001 /*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License"). You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at
010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012 * See the License for the specific language governing permissions
013 * and limitations under the License.
014 *
015 * When distributing Covered Code, include this CDDL HEADER in each
016 * file and include the License file at
017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
018 * add the following below this CDDL HEADER, with the fields enclosed
019 * by brackets "[]" replaced with your own identifying information:
020 * Portions Copyright [yyyy] [name of copyright owner]
021 *
022 * CDDL HEADER END
023 *
024 *
025 * Copyright 2008 Sun Microsystems, Inc.
026 */
027 package org.opends.server.admin.std.meta;
028
029
030
031 import java.util.Collection;
032 import java.util.SortedSet;
033 import java.util.TreeSet;
034 import org.opends.server.admin.AdministratorAction;
035 import org.opends.server.admin.AggregationPropertyDefinition;
036 import org.opends.server.admin.AttributeTypePropertyDefinition;
037 import org.opends.server.admin.BooleanPropertyDefinition;
038 import org.opends.server.admin.client.AuthorizationException;
039 import org.opends.server.admin.client.CommunicationException;
040 import org.opends.server.admin.client.ConcurrentModificationException;
041 import org.opends.server.admin.client.ManagedObject;
042 import org.opends.server.admin.client.MissingMandatoryPropertiesException;
043 import org.opends.server.admin.client.OperationRejectedException;
044 import org.opends.server.admin.DefaultBehaviorProvider;
045 import org.opends.server.admin.DefinedDefaultBehaviorProvider;
046 import org.opends.server.admin.DurationPropertyDefinition;
047 import org.opends.server.admin.EnumPropertyDefinition;
048 import org.opends.server.admin.IntegerPropertyDefinition;
049 import org.opends.server.admin.ManagedObjectAlreadyExistsException;
050 import org.opends.server.admin.ManagedObjectDefinition;
051 import org.opends.server.admin.PropertyOption;
052 import org.opends.server.admin.PropertyProvider;
053 import org.opends.server.admin.server.ConfigurationChangeListener;
054 import org.opends.server.admin.server.ServerManagedObject;
055 import org.opends.server.admin.std.client.AccountStatusNotificationHandlerCfgClient;
056 import org.opends.server.admin.std.client.PasswordGeneratorCfgClient;
057 import org.opends.server.admin.std.client.PasswordPolicyCfgClient;
058 import org.opends.server.admin.std.client.PasswordStorageSchemeCfgClient;
059 import org.opends.server.admin.std.client.PasswordValidatorCfgClient;
060 import org.opends.server.admin.std.server.AccountStatusNotificationHandlerCfg;
061 import org.opends.server.admin.std.server.PasswordGeneratorCfg;
062 import org.opends.server.admin.std.server.PasswordPolicyCfg;
063 import org.opends.server.admin.std.server.PasswordStorageSchemeCfg;
064 import org.opends.server.admin.std.server.PasswordValidatorCfg;
065 import org.opends.server.admin.StringPropertyDefinition;
066 import org.opends.server.admin.Tag;
067 import org.opends.server.admin.TopCfgDefn;
068 import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
069 import org.opends.server.types.AttributeType;
070 import org.opends.server.types.DN;
071
072
073
074 /**
075 * An interface for querying the Password Policy managed object
076 * definition meta information.
077 * <p>
078 * Password Policies define a number of password management rules, as
079 * well as requirements for authentication processing.
080 */
081 public final class PasswordPolicyCfgDefn extends ManagedObjectDefinition<PasswordPolicyCfgClient, PasswordPolicyCfg> {
082
083 // The singleton configuration definition instance.
084 private static final PasswordPolicyCfgDefn INSTANCE = new PasswordPolicyCfgDefn();
085
086
087
088 /**
089 * Defines the set of permissable values for the "state-update-failure-policy" property.
090 * <p>
091 * Specifies how the server deals with the inability to update
092 * password policy state information during an authentication
093 * attempt.
094 * <p>
095 * In particular, this property can be used to control whether an
096 * otherwise successful bind operation fails if a failure occurs
097 * while attempting to update password policy state information (for
098 * example, to clear a record of previous authentication failures or
099 * to update the last login time). It can also be used to control
100 * whether to reject a bind request if it is known ahead of time that
101 * it will not be possible to update the authentication failure times
102 * in the event of an unsuccessful bind attempt (for example, if the
103 * backend writability mode is disabled).
104 */
105 public static enum StateUpdateFailurePolicy {
106
107 /**
108 * If a bind attempt would otherwise be successful, then do not
109 * reject it if a problem occurs while attempting to update the
110 * password policy state information for the user.
111 */
112 IGNORE("ignore"),
113
114
115
116 /**
117 * Proactively reject any bind attempt if it is known ahead of
118 * time that it would not be possible to update the user's password
119 * policy state information.
120 */
121 PROACTIVE("proactive"),
122
123
124
125 /**
126 * Even if a bind attempt would otherwise be successful, reject it
127 * if a problem occurs while attempting to update the password
128 * policy state information for the user.
129 */
130 REACTIVE("reactive");
131
132
133
134 // String representation of the value.
135 private final String name;
136
137
138
139 // Private constructor.
140 private StateUpdateFailurePolicy(String name) { this.name = name; }
141
142
143
144 /**
145 * {@inheritDoc}
146 */
147 public String toString() { return name; }
148
149 }
150
151
152
153 // The "account-status-notification-handler" property definition.
154 private static final AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
155
156
157
158 // The "allow-expired-password-changes" property definition.
159 private static final BooleanPropertyDefinition PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
160
161
162
163 // The "allow-multiple-password-values" property definition.
164 private static final BooleanPropertyDefinition PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
165
166
167
168 // The "allow-pre-encoded-passwords" property definition.
169 private static final BooleanPropertyDefinition PD_ALLOW_PRE_ENCODED_PASSWORDS;
170
171
172
173 // The "allow-user-password-changes" property definition.
174 private static final BooleanPropertyDefinition PD_ALLOW_USER_PASSWORD_CHANGES;
175
176
177
178 // The "default-password-storage-scheme" property definition.
179 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
180
181
182
183 // The "deprecated-password-storage-scheme" property definition.
184 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
185
186
187
188 // The "expire-passwords-without-warning" property definition.
189 private static final BooleanPropertyDefinition PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
190
191
192
193 // The "force-change-on-add" property definition.
194 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_ADD;
195
196
197
198 // The "force-change-on-reset" property definition.
199 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_RESET;
200
201
202
203 // The "grace-login-count" property definition.
204 private static final IntegerPropertyDefinition PD_GRACE_LOGIN_COUNT;
205
206
207
208 // The "idle-lockout-interval" property definition.
209 private static final DurationPropertyDefinition PD_IDLE_LOCKOUT_INTERVAL;
210
211
212
213 // The "last-login-time-attribute" property definition.
214 private static final AttributeTypePropertyDefinition PD_LAST_LOGIN_TIME_ATTRIBUTE;
215
216
217
218 // The "last-login-time-format" property definition.
219 private static final StringPropertyDefinition PD_LAST_LOGIN_TIME_FORMAT;
220
221
222
223 // The "lockout-duration" property definition.
224 private static final DurationPropertyDefinition PD_LOCKOUT_DURATION;
225
226
227
228 // The "lockout-failure-count" property definition.
229 private static final IntegerPropertyDefinition PD_LOCKOUT_FAILURE_COUNT;
230
231
232
233 // The "lockout-failure-expiration-interval" property definition.
234 private static final DurationPropertyDefinition PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
235
236
237
238 // The "max-password-age" property definition.
239 private static final DurationPropertyDefinition PD_MAX_PASSWORD_AGE;
240
241
242
243 // The "max-password-reset-age" property definition.
244 private static final DurationPropertyDefinition PD_MAX_PASSWORD_RESET_AGE;
245
246
247
248 // The "min-password-age" property definition.
249 private static final DurationPropertyDefinition PD_MIN_PASSWORD_AGE;
250
251
252
253 // The "password-attribute" property definition.
254 private static final AttributeTypePropertyDefinition PD_PASSWORD_ATTRIBUTE;
255
256
257
258 // The "password-change-requires-current-password" property definition.
259 private static final BooleanPropertyDefinition PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
260
261
262
263 // The "password-expiration-warning-interval" property definition.
