isAllowPreEncodedPasswords() { 1504 return impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition()); 1505 } 1506 1507 1508 1509 /** {@inheritDoc} */ 1510 public void setAllowPreEncodedPasswords(Boolean value) { 1511 impl.setPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition(), value); 1512 } 1513 1514 1515 1516 /** {@inheritDoc} */ 1517 public boolean isAllowUserPasswordChanges() { 1518 return impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition()); 1519 } 1520 1521 1522 1523 /** {@inheritDoc} */ 1524 public void setAllowUserPasswordChanges(Boolean value) { 1525 impl.setPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition(), value); 1526 } 1527 1528 1529 1530 /** {@inheritDoc} */ 1531 public SortedSet<String> getDefaultPasswordStorageScheme() { 1532 return impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition()); 1533 } 1534 1535 1536 1537 /** {@inheritDoc} */ 1538 public void setDefaultPasswordStorageScheme(Collection<String> values) { 1539 impl.setPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition(), values); 1540 } 1541 1542 1543 1544 /** {@inheritDoc} */ 1545 public SortedSet<String> getDeprecatedPasswordStorageScheme() { 1546 return impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition()); 1547 } 1548 1549 1550 1551 /** {@inheritDoc} */ 1552 public void setDeprecatedPasswordStorageScheme(Collection<String> values) { 1553 impl.setPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition(), values); 1554 } 1555 1556 1557 1558 /** {@inheritDoc} */ 1559 public boolean isExpirePasswordsWithoutWarning() { 1560 return impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition()); 1561 } 1562 1563 1564 1565 /** {@inheritDoc} */ 1566 public void setExpirePasswordsWithoutWarning(Boolean value) { 1567 impl.setPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition(), value); 1568 } 1569 1570 1571 1572 /** {@inheritDoc} */ 1573 public boolean isForceChangeOnAdd() { 1574 return impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition()); 1575 } 1576 1577 1578 1579 /** {@inheritDoc} */ 1580 public void setForceChangeOnAdd(Boolean value) { 1581 impl.setPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition(), value); 1582 } 1583 1584 1585 1586 /** {@inheritDoc} */ 1587 public boolean isForceChangeOnReset() { 1588 return impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition()); 1589 } 1590 1591 1592 1593 /** {@inheritDoc} */ 1594 public void setForceChangeOnReset(Boolean value) { 1595 impl.setPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition(), value); 1596 } 1597 1598 1599 1600 /** {@inheritDoc} */ 1601 public int getGraceLoginCount() { 1602 return impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition()); 1603 } 1604 1605 1606 1607 /** {@inheritDoc} */ 1608 public void setGraceLoginCount(Integer value) { 1609 impl.setPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition(), value); 1610 } 1611 1612 1613 1614 /** {@inheritDoc} */ 1615 public long getIdleLockoutInterval() { 1616 return impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition()); 1617 } 1618 1619 1620 1621 /** {@inheritDoc} */ 1622 public void setIdleLockoutInterval(Long value) { 1623 impl.setPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition(), value); 1624 } 1625 1626 1627 1628 /** {@inheritDoc} */ 1629 public String getJavaClass() { 1630 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 1631 } 1632 1633 1634 1635 /** {@inheritDoc} */ 1636 public void setJavaClass(String value) { 1637 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 1638 } 1639 1640 1641 1642 /** {@inheritDoc} */ 1643 public AttributeType getLastLoginTimeAttribute() { 1644 return impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition()); 1645 } 1646 1647 1648 1649 /** {@inheritDoc} */ 1650 public void setLastLoginTimeAttribute(AttributeType value) { 1651 impl.setPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition(), value); 1652 } 1653 1654 1655 1656 /** {@inheritDoc} */ 1657 public String getLastLoginTimeFormat() { 1658 return impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition()); 1659 } 1660 1661 1662 1663 /** {@inheritDoc} */ 1664 public void setLastLoginTimeFormat(String value) { 1665 impl.setPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition(), value); 1666 } 1667 1668 1669 1670 /** {@inheritDoc} */ 1671 public long getLockoutDuration() { 1672 return impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition()); 1673 } 1674 1675 1676 1677 /** {@inheritDoc} */ 1678 public void setLockoutDuration(Long value) { 1679 impl.setPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition(), value); 1680 } 1681 1682 1683 1684 /** {@inheritDoc} */ 1685 public int getLockoutFailureCount() { 1686 return impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition()); 1687 } 1688 1689 1690 1691 /** {@inheritDoc} */ 1692 public void setLockoutFailureCount(Integer value) { 1693 impl.setPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition(), value); 1694 } 1695 1696 1697 1698 /** {@inheritDoc} */ 1699 public long getLockoutFailureExpirationInterval() { 1700 return impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition()); 1701 } 1702 1703 1704 1705 /** {@inheritDoc} */ 1706 public void setLockoutFailureExpirationInterval(Long value) { 1707 impl.setPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition(), value); 1708 } 1709 1710 1711 1712 /** {@inheritDoc} */ 1713 public long getMaxPasswordAge() { 1714 return impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition()); 1715 } 1716 1717 1718 1719 /** {@inheritDoc} */ 1720 public void setMaxPasswordAge(Long value) { 1721 impl.setPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition(), value); 1722 } 1723 1724 1725 1726 /** {@inheritDoc} */ 1727 public long getMaxPasswordResetAge() { 1728 return impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition()); 1729 } 1730 1731 1732 1733 /** {@inheritDoc} */ 1734 public void setMaxPasswordResetAge(Long value) { 1735 impl.setPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition(), value); 1736 } 1737 1738 1739 1740 /** {@inheritDoc} */ 1741 public long getMinPasswordAge() { 1742 return impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition()); 1743 } 1744 1745 1746 1747 /** {@inheritDoc} */ 1748 public void setMinPasswordAge(Long value) { 1749 impl.setPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition(), value); 1750 } 1751 1752 1753 1754 /** {@inheritDoc} */ 1755 public AttributeType getPasswordAttribute() { 1756 return impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition()); 1757 } 1758 1759 1760 1761 /** {@inheritDoc} */ 1762 public void setPasswordAttribute(AttributeType value) { 1763 impl.setPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition(), value); 1764 } 1765 1766 1767 1768 /** {@inheritDoc} */ 1769 public boolean isPasswordChangeRequiresCurrentPassword() { 1770 return impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition()); 1771 } 1772 1773 1774 1775 /** {@inheritDoc} */ 1776 public void setPasswordChangeRequiresCurrentPassword(Boolean value) { 1777 impl.setPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition(), value); 1778 } 1779 1780 1781 1782 /** {@inheritDoc} */ 1783 public long getPasswordExpirationWarningInterval() { 1784 return impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition()); 1785 } 1786 1787 1788 1789 /** {@inheritDoc} */ 1790 public void setPasswordExpirationWarningInterval(Long value) { 1791 impl.setPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition(), value); 1792 } 1793 1794 1795 1796 /** {@inheritDoc} */ 1797 public String getPasswordGenerator() { 1798 return impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition()); 1799 } 1800 1801 1802 1803 /** {@inheritDoc} */ 1804 public void setPasswordGenerator(String value) { 1805 impl.setPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition(), value); 1806 } 1807 1808 