264 private static final DurationPropertyDefinition PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
265
266
267
268 // The "password-generator" property definition.
269 private static final AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> PD_PASSWORD_GENERATOR;
270
271
272
273 // The "password-history-count" property definition.
274 private static final IntegerPropertyDefinition PD_PASSWORD_HISTORY_COUNT;
275
276
277
278 // The "password-history-duration" property definition.
279 private static final DurationPropertyDefinition PD_PASSWORD_HISTORY_DURATION;
280
281
282
283 // The "password-validator" property definition.
284 private static final AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> PD_PASSWORD_VALIDATOR;
285
286
287
288 // The "previous-last-login-time-format" property definition.
289 private static final StringPropertyDefinition PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
290
291
292
293 // The "require-change-by-time" property definition.
294 private static final StringPropertyDefinition PD_REQUIRE_CHANGE_BY_TIME;
295
296
297
298 // The "require-secure-authentication" property definition.
299 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_AUTHENTICATION;
300
301
302
303 // The "require-secure-password-changes" property definition.
304 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_PASSWORD_CHANGES;
305
306
307
308 // The "skip-validation-for-administrators" property definition.
309 private static final BooleanPropertyDefinition PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
310
311
312
313 // The "state-update-failure-policy" property definition.
314 private static final EnumPropertyDefinition<StateUpdateFailurePolicy> PD_STATE_UPDATE_FAILURE_POLICY;
315
316
317
318 // Build the "account-status-notification-handler" property definition.
319 static {
320 AggregationPropertyDefinition.Builder<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "account-status-notification-handler");
321 builder.setOption(PropertyOption.MULTI_VALUED);
322 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "account-status-notification-handler"));
323 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
324 builder.setParentPath("/");
325 builder.setRelationDefinition("account-status-notification-handler");
326 PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER = builder.getInstance();
327 INSTANCE.registerPropertyDefinition(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER);
328 INSTANCE.registerConstraint(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER.getSourceConstraint());
329 }
330
331
332
333 // Build the "allow-expired-password-changes" property definition.
334 static {
335 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-expired-password-changes");
336 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-expired-password-changes"));
337 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
338 builder.setDefaultBehaviorProvider(provider);
339 PD_ALLOW_EXPIRED_PASSWORD_CHANGES = builder.getInstance();
340 INSTANCE.registerPropertyDefinition(PD_ALLOW_EXPIRED_PASSWORD_CHANGES);
341 }
342
343
344
345 // Build the "allow-multiple-password-values" property definition.
346 static {
347 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-multiple-password-values");
348 builder.setOption(PropertyOption.ADVANCED);
349 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-multiple-password-values"));
350 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
351 builder.setDefaultBehaviorProvider(provider);
352 PD_ALLOW_MULTIPLE_PASSWORD_VALUES = builder.getInstance();
353 INSTANCE.registerPropertyDefinition(PD_ALLOW_MULTIPLE_PASSWORD_VALUES);
354 }
355
356
357
358 // Build the "allow-pre-encoded-passwords" property definition.
359 static {
360 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-pre-encoded-passwords");
361 builder.setOption(PropertyOption.ADVANCED);
362 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-pre-encoded-passwords"));
363 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
364 builder.setDefaultBehaviorProvider(provider);
365 PD_ALLOW_PRE_ENCODED_PASSWORDS = builder.getInstance();
366 INSTANCE.registerPropertyDefinition(PD_ALLOW_PRE_ENCODED_PASSWORDS);
367 }
368
369
370
371 // Build the "allow-user-password-changes" property definition.
372 static {
373 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-user-password-changes");
374 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-user-password-changes"));
375 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true");
376 builder.setDefaultBehaviorProvider(provider);
377 PD_ALLOW_USER_PASSWORD_CHANGES = builder.getInstance();
378 INSTANCE.registerPropertyDefinition(PD_ALLOW_USER_PASSWORD_CHANGES);
379 }
380
381
382
383 // Build the "default-password-storage-scheme" property definition.
384 static {
385 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "default-password-storage-scheme");
386 builder.setOption(PropertyOption.MULTI_VALUED);
387 builder.setOption(PropertyOption.MANDATORY);
388 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-password-storage-scheme"));
389 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
390 builder.setParentPath("/");
391 builder.setRelationDefinition("password-storage-scheme");
392 PD_DEFAULT_PASSWORD_STORAGE_SCHEME = builder.getInstance();
393 INSTANCE.registerPropertyDefinition(PD_DEFAULT_PASSWORD_STORAGE_SCHEME);
394 INSTANCE.registerConstraint(PD_DEFAULT_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
395 }
396
397
398
399 // Build the "deprecated-password-storage-scheme" property definition.
400 static {
401 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "deprecated-password-storage-scheme");
402 builder.setOption(PropertyOption.MULTI_VALUED);
403 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "deprecated-password-storage-scheme"));
404 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
405 builder.setParentPath("/");
406 builder.setRelationDefinition("password-storage-scheme");
407 PD_DEPRECATED_PASSWORD_STORAGE_SCHEME = builder.getInstance();
408 INSTANCE.registerPropertyDefinition(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME);
409 INSTANCE.registerConstraint(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
410 }
411
412
413
414 // Build the "expire-passwords-without-warning" property definition.
415 static {
416 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "expire-passwords-without-warning");
417 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "expire-passwords-without-warning"));
418 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
419 builder.setDefaultBehaviorProvider(provider);
420 PD_EXPIRE_PASSWORDS_WITHOUT_WARNING = builder.getInstance();
421 INSTANCE.registerPropertyDefinition(PD_EXPIRE_PASSWORDS_WITHOUT_WARNING);
422 }
423
424
425
426 // Build the "force-change-on-add" property definition.
427 static {
428 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-add");
429 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-add"));
430 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
431 builder.setDefaultBehaviorProvider(provider);
432 PD_FORCE_CHANGE_ON_ADD = builder.getInstance();
433 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_ADD);
434 }
435
436
437
438 // Build the "force-change-on-reset" property definition.
439 static {
440 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-reset");
441 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-reset"));
442 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
443 builder.setDefaultBehaviorProvider(provider);
444 PD_FORCE_CHANGE_ON_RESET = builder.getInstance();
445 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_RESET);
446 }
447
448
449
450 // Build the "grace-login-count" property definition.
451 static {
452 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "grace-login-count");
453 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "grace-login-count"));
454 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
455 builder.setDefaultBehaviorProvider(provider);
456 builder.setUpperLimit(2147483647);
457 builder.setLowerLimit(0);
458 PD_GRACE_LOGIN_COUNT = builder.getInstance();
459 INSTANCE.registerPropertyDefinition(PD_GRACE_LOGIN_COUNT);
460 }
461
462
463
464 // Build the "idle-lockout-interval" property definition.
465 static {
466 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "idle-lockout-interval");
467 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "idle-lockout-interval"));
468 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
469 builder.setDefaultBehaviorProvider(provider);
470 builder.setUpperLimit("2147483647");
471 builder.setLowerLimit("0");
472 PD_IDLE_LOCKOUT_INTERVAL = builder.getInstance();
473 INSTANCE.registerPropertyDefinition(PD_IDLE_LOCKOUT_INTERVAL);
474 }
475
476
477
478 // Build the "last-login-time-attribute" property definition.
479 static {
480 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "last-login-time-attribute");
481 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-attribute"));
482 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
483 PD_LAST_LOGIN_TIME_ATTRIBUTE = builder.getInstance();
484 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_ATTRIBUTE);
485 }
486
487
488
489 // Build the "last-login-time-format" property definition.
490 static {
491 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "last-login-time-format");
492 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-format"));
493 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
494 builder.setPattern(".*", "STRING");
495 PD_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
496 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_FORMAT);
497 }
498
499
500
501 // Build the "lockout-duration" property definition.
502 static {
503 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-duration");
504 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-duration"));
505 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
506 builder.setDefaultBehaviorProvider(provider);
507 builder.setBaseUnit("s");
508 builder.setUpperLimit("2147483647");
509 builder.setLowerLimit("0");
510 PD_LOCKOUT_DURATION = builder.getInstance();
511 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_DURATION);
512 }
513
514
515
516 // Build the "lockout-failure-count" property definition.
517 static {
518 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-count");
519 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-count"));
520 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
521 builder.setDefaultBehaviorProvider(provider);
522 builder.setUpperLimit(2147483647);
523 builder.setLowerLimit(0);
524 PD_LOCKOUT_FAILURE_COUNT = builder.getInstance();
525 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_COUNT);
526 }
527
528
529
530 // Build the "lockout-failure-expiration-interval" property definition.
531 static {
532 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-expiration-interval");
533 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-expiration-interval"));
534 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
535 builder.setDefaultBehaviorProvider(provider);
536 builder.setBaseUnit("s");
537 builder.setUpperLimit("2147483647");
538 builder.setLowerLimit("0");
539 PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL = builder.getInstance();
540 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL);
541 }
542
543
544
545 // Build the "max-password-age" property definition.
546 static {
547 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-age");
548 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-age"));
549 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
550 builder.setDefaultBehaviorProvider(provider);
551 builder.setBaseUnit("s");
552 builder.setUpperLimit("2147483647");
553 builder.setLowerLimit("0");
554 PD_MAX_PASSWORD_AGE = builder.getInstance();
555 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_AGE);
556 }
557
558
559
560 // Build the "max-password-reset-age" property definition.
561 static {
562 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-reset-age");
563 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-reset-age"));
564 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
565 builder.setDefaultBehaviorProvider(provider);
566 builder.setBaseUnit("s");
567 builder.setUpperLimit("2147483647");
568 builder.setLowerLimit("0");
569 PD_MAX_PASSWORD_RESET_AGE = builder.getInstance();
570 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_RESET_AGE);
571 }
572
573
574
575 // Build the "min-password-age" property definition.
576 static {
577 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "min-password-age");
578 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-password-age"));
579 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
580 builder.setDefaultBehaviorProvider(provider);
581 builder.setBaseUnit("s");
582 builder.setUpperLimit("2147483647");
583 builder.setLowerLimit("0");
584 PD_MIN_PASSWORD_AGE = builder.getInstance();
585 INSTANCE.registerPropertyDefinition(PD_MIN_PASSWORD_AGE);
586 }
587
588
589
590 // Build the "password-attribute" property definition.
591 static {
592 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "password-attribute");
593 builder.setOption(PropertyOption.MANDATORY);
594 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-attribute"));
595 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
596 PD_PASSWORD_ATTRIBUTE = builder.getInstance();
597 INSTANCE.registerPropertyDefinition(PD_PASSWORD_ATTRIBUTE);
598 }
599
600
601
602 // Build the "password-change-requires-current-password" property definition.
603 static {
604 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "password-change-requires-current-password");
605 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-change-requires-current-password"));
606 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
607 builder.setDefaultBehaviorProvider(provider);
608 PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD = builder.getInstance();
609 INSTANCE.registerPropertyDefinition(PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD);
610 }
611
612
613
614 // Build the "password-expiration-warning-interval" property definition.
615 static {
616 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-expiration-warning-interval");
617 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-expiration-warning-interval"));
618 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("5 days");
619 builder.setDefaultBehaviorProvider(provider);
620 PD_PASSWORD_EXPIRATION_WARNING_INTERVAL = builder.getInstance();
621 INSTANCE.registerPropertyDefinition(PD_PASSWORD_EXPIRATION_WARNING_INTERVAL);
622 }
623
624
625
626 // Build the "password-generator" property definition.
627 static {
628 AggregationPropertyDefinition.Builder<PasswordGeneratorCfgClient, PasswordGeneratorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-generator");
629 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-generator"));
630 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
631 builder.setParentPath("/");
632 builder.setRelationDefinition("password-generator");
633 PD_PASSWORD_GENERATOR = builder.getInstance();
634 INSTANCE.registerPropertyDefinition(PD_PASSWORD_GENERATOR);
635 INSTANCE.registerConstraint(PD_PASSWORD_GENERATOR.getSourceConstraint());
636 }
637
638
639
640 // Build the "password-history-count" property definition.
641 static {
642 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "password-history-count");
643 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-count"));
644 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
645 builder.setDefaultBehaviorProvider(provider);
646 builder.setUpperLimit(2147483647);
647 builder.setLowerLimit(0);
648 PD_PASSWORD_HISTORY_COUNT = builder.getInstance();
649 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_COUNT);
650 }
651
652
653
654 // Build the "password-history-duration" property definition.
655 static {
656 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-history-duration");
657 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-duration"));
658 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
659 builder.setDefaultBehaviorProvider(provider);
660 builder.setAllowUnlimited(false);
661 builder.setBaseUnit("s");
662 builder.setUpperLimit("2147483647");
663 builder.setLowerLimit("0");
664 PD_PASSWORD_HISTORY_DURATION = builder.getInstance();
665 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_DURATION);
666 }
667
668
669
670 // Build the "password-validator" property definition.
671 static {
672 AggregationPropertyDefinition.Builder<PasswordValidatorCfgClient, PasswordValidatorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-validator");
673 builder.setOption(PropertyOption.MULTI_VALUED);
674 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-validator"));
675 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
676 builder.setParentPath("/");
677 builder.setRelationDefinition("password-validator");
678 PD_PASSWORD_VALIDATOR = builder.getInstance();
679 INSTANCE.registerPropertyDefinition(PD_PASSWORD_VALIDATOR);
680 INSTANCE.registerConstraint(PD_PASSWORD_VALIDATOR.getSourceConstraint());
681 }
682
683
684
685 // Build the "previous-last-login-time-format" property definition.
686 static {
687 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "previous-last-login-time-format");
688 builder.setOption(PropertyOption.MULTI_VALUED);
689 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "previous-last-login-time-format"));
690 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
691 builder.setPattern(".*", "STRING");
692 PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
693 INSTANCE.registerPropertyDefinition(PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT);
694 }
695
696
697
698 // Build the "require-change-by-time" property definition.
699 static {
700 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "require-change-by-time");
701 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-change-by-time"));
702 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
703 builder.setPattern(".*", "STRING");
704 PD_REQUIRE_CHANGE_BY_TIME = builder.getInstance();
705 INSTANCE.registerPropertyDefinition(PD_REQUIRE_CHANGE_BY_TIME);
706 }
707
708
709
710 // Build the "require-secure-authentication" property definition.
711 static {
712 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-authentication");
713 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-authentication"));
714 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
715 builder.setDefaultBehaviorProvider(provider);
716 PD_REQUIRE_SECURE_AUTHENTICATION = builder.getInstance();
717 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_AUTHENTICATION);
718 }
719
720
721
722 // Build the "require-secure-password-changes" property definition.
723 static {
724 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-password-changes");
725 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-password-changes"));
726 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
727 builder.setDefaultBehaviorProvider(provider);
728 PD_REQUIRE_SECURE_PASSWORD_CHANGES = builder.getInstance();
729 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_PASSWORD_CHANGES);
730 }
731
732
733
734 // Build the "skip-validation-for-administrators" property definition.
735 static {
736 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "skip-validation-for-administrators");
737 builder.setOption(PropertyOption.ADVANCED);
738 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "skip-validation-for-administrators"));
739 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
740 builder.setDefaultBehaviorProvider(provider);
741 PD_SKIP_VALIDATION_FOR_ADMINISTRATORS = builder.getInstance();
742 INSTANCE.registerPropertyDefinition(PD_SKIP_VALIDATION_FOR_ADMINISTRATORS);
743 }
744
745
746
747 // Build the "state-update-failure-policy" property definition.
748 static {
749 EnumPropertyDefinition.Builder<StateUpdateFailurePolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "state-update-failure-policy");
750 builder.setOption(PropertyOption.ADVANCED);
751 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "state-update-failure-policy"));
752 DefaultBehaviorProvider<StateUpdateFailurePolicy> provider = new DefinedDefaultBehaviorProvider<StateUpdateFailurePolicy>("reactive");
753 builder.setDefaultBehaviorProvider(provider);
754 builder.setEnumClass(StateUpdateFailurePolicy.class);
755 PD_STATE_UPDATE_FAILURE_POLICY = builder.getInstance();
756 INSTANCE.registerPropertyDefinition(PD_STATE_UPDATE_FAILURE_POLICY);
757 }
758
759
760
761 // Register the tags associated with this managed object definition.
762 static {
763 INSTANCE.registerTag(Tag.valueOf("user-management"));
764 }
765
766
767
768 /**
769 * Get the Password Policy configuration definition singleton.
770 *
771 * @return Returns the Password Policy configuration definition
772 * singleton.