1809 1810 /** {@inheritDoc} */ 1811 public int getPasswordHistoryCount() { 1812 return impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition()); 1813 } 1814 1815 1816 1817 /** {@inheritDoc} */ 1818 public void setPasswordHistoryCount(Integer value) { 1819 impl.setPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition(), value); 1820 } 1821 1822 1823 1824 /** {@inheritDoc} */ 1825 public long getPasswordHistoryDuration() { 1826 return impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition()); 1827 } 1828 1829 1830 1831 /** {@inheritDoc} */ 1832 public void setPasswordHistoryDuration(Long value) { 1833 impl.setPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition(), value); 1834 } 1835 1836 1837 1838 /** {@inheritDoc} */ 1839 public SortedSet<String> getPasswordValidator() { 1840 return impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition()); 1841 } 1842 1843 1844 1845 /** {@inheritDoc} */ 1846 public void setPasswordValidator(Collection<String> values) { 1847 impl.setPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition(), values); 1848 } 1849 1850 1851 1852 /** {@inheritDoc} */ 1853 public SortedSet<String> getPreviousLastLoginTimeFormat() { 1854 return impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition()); 1855 } 1856 1857 1858 1859 /** {@inheritDoc} */ 1860 public void setPreviousLastLoginTimeFormat(Collection<String> values) { 1861 impl.setPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition(), values); 1862 } 1863 1864 1865 1866 /** {@inheritDoc} */ 1867 public String getRequireChangeByTime() { 1868 return impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition()); 1869 } 1870 1871 1872 1873 /** {@inheritDoc} */ 1874 public void setRequireChangeByTime(String value) { 1875 impl.setPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition(), value); 1876 } 1877 1878 1879 1880 /** {@inheritDoc} */ 1881 public boolean isRequireSecureAuthentication() { 1882 return impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition()); 1883 } 1884 1885 1886 1887 /** {@inheritDoc} */ 1888 public void setRequireSecureAuthentication(Boolean value) { 1889 impl.setPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition(), value); 1890 } 1891 1892 1893 1894 /** {@inheritDoc} */ 1895 public boolean isRequireSecurePasswordChanges() { 1896 return impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition()); 1897 } 1898 1899 1900 1901 /** {@inheritDoc} */ 1902 public void setRequireSecurePasswordChanges(Boolean value) { 1903 impl.setPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition(), value); 1904 } 1905 1906 1907 1908 /** {@inheritDoc} */ 1909 public boolean isSkipValidationForAdministrators() { 1910 return impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition()); 1911 } 1912 1913 1914 1915 /** {@inheritDoc} */ 1916 public void setSkipValidationForAdministrators(Boolean value) { 1917 impl.setPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition(), value); 1918 } 1919 1920 1921 1922 /** {@inheritDoc} */ 1923 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() { 1924 return impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition()); 1925 } 1926 1927 1928 1929 /** {@inheritDoc} */ 1930 public void setStateUpdateFailurePolicy(StateUpdateFailurePolicy value) { 1931 impl.setPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition(), value); 1932 } 1933 1934 1935 1936 /** {@inheritDoc} */ 1937 public ManagedObjectDefinition<? extends PasswordPolicyCfgClient, ? extends PasswordPolicyCfg> definition() { 1938 return INSTANCE; 1939 } 1940 1941 1942 1943 /** {@inheritDoc} */ 1944 public PropertyProvider properties() { 1945 return impl; 1946 } 1947 1948 1949 1950 /** {@inheritDoc} */ 1951 public void commit() throws ManagedObjectAlreadyExistsException, 1952 MissingMandatoryPropertiesException, ConcurrentModificationException, 1953 OperationRejectedException, LdapException { 1954 impl.commit(); 1955 } 1956 1957 1958 1959 /** {@inheritDoc} */ 1960 public String toString() { 1961 return impl.toString(); 1962 } 1963 } 1964 1965 1966 1967 /** 1968 * Managed object server implementation. 