773 */
774 public static PasswordPolicyCfgDefn getInstance() {
775 return INSTANCE;
776 }
777
778
779
780 /**
781 * Private constructor.
782 */
783 private PasswordPolicyCfgDefn() {
784 super("password-policy", TopCfgDefn.getInstance());
785 }
786
787
788
789 /**
790 * {@inheritDoc}
791 */
792 public PasswordPolicyCfgClient createClientConfiguration(
793 ManagedObject<? extends PasswordPolicyCfgClient> impl) {
794 return new PasswordPolicyCfgClientImpl(impl);
795 }
796
797
798
799 /**
800 * {@inheritDoc}
801 */
802 public PasswordPolicyCfg createServerConfiguration(
803 ServerManagedObject<? extends PasswordPolicyCfg> impl) {
804 return new PasswordPolicyCfgServerImpl(impl);
805 }
806
807
808
809 /**
810 * {@inheritDoc}
811 */
812 public Class<PasswordPolicyCfg> getServerConfigurationClass() {
813 return PasswordPolicyCfg.class;
814 }
815
816
817
818 /**
819 * Get the "account-status-notification-handler" property definition.
820 * <p>
821 * Specifies the names of the account status notification handlers
822 * that are used with the associated password storage scheme.
823 *
824 * @return Returns the "account-status-notification-handler" property definition.
825 */
826 public AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> getAccountStatusNotificationHandlerPropertyDefinition() {
827 return PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
828 }
829
830
831
832 /**
833 * Get the "allow-expired-password-changes" property definition.
834 * <p>
835 * Indicates whether a user whose password is expired is still
836 * allowed to change that password using the password modify extended
837 * operation.
838 *
839 * @return Returns the "allow-expired-password-changes" property definition.
840 */
841 public BooleanPropertyDefinition getAllowExpiredPasswordChangesPropertyDefinition() {
842 return PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
843 }
844
845
846
847 /**
848 * Get the "allow-multiple-password-values" property definition.
849 * <p>
850 * Indicates whether user entries can have multiple distinct values
851 * for the password attribute.
852 * <p>
853 * This is potentially dangerous because many mechanisms used to
854 * change the password do not work well with such a configuration. If
855 * multiple password values are allowed, then any of them can be used
856 * to authenticate, and they are all subject to the same policy
857 * constraints.
858 *
859 * @return Returns the "allow-multiple-password-values" property definition.
860 */
861 public BooleanPropertyDefinition getAllowMultiplePasswordValuesPropertyDefinition() {
862 return PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
863 }
864
865
866
867 /**
868 * Get the "allow-pre-encoded-passwords" property definition.
869 * <p>
870 * Indicates whether users can change their passwords by providing a
871 * pre-encoded value.
872 * <p>
873 * This can cause a security risk because the clear-text version of
874 * the password is not known and therefore validation checks cannot
875 * be applied to it.
876 *
877 * @return Returns the "allow-pre-encoded-passwords" property definition.
878 */
879 public BooleanPropertyDefinition getAllowPreEncodedPasswordsPropertyDefinition() {
880 return PD_ALLOW_PRE_ENCODED_PASSWORDS;
881 }
882
883
884
885 /**
886 * Get the "allow-user-password-changes" property definition.
887 * <p>
888 * Indicates whether users can change their own passwords.
889 * <p>
890 * This check is made in addition to access control evaluation. Both
891 * must allow the password change for it to occur.
892 *
893 * @return Returns the "allow-user-password-changes" property definition.
894 */
895 public BooleanPropertyDefinition getAllowUserPasswordChangesPropertyDefinition() {
896 return PD_ALLOW_USER_PASSWORD_CHANGES;
897 }
898
899
900
901 /**
902 * Get the "default-password-storage-scheme" property definition.
903 * <p>
904 * Specifies the names of the password storage schemes that are used
905 * to encode clear-text passwords for this password policy.
906 *
907 * @return Returns the "default-password-storage-scheme" property definition.
908 */
909 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDefaultPasswordStorageSchemePropertyDefinition() {
910 return PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
911 }
912
913
914
915 /**
916 * Get the "deprecated-password-storage-scheme" property definition.
917 * <p>
918 * Specifies the names of the password storage schemes that are
919 * considered deprecated for this password policy.
920 * <p>
921 * If a user with this password policy authenticates to the server
922 * and his/her password is encoded with a deprecated scheme, those
923 * values are removed and replaced with values encoded using the
924 * default password storage scheme(s).
925 *
926 * @return Returns the "deprecated-password-storage-scheme" property definition.
927 */
928 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDeprecatedPasswordStorageSchemePropertyDefinition() {
929 return PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
930 }
931
932
933
934 /**
935 * Get the "expire-passwords-without-warning" property definition.
936 * <p>
937 * Indicates whether the Directory Server allows a user's password
938 * to expire even if that user has never seen an expiration warning
939 * notification.
940 * <p>
941 * If this property is true, accounts always expire when the
942 * expiration time arrives. If this property is false disabled, the
943 * user always receives at least one warning notification, and the
944 * password expiration is set to the warning time plus the warning
945 * interval.
946 *
947 * @return Returns the "expire-passwords-without-warning" property definition.
948 */
949 public BooleanPropertyDefinition getExpirePasswordsWithoutWarningPropertyDefinition() {
950 return PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
951 }
952
953
954
955 /**
956 * Get the "force-change-on-add" property definition.
957 * <p>
958 * Indicates whether users are forced to change their passwords upon
959 * first authenticating to the Directory Server after their account
960 * has been created.
961 *
962 * @return Returns the "force-change-on-add" property definition.
963 */
964 public BooleanPropertyDefinition getForceChangeOnAddPropertyDefinition() {
965 return PD_FORCE_CHANGE_ON_ADD;
966 }
967
968
969
970 /**
971 * Get the "force-change-on-reset" property definition.
972 * <p>
973 * Indicates whether users are forced to change their passwords if
974 * they are reset by an administrator.
975 * <p>
976 * For this purpose, anyone with permission to change a given user's
977 * password other than that user is considered an administrator.
978 *
979 * @return Returns the "force-change-on-reset" property definition.
980 */
981 public BooleanPropertyDefinition getForceChangeOnResetPropertyDefinition() {
982 return PD_FORCE_CHANGE_ON_RESET;
983 }
984
985
986
987 /**
988 * Get the "grace-login-count" property definition.
989 * <p>
990 * Specifies the number of grace logins that a user is allowed after
991 * the account has expired to allow that user to choose a new
992 * password.
993 * <p>
994 * A value of 0 indicates that no grace logins are allowed.
995 *
996 * @return Returns the "grace-login-count" property definition.
997 */
998 public IntegerPropertyDefinition getGraceLoginCountPropertyDefinition() {
999 return PD_GRACE_LOGIN_COUNT;
1000 }
1001
1002
1003
1004 /**
1005 * Get the "idle-lockout-interval" property definition.
1006 * <p>
1007 * Specifies the maximum length of time that an account may remain
1008 * idle (that is, the associated user does not authenticate to the
1009 * server) before that user is locked out.
1010 * <p>
1011 * The value of this attribute is an integer followed by a unit of
1012 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1013 * indicates that idle accounts are not automatically locked out.
1014 * This feature is available only if the last login time is
1015 * maintained.
1016 *
1017 * @return Returns the "idle-lockout-interval" property definition.
1018 */
1019 public DurationPropertyDefinition getIdleLockoutIntervalPropertyDefinition() {
1020 return PD_IDLE_LOCKOUT_INTERVAL;
1021 }
1022
1023
1024
1025 /**
1026 * Get the "last-login-time-attribute" property definition.
1027 * <p>
1028 * Specifies the name or OID of the attribute type that is used to
1029 * hold the last login time for users with the associated password
1030 * policy.
1031 * <p>
1032 * This attribute type must be defined in the Directory Server
1033 * schema and must either be defined as an operational attribute or
1034 * must be allowed by the set of objectClasses for all users with the
1035 * associated password policy.
1036 *
1037 * @return Returns the "last-login-time-attribute" property definition.
1038 */
1039 public AttributeTypePropertyDefinition getLastLoginTimeAttributePropertyDefinition() {
1040 return PD_LAST_LOGIN_TIME_ATTRIBUTE;
1041 }
1042
1043
1044
1045 /**
1046 * Get the "last-login-time-format" property definition.
1047 * <p>
1048 * Specifies the format string that is used to generate the last
1049 * login time value for users with the associated password policy.
1050 * <p>
1051 * This format string conforms to the syntax described in the API
1052 * documentation for the java.text.SimpleDateFormat class.
1053 *
1054 * @return Returns the "last-login-time-format" property definition.
1055 */
1056 public StringPropertyDefinition getLastLoginTimeFormatPropertyDefinition() {
1057 return PD_LAST_LOGIN_TIME_FORMAT;
1058 }
1059
1060
1061
1062 /**
1063 * Get the "lockout-duration" property definition.
1064 * <p>
1065 * Specifies the length of time that an account is locked after too
1066 * many authentication failures.
1067 * <p>
1068 * The value of this attribute is an integer followed by a unit of
1069 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1070 * indicates that the account must remain locked until an
1071 * administrator resets the password.
1072 *
1073 * @return Returns the "lockout-duration" property definition.
1074 */
1075 public DurationPropertyDefinition getLockoutDurationPropertyDefinition() {
1076 return PD_LOCKOUT_DURATION;
1077 }
1078
1079
1080
1081 /**
1082 * Get the "lockout-failure-count" property definition.
1083 * <p>
1084 * Specifies the maximum number of authentication failures that a
1085 * user is allowed before the account is locked out.
1086 * <p>
1087 * A value of 0 indicates that accounts are never locked out due to
1088 * failed attempts.
1089 *
1090 * @return Returns the "lockout-failure-count" property definition.
1091 */
1092 public IntegerPropertyDefinition getLockoutFailureCountPropertyDefinition() {
1093 return PD_LOCKOUT_FAILURE_COUNT;
1094 }
1095
1096
1097
1098 /**
1099 * Get the "lockout-failure-expiration-interval" property definition.
1100 * <p>
1101 * Specifies the length of time before an authentication failure is
1102 * no longer counted against a user for the purposes of account
1103 * lockout.
1104 * <p>
1105 * The value of this attribute is an integer followed by a unit of
1106 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1107 * indicates that the authentication failures must never expire. The
1108 * failure count is always cleared upon a successful authentication.
1109 *
1110 * @return Returns the "lockout-failure-expiration-interval" property definition.
1111 */
1112 public DurationPropertyDefinition getLockoutFailureExpirationIntervalPropertyDefinition() {
1113 return PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
1114 }
1115
1116
1117
1118 /**
1119 * Get the "max-password-age" property definition.
1120 * <p>
1121 * Specifies the maximum length of time that a user can continue
1122 * using the same password before it must be changed (that is, the
1123 * password expiration interval).
1124 * <p>
1125 * The value of this attribute is an integer followed by a unit of
1126 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1127 * disables password expiration.
1128 *
1129 * @return Returns the "max-password-age" property definition.
1130 */
1131 public DurationPropertyDefinition getMaxPasswordAgePropertyDefinition() {
1132 return PD_MAX_PASSWORD_AGE;
1133 }
1134
1135
1136
1137 /**
1138 * Get the "max-password-reset-age" property definition.
1139 * <p>
1140 * Specifies the maximum length of time that users have to change
1141 * passwords after they have been reset by an administrator before
1142 * they become locked.
1143 * <p>
1144 * The value of this attribute is an integer followed by a unit of
1145 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1146 * disables this feature.
1147 *
1148 * @return Returns the "max-password-reset-age" property definition.
1149 */
1150 public DurationPropertyDefinition getMaxPasswordResetAgePropertyDefinition() {
1151 return PD_MAX_PASSWORD_RESET_AGE;
1152 }
1153
1154
1155
1156 /**
1157 * Get the "min-password-age" property definition.
1158 * <p>
1159 * Specifies the minimum length of time after a password change
1160 * before the user is allowed to change the password again.
1161 * <p>
1162 * The value of this attribute is an integer followed by a unit of
1163 * seconds, minutes, hours, days, or weeks. This setting can be used
1164 * to prevent users from changing their passwords repeatedly over a
1165 * short period of time to flush an old password from the history so
1166 * that it can be re-used.
1167 *
1168 * @return Returns the "min-password-age" property definition.
1169 */
1170 public DurationPropertyDefinition getMinPasswordAgePropertyDefinition() {
1171 return PD_MIN_PASSWORD_AGE;
1172 }
1173
1174
1175
1176 /**
1177 * Get the "password-attribute" property definition.
1178 * <p>
1179 * Specifies the attribute type used to hold user passwords.
1180 * <p>
1181 * This attribute type must be defined in the server schema, and it
1182 * must have either the user password or auth password syntax.
1183 *
1184 * @return Returns the "password-attribute" property definition.
1185 */
1186 public AttributeTypePropertyDefinition getPasswordAttributePropertyDefinition() {
1187 return PD_PASSWORD_ATTRIBUTE;
1188 }
1189
1190
1191
1192 /**
1193 * Get the "password-change-requires-current-password" property definition.
1194 * <p>
1195 * Indicates whether user password changes must use the password
1196 * modify extended operation and must include the user's current
1197 * password before the change is allowed.
1198 *
1199 * @return Returns the "password-change-requires-current-password" property definition.
1200 */
1201 public BooleanPropertyDefinition getPasswordChangeRequiresCurrentPasswordPropertyDefinition() {
1202 return PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
1203 }
1204
1205
1206
1207 /**
1208 * Get the "password-expiration-warning-interval" property definition.
1209 * <p>
1210 * Specifies the maximum length of time before a user's password
1211 * actually expires that the server begins to include warning
1212 * notifications in bind responses for that user.
1213 * <p>
1214 * The value of this attribute is an integer followed by a unit of
1215 * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1216 * disables the warning interval.
1217 *
1218 * @return Returns the "password-expiration-warning-interval" property definition.
1219 */
1220 public DurationPropertyDefinition getPasswordExpirationWarningIntervalPropertyDefinition() {
1221 return PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
1222 }
1223
1224
1225
1226 /**
1227 * Get the "password-generator" property definition.
1228 * <p>
1229 * Specifies the name of the password generator that is used with
1230 * the associated password policy.
1231 * <p>
1232 * This is used in conjunction with the password modify extended
1233 * operation to generate a new password for a user when none was
1234 * provided in the request.
1235 *
1236 * @return Returns the "password-generator" property definition.
1237 */
1238 public AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> getPasswordGeneratorPropertyDefinition() {
1239 return PD_PASSWORD_GENERATOR;
1240 }
1241
1242
1243
1244 /**
1245 * Get the "password-history-count" property definition.
1246 * <p>
1247 * Specifies the maximum number of former passwords to maintain in
1248 * the password history.
1249 * <p>
1250 * When choosing a new password, the proposed password is checked to
1251 * ensure that it does not match the current password, nor any other
1252 * password in the history list. A value of zero indicates that
1253 * either no password history is to be maintained (if the password
1254 * history duration has a value of zero seconds), or that there is no
1255 * maximum number of passwords to maintain in the history (if the
1256 * password history duration has a value greater than zero seconds).
1257 *
1258 * @return Returns the "password-history-count" property definition.
1259 */
1260 public IntegerPropertyDefinition getPasswordHistoryCountPropertyDefinition() {
1261 return PD_PASSWORD_HISTORY_COUNT;
1262 }
1263
1264
1265
1266 /**
1267 * Get the "password-history-duration" property definition.
1268 * <p>
1269 * Specifies the maximum length of time that passwords remain in the
1270 * password history.
1271 * <p>
1272 * When choosing a new password, the proposed password is checked to
1273 * ensure that it does not match the current password, nor any other
1274 * password in the history list. A value of zero seconds indicates
1275 * that either no password history is to be maintained (if the
1276 * password history count has a value of zero), or that there is no
1277 * maximum duration for passwords in the history (if the password
1278 * history count has a value greater than zero).
1279 *
1280 * @return Returns the "password-history-duration" property definition.
1281 */
1282 public DurationPropertyDefinition getPasswordHistoryDurationPropertyDefinition() {
1283 return PD_PASSWORD_HISTORY_DURATION;
1284 }
1285
1286
1287
1288 /**
1289 * Get the "password-validator" property definition.
1290 * <p>
1291 * Specifies the names of the password validators that are used with
1292 * the associated password storage scheme.