1969 */ 1970 private static class PasswordPolicyCfgServerImpl implements 1971 PasswordPolicyCfg { 1972 1973 /** Private implementation. */ 1974 private ServerManagedObject<? extends PasswordPolicyCfg> impl; 1975 1976 /** The value of the "account-status-notification-handler" property. */ 1977 private final SortedSet<String> pAccountStatusNotificationHandler; 1978 1979 /** The value of the "allow-expired-password-changes" property. */ 1980 private final boolean pAllowExpiredPasswordChanges; 1981 1982 /** The value of the "allow-multiple-password-values" property. */ 1983 private final boolean pAllowMultiplePasswordValues; 1984 1985 /** The value of the "allow-pre-encoded-passwords" property. */ 1986 private final boolean pAllowPreEncodedPasswords; 1987 1988 /** The value of the "allow-user-password-changes" property. */ 1989 private final boolean pAllowUserPasswordChanges; 1990 1991 /** The value of the "default-password-storage-scheme" property. */ 1992 private final SortedSet<String> pDefaultPasswordStorageScheme; 1993 1994 /** The value of the "deprecated-password-storage-scheme" property. */ 1995 private final SortedSet<String> pDeprecatedPasswordStorageScheme; 1996 1997 /** The value of the "expire-passwords-without-warning" property. */ 1998 private final boolean pExpirePasswordsWithoutWarning; 1999 2000 /** The value of the "force-change-on-add" property. */ 2001 private final boolean pForceChangeOnAdd; 2002 2003 /** The value of the "force-change-on-reset" property. */ 2004 private final boolean pForceChangeOnReset; 2005 2006 /** The value of the "grace-login-count" property. */ 2007 private final int pGraceLoginCount; 2008 2009 /** The value of the "idle-lockout-interval" property. */ 2010 private final long pIdleLockoutInterval; 2011 2012 /** The value of the "java-class" property. */ 2013 private final String pJavaClass; 2014 2015 /** The value of the "last-login-time-attribute" property. */ 2016 private final AttributeType pLastLoginTimeAttribute; 2017 2018 /** The value of the "last-login-time-format" property. */ 2019 private final String pLastLoginTimeFormat; 2020 2021 /** The value of the "lockout-duration" property. */ 2022 private final long pLockoutDuration; 2023 2024 /** The value of the "lockout-failure-count" property. */ 2025 private final int pLockoutFailureCount; 2026 2027 /** The value of the "lockout-failure-expiration-interval" property. */ 2028 private final long pLockoutFailureExpirationInterval; 2029 2030 /** The value of the "max-password-age" property. */ 2031 private final long pMaxPasswordAge; 2032 2033 /** The value of the "max-password-reset-age" property. */ 2034 private final long pMaxPasswordResetAge; 2035 2036 /** The value of the "min-password-age" property. */ 2037 private final long pMinPasswordAge; 2038 2039 /** The value of the "password-attribute" property. */ 2040 private final AttributeType pPasswordAttribute; 2041 2042 /** The value of the "password-change-requires-current-password" property. */ 2043 private final boolean pPasswordChangeRequiresCurrentPassword; 2044 2045 /** The value of the "password-expiration-warning-interval" property. */ 2046 private final long pPasswordExpirationWarningInterval; 2047 2048 /** The value of the "password-generator" property. */ 2049 private final String pPasswordGenerator; 2050 2051 /** The value of the "password-history-count" property. */ 2052 private final int pPasswordHistoryCount; 2053 2054 /** The value of the "password-history-duration" property. */ 2055 private final long pPasswordHistoryDuration; 2056 2057 /** The value of the "password-validator" property. */ 2058 private final SortedSet<String> pPasswordValidator; 2059 2060 /** The value of the "previous-last-login-time-format" property. */ 2061 private final SortedSet<String> pPreviousLastLoginTimeFormat; 2062 2063 /** The