1293 * <p>
1294 * The password validators are invoked when a user attempts to
1295 * provide a new password, to determine whether the new password is
1296 * acceptable.
1297 *
1298 * @return Returns the "password-validator" property definition.
1299 */
1300 public AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> getPasswordValidatorPropertyDefinition() {
1301 return PD_PASSWORD_VALIDATOR;
1302 }
1303
1304
1305
1306 /**
1307 * Get the "previous-last-login-time-format" property definition.
1308 * <p>
1309 * Specifies the format string(s) that might have been used with the
1310 * last login time at any point in the past for users associated with
1311 * the password policy.
1312 * <p>
1313 * These values are used to make it possible to parse previous
1314 * values, but are not used to set new values. The format strings
1315 * conform to the syntax described in the API documentation for the
1316 * java.text.SimpleDateFormat class.
1317 *
1318 * @return Returns the "previous-last-login-time-format" property definition.
1319 */
1320 public StringPropertyDefinition getPreviousLastLoginTimeFormatPropertyDefinition() {
1321 return PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
1322 }
1323
1324
1325
1326 /**
1327 * Get the "require-change-by-time" property definition.
1328 * <p>
1329 * Specifies the time by which all users with the associated
1330 * password policy must change their passwords.
1331 * <p>
1332 * The value is expressed in a generalized time format. If this time
1333 * is equal to the current time or is in the past, then all users are
1334 * required to change their passwords immediately. The behavior of
1335 * the server in this mode is identical to the behavior observed when
1336 * users are forced to change their passwords after an administrative
1337 * reset.
1338 *
1339 * @return Returns the "require-change-by-time" property definition.
1340 */
1341 public StringPropertyDefinition getRequireChangeByTimePropertyDefinition() {
1342 return PD_REQUIRE_CHANGE_BY_TIME;
1343 }
1344
1345
1346
1347 /**
1348 * Get the "require-secure-authentication" property definition.
1349 * <p>
1350 * Indicates whether users with the associated password policy are
1351 * required to authenticate in a secure manner.
1352 * <p>
1353 * This might mean either using a secure communication channel
1354 * between the client and the server, or using a SASL mechanism that
1355 * does not expose the credentials.
1356 *
1357 * @return Returns the "require-secure-authentication" property definition.
1358 */
1359 public BooleanPropertyDefinition getRequireSecureAuthenticationPropertyDefinition() {
1360 return PD_REQUIRE_SECURE_AUTHENTICATION;
1361 }
1362
1363
1364
1365 /**
1366 * Get the "require-secure-password-changes" property definition.
1367 * <p>
1368 * Indicates whether users with the associated password policy are
1369 * required to change their password in a secure manner that does not
1370 * expose the credentials.
1371 *
1372 * @return Returns the "require-secure-password-changes" property definition.
1373 */
1374 public BooleanPropertyDefinition getRequireSecurePasswordChangesPropertyDefinition() {
1375 return PD_REQUIRE_SECURE_PASSWORD_CHANGES;
1376 }
1377
1378
1379
1380 /**
1381 * Get the "skip-validation-for-administrators" property definition.
1382 * <p>
1383 * Indicates whether passwords set by administrators are allowed to
1384 * bypass the password validation process that is required for user
1385 * password changes.
1386 *
1387 * @return Returns the "skip-validation-for-administrators" property definition.
1388 */
1389 public BooleanPropertyDefinition getSkipValidationForAdministratorsPropertyDefinition() {
1390 return PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
1391 }
1392
1393
1394
1395 /**
1396 * Get the "state-update-failure-policy" property definition.
1397 * <p>
1398 * Specifies how the server deals with the inability to update
1399 * password policy state information during an authentication
1400 * attempt.
1401 * <p>
1402 * In particular, this property can be used to control whether an
1403 * otherwise successful bind operation fails if a failure occurs
1404 * while attempting to update password policy state information (for
1405 * example, to clear a record of previous authentication failures or
1406 * to update the last login time). It can also be used to control
1407 * whether to reject a bind request if it is known ahead of time that
1408 * it will not be possible to update the authentication failure times
1409 * in the event of an unsuccessful bind attempt (for example, if the
1410 * backend writability mode is disabled).
1411 *
1412 * @return Returns the "state-update-failure-policy" property definition.
1413 */
1414 public EnumPropertyDefinition<StateUpdateFailurePolicy> getStateUpdateFailurePolicyPropertyDefinition() {
1415 return PD_STATE_UPDATE_FAILURE_POLICY;
1416 }
1417
1418
1419
1420 /**
1421 * Managed object client implementation.
1422 */
1423 private static class PasswordPolicyCfgClientImpl implements
1424 PasswordPolicyCfgClient {
1425
1426 // Private implementation.
1427 private ManagedObject<? extends PasswordPolicyCfgClient> impl;
1428
1429
1430
1431 // Private constructor.
1432 private PasswordPolicyCfgClientImpl(
1433 ManagedObject<? extends PasswordPolicyCfgClient> impl) {
1434 this.impl = impl;
1435 }
1436
1437
1438
1439 /**
1440 * {@inheritDoc}
1441 */
1442 public SortedSet<String> getAccountStatusNotificationHandler() {
1443 return impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
1444 }
1445
1446
1447
1448 /**
1449 * {@inheritDoc}
1450 */
1451 public void setAccountStatusNotificationHandler(Collection<String> values) {
1452 impl.setPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition(), values);
1453 }
1454
1455
1456
1457 /**
1458 * {@inheritDoc}
1459 */
1460 public boolean isAllowExpiredPasswordChanges() {
1461 return impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
1462 }
1463
1464
1465
1466 /**
1467 * {@inheritDoc}
1468 */
1469 public void setAllowExpiredPasswordChanges(Boolean value) {
1470 impl.setPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition(), value);
1471 }
1472
1473
1474
1475 /**
1476 * {@inheritDoc}
1477 */
1478 public boolean isAllowMultiplePasswordValues() {
1479 return impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
1480 }
1481
1482
1483
1484 /**
1485 * {@inheritDoc}
1486 */
1487 public void setAllowMultiplePasswordValues(Boolean value) {
1488 impl.setPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition(), value);
1489 }
1490
1491
1492
1493 /**
1494 * {@inheritDoc}
1495 */
1496 public boolean isAllowPreEncodedPasswords() {
1497 return impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
1498 }
1499
1500
1501
1502 /**
1503 * {@inheritDoc}
1504 */
1505 public void setAllowPreEncodedPasswords(Boolean value) {
1506 impl.setPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition(), value);
1507 }
1508
1509
1510
1511 /**
1512 * {@inheritDoc}
1513 */
1514 public boolean isAllowUserPasswordChanges() {
1515 return impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
1516 }
1517
1518
1519
1520 /**
1521 * {@inheritDoc}
1522 */
1523 public void setAllowUserPasswordChanges(Boolean value) {
1524 impl.setPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition(), value);
1525 }
1526
1527
1528
1529 /**
1530 * {@inheritDoc}
1531 */
1532 public SortedSet<String> getDefaultPasswordStorageScheme() {
1533 return impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
1534 }
1535
1536
1537
1538 /**
1539 * {@inheritDoc}
1540 */
1541 public void setDefaultPasswordStorageScheme(Collection<String> values) {
1542 impl.setPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition(), values);
1543 }
1544
1545
1546
1547 /**
1548 * {@inheritDoc}
1549 */
1550 public SortedSet<String> getDeprecatedPasswordStorageScheme() {
1551 return impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
1552 }
1553
1554
1555
1556 /**
1557 * {@inheritDoc}
1558 */
1559 public void setDeprecatedPasswordStorageScheme(Collection<String> values) {
1560 impl.setPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition(), values);
1561 }
1562
1563
1564
1565 /**
1566 * {@inheritDoc}
1567 */
1568 public boolean isExpirePasswordsWithoutWarning() {
1569 return impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
1570 }
1571
1572
1573
1574 /**
1575 * {@inheritDoc}
1576 */
1577 public void setExpirePasswordsWithoutWarning(Boolean value) {
1578 impl.setPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition(), value);
1579 }
1580
1581
1582
1583 /**
1584 * {@inheritDoc}
1585 */
1586 public boolean isForceChangeOnAdd() {
1587 return impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
1588 }
1589
1590
1591
1592 /**
1593 * {@inheritDoc}
1594 */
1595 public void setForceChangeOnAdd(Boolean value) {
1596 impl.setPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition(), value);
1597 }
1598
1599
1600
1601 /**
1602 * {@inheritDoc}
1603 */
1604 public boolean isForceChangeOnReset() {
1605 return impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
1606 }
1607
1608
1609
1610 /**
1611 * {@inheritDoc}
1612 */
1613 public void setForceChangeOnReset(Boolean value) {
1614 impl.setPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition(), value);
1615 }
1616
1617
1618
1619 /**
1620 * {@inheritDoc}
1621 */
1622 public int getGraceLoginCount() {