value of the "require-change-by-time" property. */ 2064 private final String pRequireChangeByTime; 2065 2066 /** The value of the "require-secure-authentication" property. */ 2067 private final boolean pRequireSecureAuthentication; 2068 2069 /** The value of the "require-secure-password-changes" property. */ 2070 private final boolean pRequireSecurePasswordChanges; 2071 2072 /** The value of the "skip-validation-for-administrators" property. */ 2073 private final boolean pSkipValidationForAdministrators; 2074 2075 /** The value of the "state-update-failure-policy" property. */ 2076 private final StateUpdateFailurePolicy pStateUpdateFailurePolicy; 2077 2078 2079 2080 /** Private constructor. */ 2081 private PasswordPolicyCfgServerImpl(ServerManagedObject<? extends PasswordPolicyCfg> impl) { 2082 this.impl = impl; 2083 this.pAccountStatusNotificationHandler = impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition()); 2084 this.pAllowExpiredPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition()); 2085 this.pAllowMultiplePasswordValues = impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition()); 2086 this.pAllowPreEncodedPasswords = impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition()); 2087 this.pAllowUserPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition()); 2088 this.pDefaultPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition()); 2089 this.pDeprecatedPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition()); 2090 this.pExpirePasswordsWithoutWarning = impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition()); 2091 this.pForceChangeOnAdd = impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition()); 2092 this.pForceChangeOnReset = impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition()); 2093 this.pGraceLoginCount = impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition()); 2094 this.pIdleLockoutInterval = impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition()); 2095 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 2096 this.pLastLoginTimeAttribute = impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition()); 2097 this.pLastLoginTimeFormat = impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition()); 2098 this.pLockoutDuration = impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition()); 2099 this.pLockoutFailureCount = impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition()); 2100 this.pLockoutFailureExpirationInterval = impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition()); 2101 this.pMaxPasswordAge = impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition()); 2102 this.pMaxPasswordResetAge = impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition()); 2103 this.pMinPasswordAge = impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition()); 2104 this.pPasswordAttribute = impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition()); 2105 this.pPasswordChangeRequiresCurrentPassword = impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition()); 2106 this.pPasswordExpirationWarningInterval = impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition()); 2107 this.pPasswordGenerator = impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition()); 2108 this.pPasswordHistoryCount = impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition()); 2109 this.pPasswordHistoryDuration = impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition()); 2110 this.pPasswordValidator = impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition()); 2111 this.pPreviousLastLoginTimeFormat = impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition()); 2112 this.pRequireChangeByTime = impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition()); 2113 this.pRequireSecureAuthentication = impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition()); 2114 this.pRequireSecurePasswordChanges = impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition()); 2115 this.pSkipValidationForAdministrators = impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition()); 2116 this.pStateUpdateFailurePolicy = impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition()); 2117 } 2118 2119 2120 2121 /** {@inheritDoc} */ 2122 public void addPasswordPolicyChangeListener( 2123 ConfigurationChangeListener<PasswordPolicyCfg> listener) { 2124 impl.registerChangeListener(listener); 2125 } 2126 2127 2128 2129 /** {@inheritDoc} */ 2130 public void removePasswordPolicyChangeListener( 2131 ConfigurationChangeListener<PasswordPolicyCfg> listener) { 2132 impl.deregisterChangeListener(listener); 2133 } 2134 /** {@inheritDoc} */ 2135 public void addChangeListener( 2136 ConfigurationChangeListener<AuthenticationPolicyCfg> listener) { 2137 impl.registerChangeListener(listener); 2138 } 2139 2140 2141 2142 /** {@inheritDoc} */ 2143 public void removeChangeListener( 2144 ConfigurationChangeListener<AuthenticationPolicyCfg> listener) { 2145 impl.deregisterChangeListener(listener); 2146 } 2147 2148 2149 2150 /** {@inheritDoc} */ 2151 public SortedSet<String> getAccountStatusNotificationHandler() { 2152 return pAccountStatusNotificationHandler; 2153 } 2154 2155 2156 2157 /** 2158 * {@inheritDoc} 2159 */ 2160 public SortedSet<DN> getAccountStatusNotificationHandlerDNs() { 2161 SortedSet<String> values = getAccountStatusNotificationHandler(); 2162 SortedSet<DN> dnValues = new TreeSet<DN>(); 2163 for (String value : values) { 2164 DN dn = INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition().getChildDN(value); 2165 dnValues.add(dn); 2166 } 2167 return dnValues; 2168 } 2169 2170 2171 2172 /** {@inheritDoc} */ 2173 public boolean isAllowExpiredPasswordChanges() { 2174 return pAllowExpiredPasswordChanges; 2175 } 2176 2177 2178 2179 /** {@inheritDoc} */ 2180 public boolean isAllowMultiplePasswordValues() { 2181 return pAllowMultiplePasswordValues; 2182 } 2183 2184 2185 2186 /** {@inheritDoc} */ 2187 public boolean isAllowPreEncodedPasswords() { 2188 return pAllowPreEncodedPasswords; 2189 } 2190 2191 2192 2193 /** {@inheritDoc} */ 2194 public boolean isAllowUserPasswordChanges() { 2195 return pAllowUserPasswordChanges; 2196 } 2197 2198 2199 2200 /** {@inheritDoc} */ 2201 public SortedSet<String> getDefaultPasswordStorageScheme() { 2202 return pDefaultPasswordStorageScheme; 2203 } 2204 2205 2206 2207 /** 2208 * {@inheritDoc} 2209 */ 2210 public SortedSet<DN> getDefaultPasswordStorageSchemeDNs() { 2211 SortedSet<String> values = getDefaultPasswordStorageScheme(); 2212 SortedSet<DN> dnValues = new TreeSet<DN>(); 2213 for (String value : values) { 2214 DN dn = INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition().getChildDN(value); 2215 dnValues.add(dn); 2216 } 2217 return dnValues; 2218 } 2219 2220 2221 2222 /** {@inheritDoc} */ 2223 public SortedSet<String> getDeprecatedPasswordStorageScheme() { 2224 return pDeprecatedPasswordStorageScheme; 2225 } 2226 2227 2228 2229 /** 2230 * {@inheritDoc} 2231 */ 2232 public SortedSet<DN> getDeprecatedPasswordStorageSchemeDNs() { 2233 SortedSet<String> values = getDeprecatedPasswordStorageScheme(); 2234 SortedSet<DN> dnValues = new TreeSet<DN>(); 2235 for (String value : values) { 2236 DN dn = INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition().getChildDN(value); 2237 dnValues.add(dn); 2238 } 2239 return dnValues; 2240 } 2241 2242 2243 2244 /** {@inheritDoc} */ 2245 public boolean isExpirePasswordsWithoutWarning() { 2246 return pExpirePasswordsWithoutWarning; 2247 } 2248 2249 2250 2251 /** {@inheritDoc} */ 2252 public boolean isForceChangeOnAdd() { 2253 return pForceChangeOnAdd; 2254 } 2255 2256 2257 2258 /** {@inheritDoc} */ 2259 public boolean isForceChangeOnReset() { 2260 return pForceChangeOnReset; 2261 } 2262 2263 2264 2265 /** {@inheritDoc} */ 2266 public int getGraceLoginCount() { 2267 return pGraceLoginCount; 2268 } 2269 2270 2271 2272 /** {@inheritDoc} */ 2273 public long getIdleLockoutInterval() { 2274 return pIdleLockoutInterval; 2275 } 2276 