1623 return impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
1624 }
1625
1626
1627
1628 /**
1629 * {@inheritDoc}
1630 */
1631 public void setGraceLoginCount(Integer value) {
1632 impl.setPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition(), value);
1633 }
1634
1635
1636
1637 /**
1638 * {@inheritDoc}
1639 */
1640 public long getIdleLockoutInterval() {
1641 return impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
1642 }
1643
1644
1645
1646 /**
1647 * {@inheritDoc}
1648 */
1649 public void setIdleLockoutInterval(Long value) {
1650 impl.setPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition(), value);
1651 }
1652
1653
1654
1655 /**
1656 * {@inheritDoc}
1657 */
1658 public AttributeType getLastLoginTimeAttribute() {
1659 return impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
1660 }
1661
1662
1663
1664 /**
1665 * {@inheritDoc}
1666 */
1667 public void setLastLoginTimeAttribute(AttributeType value) {
1668 impl.setPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition(), value);
1669 }
1670
1671
1672
1673 /**
1674 * {@inheritDoc}
1675 */
1676 public String getLastLoginTimeFormat() {
1677 return impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
1678 }
1679
1680
1681
1682 /**
1683 * {@inheritDoc}
1684 */
1685 public void setLastLoginTimeFormat(String value) {
1686 impl.setPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition(), value);
1687 }
1688
1689
1690
1691 /**
1692 * {@inheritDoc}
1693 */
1694 public long getLockoutDuration() {
1695 return impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
1696 }
1697
1698
1699
1700 /**
1701 * {@inheritDoc}
1702 */
1703 public void setLockoutDuration(Long value) {
1704 impl.setPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition(), value);
1705 }
1706
1707
1708
1709 /**
1710 * {@inheritDoc}
1711 */
1712 public int getLockoutFailureCount() {
1713 return impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
1714 }
1715
1716
1717
1718 /**
1719 * {@inheritDoc}
1720 */
1721 public void setLockoutFailureCount(Integer value) {
1722 impl.setPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition(), value);
1723 }
1724
1725
1726
1727 /**
1728 * {@inheritDoc}
1729 */
1730 public long getLockoutFailureExpirationInterval() {
1731 return impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
1732 }
1733
1734
1735
1736 /**
1737 * {@inheritDoc}
1738 */
1739 public void setLockoutFailureExpirationInterval(Long value) {
1740 impl.setPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition(), value);
1741 }
1742
1743
1744
1745 /**
1746 * {@inheritDoc}
1747 */
1748 public long getMaxPasswordAge() {
1749 return impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
1750 }
1751
1752
1753
1754 /**
1755 * {@inheritDoc}
1756 */
1757 public void setMaxPasswordAge(Long value) {
1758 impl.setPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition(), value);
1759 }
1760
1761
1762
1763 /**
1764 * {@inheritDoc}
1765 */
1766 public long getMaxPasswordResetAge() {
1767 return impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
1768 }
1769
1770
1771
1772 /**
1773 * {@inheritDoc}
1774 */
1775 public void setMaxPasswordResetAge(Long value) {
1776 impl.setPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition(), value);
1777 }
1778
1779
1780
1781 /**
1782 * {@inheritDoc}
1783 */
1784 public long getMinPasswordAge() {
1785 return impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
1786 }
1787
1788
1789
1790 /**
1791 * {@inheritDoc}
1792 */
1793 public void setMinPasswordAge(Long value) {
1794 impl.setPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition(), value);
1795 }
1796
1797
1798
1799 /**
1800 * {@inheritDoc}
1801 */
1802 public AttributeType getPasswordAttribute() {
1803 return impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
1804 }
1805
1806
1807
1808 /**
1809 * {@inheritDoc}
1810 */
1811 public void setPasswordAttribute(AttributeType value) {
1812 impl.setPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition(), value);
1813 }
1814
1815
1816
1817 /**
1818 * {@inheritDoc}
1819 */
1820 public boolean isPasswordChangeRequiresCurrentPassword() {
1821 return impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
1822 }
1823
1824
1825
1826 /**
1827 * {@inheritDoc}
1828 */
1829 public void setPasswordChangeRequiresCurrentPassword(Boolean value) {
1830 impl.setPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition(), value);
1831 }
1832
1833
1834
1835 /**
1836 * {@inheritDoc}
1837 */
1838 public long getPasswordExpirationWarningInterval() {
1839 return impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
1840 }
1841
1842
1843
1844 /**
1845 * {@inheritDoc}
1846 */
1847 public void setPasswordExpirationWarningInterval(Long value) {
1848 impl.setPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition(), value);
1849 }
1850
1851
1852
1853 /**
1854 * {@inheritDoc}
1855 */
1856 public String getPasswordGenerator() {
1857 return impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
1858 }
1859
1860
1861
1862 /**
1863 * {@inheritDoc}
1864 */
1865 public void setPasswordGenerator(String value) {
1866 impl.setPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition(), value);
1867 }
1868
1869
1870
1871 /**
1872 * {@inheritDoc}
1873 */
1874 public int getPasswordHistoryCount() {
1875 return impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
1876 }
1877
1878
1879
1880 /**
1881 * {@inheritDoc}
1882 */
1883 public void setPasswordHistoryCount(Integer value) {
1884 impl.setPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition(), value);
1885 }
1886
1887
1888
1889 /**
1890 * {@inheritDoc}
1891 */
1892 public long getPasswordHistoryDuration() {
1893 return impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
1894 }
1895
1896
1897
1898 /**
1899 * {@inheritDoc}
1900 */
1901 public void setPasswordHistoryDuration(Long value) {
1902 impl.setPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition(), value);
1903 }
1904
1905
1906
1907 /**
1908 * {@inheritDoc}
1909 */
1910 public SortedSet<String> getPasswordValidator() {
1911 return impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
1912 }
1913
1914
1915
1916 /**
1917 * {@inheritDoc}
1918 */
1919 public void setPasswordValidator(Collection<String> values) {
1920 impl.setPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition(), values);
1921 }
1922
1923
1924
1925 /**
1926 * {@inheritDoc}
1927 */
1928 public SortedSet<String> getPreviousLastLoginTimeFormat() {
1929 return impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
1930 }
1931
1932
1933
1934 /**
1935 * {@inheritDoc}
1936 */
1937 public void setPreviousLastLoginTimeFormat(Collection<String> values) {
1938 impl.setPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition(), values);
1939 }
1940
1941
1942
1943 /**
1944 * {@inheritDoc}
1945 */
1946 public String getRequireChangeByTime() {
1947 return impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
1948 }
1949
1950
1951
1952 /**
1953 * {@inheritDoc}
1954 */
1955 public void setRequireChangeByTime(String value) {
1956 impl.setPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition(), value);
1957 }
1958
1959
1960
1961 /**
1962 * {@inheritDoc}
1963 */
1964 public boolean isRequireSecureAuthentication() {
1965 return impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
1966 }
1967
1968
1969
1970 /**
1971 * {@inheritDoc}
1972 */
1973 public void setRequireSecureAuthentication(Boolean value) {
1974 impl.setPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition(), value);
1975 }
1976
1977
1978
1979 /**
1980 * {@inheritDoc}
1981 */
1982 public boolean isRequireSecurePasswordChanges() {
1983 return impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
1984 }
1985
1986
1987
1988 /**
1989 * {@inheritDoc}
1990 */
1991 public void setRequireSecurePasswordChanges(Boolean value) {
1992 impl.setPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition(), value);
1993 }
1994
1995
1996
1997 /**
1998 * {@inheritDoc}
1999 */
2000 public boolean isSkipValidationForAdministrators() {
2001 return impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2002 }
2003
2004
2005
2006 /**
2007 * {@inheritDoc}
2008 */
2009 public void setSkipValidationForAdministrators(Boolean value) {
2010 impl.setPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition(), value);
2011 }
2012
2013
2014
2015 /**
2016 * {@inheritDoc}
2017 */
2018 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2019 return impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2020 }
2021
2022
2023
2024 /**
2025 * {@inheritDoc}
2026 */
2027 public void setStateUpdateFailurePolicy(StateUpdateFailurePolicy value) {
2028 impl.setPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition(), value);
2029 }
2030
2031
2032
2033 /**
2034 * {@inheritDoc}
2035 */
2036 public ManagedObjectDefinition<? extends PasswordPolicyCfgClient, ? extends PasswordPolicyCfg> definition() {
2037 return INSTANCE;
2038 }
2039
2040
2041
2042 /**
2043 * {@inheritDoc}
2044 */
2045 public PropertyProvider properties() {
2046 return impl;
2047 }
2048
2049
2050
2051 /**
2052 * {@inheritDoc}
2053 */
2054 public void commit() throws ManagedObjectAlreadyExistsException,
2055 MissingMandatoryPropertiesException, ConcurrentModificationException,
2056 OperationRejectedException, AuthorizationException,
2057 CommunicationException {
2058 impl.commit();
2059 }
2060
2061 }
2062
2063
2064
2065 /**
2066 * Managed object server implementation.