2277 2278 2279 /** {@inheritDoc} */ 2280 public String getJavaClass() { 2281 return pJavaClass; 2282 } 2283 2284 2285 2286 /** {@inheritDoc} */ 2287 public AttributeType getLastLoginTimeAttribute() { 2288 return pLastLoginTimeAttribute; 2289 } 2290 2291 2292 2293 /** {@inheritDoc} */ 2294 public String getLastLoginTimeFormat() { 2295 return pLastLoginTimeFormat; 2296 } 2297 2298 2299 2300 /** {@inheritDoc} */ 2301 public long getLockoutDuration() { 2302 return pLockoutDuration; 2303 } 2304 2305 2306 2307 /** {@inheritDoc} */ 2308 public int getLockoutFailureCount() { 2309 return pLockoutFailureCount; 2310 } 2311 2312 2313 2314 /** {@inheritDoc} */ 2315 public long getLockoutFailureExpirationInterval() { 2316 return pLockoutFailureExpirationInterval; 2317 } 2318 2319 2320 2321 /** {@inheritDoc} */ 2322 public long getMaxPasswordAge() { 2323 return pMaxPasswordAge; 2324 } 2325 2326 2327 2328 /** {@inheritDoc} */ 2329 public long getMaxPasswordResetAge() { 2330 return pMaxPasswordResetAge; 2331 } 2332 2333 2334 2335 /** {@inheritDoc} */ 2336 public long getMinPasswordAge() { 2337 return pMinPasswordAge; 2338 } 2339 2340 2341 2342 /** {@inheritDoc} */ 2343 public AttributeType getPasswordAttribute() { 2344 return pPasswordAttribute; 2345 } 2346 2347 2348 2349 /** {@inheritDoc} */ 2350 public boolean isPasswordChangeRequiresCurrentPassword() { 2351 return pPasswordChangeRequiresCurrentPassword; 2352 } 2353 2354 2355 2356 /** {@inheritDoc} */ 2357 public long getPasswordExpirationWarningInterval() { 2358 return pPasswordExpirationWarningInterval; 2359 } 2360 2361 2362 2363 /** {@inheritDoc} */ 2364 public String getPasswordGenerator() { 2365 return pPasswordGenerator; 2366 } 2367 2368 2369 2370 /** 2371 * {@inheritDoc} 2372 */ 2373 public DN getPasswordGeneratorDN() { 2374 String value = getPasswordGenerator(); 2375 if (value == null) return null; 2376 return INSTANCE.getPasswordGeneratorPropertyDefinition().getChildDN(value); 2377 } 2378 2379 2380 2381 /** {@inheritDoc} */ 2382 public int getPasswordHistoryCount() { 2383 return pPasswordHistoryCount; 2384 } 2385 2386 2387 2388 /** {@inheritDoc} */ 2389 public long getPasswordHistoryDuration() { 2390 return pPasswordHistoryDuration; 2391 } 2392 2393 2394 2395 /** {@inheritDoc} */ 2396 public SortedSet<String> getPasswordValidator() { 2397 return pPasswordValidator; 2398 } 2399 2400 2401 2402 /** 2403 * {@inheritDoc} 2404 */ 2405 public SortedSet<DN> getPasswordValidatorDNs() { 2406 SortedSet<String> values = getPasswordValidator(); 2407 SortedSet<DN> dnValues = new TreeSet<DN>(); 2408 for (String value : values) { 2409 DN dn = INSTANCE.getPasswordValidatorPropertyDefinition().getChildDN(value); 2410 dnValues.add(dn); 2411 } 2412 return dnValues; 2413 } 2414 2415 2416 2417 /** {@inheritDoc} */ 2418 public SortedSet<String> getPreviousLastLoginTimeFormat() { 2419 return pPreviousLastLoginTimeFormat; 2420 } 2421 2422 2423 2424 /** {@inheritDoc} */ 2425 public String getRequireChangeByTime() { 2426 return pRequireChangeByTime; 2427 } 2428 2429 2430 2431 /** {@inheritDoc} */ 2432 public boolean isRequireSecureAuthentication() { 2433 return pRequireSecureAuthentication; 2434 } 2435 2436 2437 2438 /** {@inheritDoc} */ 2439 public boolean isRequireSecurePasswordChanges() { 2440 return pRequireSecurePasswordChanges; 2441 } 2442 2443 2444 2445 /** {@inheritDoc} */ 2446 public boolean isSkipValidationForAdministrators() { 2447 return pSkipValidationForAdministrators; 2448 } 2449 2450 2451 2452 /** {@inheritDoc} */ 2453 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() { 2454 return pStateUpdateFailurePolicy; 2455 } 2456 2457 2458 2459 /** {@inheritDoc} */ 2460 public Class<? extends PasswordPolicyCfg> configurationClass() { 2461 return PasswordPolicyCfg.class; 2462 } 2463 2464 2465 2466 /** {@inheritDoc} */ 2467 public DN dn() { 2468 return impl.getDN(); 2469 } 2470 2471 2472 2473 /** {@inheritDoc} */ 2474 public String toString() { 2475 return impl.toString(); 2476 } 2477 } 2478}