2067 */
2068 private static class PasswordPolicyCfgServerImpl implements
2069 PasswordPolicyCfg {
2070
2071 // Private implementation.
2072 private ServerManagedObject<? extends PasswordPolicyCfg> impl;
2073
2074 // The value of the "account-status-notification-handler" property.
2075 private final SortedSet<String> pAccountStatusNotificationHandler;
2076
2077 // The value of the "allow-expired-password-changes" property.
2078 private final boolean pAllowExpiredPasswordChanges;
2079
2080 // The value of the "allow-multiple-password-values" property.
2081 private final boolean pAllowMultiplePasswordValues;
2082
2083 // The value of the "allow-pre-encoded-passwords" property.
2084 private final boolean pAllowPreEncodedPasswords;
2085
2086 // The value of the "allow-user-password-changes" property.
2087 private final boolean pAllowUserPasswordChanges;
2088
2089 // The value of the "default-password-storage-scheme" property.
2090 private final SortedSet<String> pDefaultPasswordStorageScheme;
2091
2092 // The value of the "deprecated-password-storage-scheme" property.
2093 private final SortedSet<String> pDeprecatedPasswordStorageScheme;
2094
2095 // The value of the "expire-passwords-without-warning" property.
2096 private final boolean pExpirePasswordsWithoutWarning;
2097
2098 // The value of the "force-change-on-add" property.
2099 private final boolean pForceChangeOnAdd;
2100
2101 // The value of the "force-change-on-reset" property.
2102 private final boolean pForceChangeOnReset;
2103
2104 // The value of the "grace-login-count" property.
2105 private final int pGraceLoginCount;
2106
2107 // The value of the "idle-lockout-interval" property.
2108 private final long pIdleLockoutInterval;
2109
2110 // The value of the "last-login-time-attribute" property.
2111 private final AttributeType pLastLoginTimeAttribute;
2112
2113 // The value of the "last-login-time-format" property.
2114 private final String pLastLoginTimeFormat;
2115
2116 // The value of the "lockout-duration" property.
2117 private final long pLockoutDuration;
2118
2119 // The value of the "lockout-failure-count" property.
2120 private final int pLockoutFailureCount;
2121
2122 // The value of the "lockout-failure-expiration-interval" property.
2123 private final long pLockoutFailureExpirationInterval;
2124
2125 // The value of the "max-password-age" property.
2126 private final long pMaxPasswordAge;
2127
2128 // The value of the "max-password-reset-age" property.
2129 private final long pMaxPasswordResetAge;
2130
2131 // The value of the "min-password-age" property.
2132 private final long pMinPasswordAge;
2133
2134 // The value of the "password-attribute" property.
2135 private final AttributeType pPasswordAttribute;
2136
2137 // The value of the "password-change-requires-current-password" property.
2138 private final boolean pPasswordChangeRequiresCurrentPassword;
2139
2140 // The value of the "password-expiration-warning-interval" property.
2141 private final long pPasswordExpirationWarningInterval;
2142
2143 // The value of the "password-generator" property.
2144 private final String pPasswordGenerator;
2145
2146 // The value of the "password-history-count" property.
2147 private final int pPasswordHistoryCount;
2148
2149 // The value of the "password-history-duration" property.
2150 private final long pPasswordHistoryDuration;
2151
2152 // The value of the "password-validator" property.
2153 private final SortedSet<String> pPasswordValidator;
2154
2155 // The value of the "previous-last-login-time-format" property.
2156 private final SortedSet<String> pPreviousLastLoginTimeFormat;
2157
2158 // The value of the "require-change-by-time" property.
2159 private final String pRequireChangeByTime;
2160
2161 // The value of the "require-secure-authentication" property.
2162 private final boolean pRequireSecureAuthentication;
2163
2164 // The value of the "require-secure-password-changes" property.
2165 private final boolean pRequireSecurePasswordChanges;
2166
2167 // The value of the "skip-validation-for-administrators" property.
2168 private final boolean pSkipValidationForAdministrators;
2169
2170 // The value of the "state-update-failure-policy" property.
2171 private final StateUpdateFailurePolicy pStateUpdateFailurePolicy;
2172
2173
2174
2175 // Private constructor.
2176 private PasswordPolicyCfgServerImpl(ServerManagedObject<? extends PasswordPolicyCfg> impl) {
2177 this.impl = impl;
2178 this.pAccountStatusNotificationHandler = impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
2179 this.pAllowExpiredPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
2180 this.pAllowMultiplePasswordValues = impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
2181 this.pAllowPreEncodedPasswords = impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
2182 this.pAllowUserPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
2183 this.pDefaultPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
2184 this.pDeprecatedPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
2185 this.pExpirePasswordsWithoutWarning = impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
2186 this.pForceChangeOnAdd = impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
2187 this.pForceChangeOnReset = impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
2188 this.pGraceLoginCount = impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
2189 this.pIdleLockoutInterval = impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
2190 this.pLastLoginTimeAttribute = impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
2191 this.pLastLoginTimeFormat = impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
2192 this.pLockoutDuration = impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
2193 this.pLockoutFailureCount = impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
2194 this.pLockoutFailureExpirationInterval = impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
2195 this.pMaxPasswordAge = impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
2196 this.pMaxPasswordResetAge = impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
2197 this.pMinPasswordAge = impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
2198 this.pPasswordAttribute = impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
2199 this.pPasswordChangeRequiresCurrentPassword = impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
2200 this.pPasswordExpirationWarningInterval = impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
2201 this.pPasswordGenerator = impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
2202 this.pPasswordHistoryCount = impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
2203 this.pPasswordHistoryDuration = impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
2204 this.pPasswordValidator = impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
2205 this.pPreviousLastLoginTimeFormat = impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
2206 this.pRequireChangeByTime = impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
2207 this.pRequireSecureAuthentication = impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
2208 this.pRequireSecurePasswordChanges = impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
2209 this.pSkipValidationForAdministrators = impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2210 this.pStateUpdateFailurePolicy = impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2211 }
2212
2213
2214
2215 /**
2216 * {@inheritDoc}
2217 */
2218 public void addChangeListener(
2219 ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2220 impl.registerChangeListener(listener);
2221 }
2222
2223
2224
2225 /**
2226 * {@inheritDoc}
2227 */
2228 public void removeChangeListener(
2229 ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2230 impl.deregisterChangeListener(listener);
2231 }
2232
2233
2234
2235 /**
2236 * {@inheritDoc}
2237 */
2238 public SortedSet<String> getAccountStatusNotificationHandler() {
2239 return pAccountStatusNotificationHandler;
2240 }
2241
2242
2243
2244 /**
2245 * {@inheritDoc}
2246 */
2247 public SortedSet<DN> getAccountStatusNotificationHandlerDNs() {
2248 SortedSet<String> values = getAccountStatusNotificationHandler();
2249 SortedSet<DN> dnValues = new TreeSet<DN>();
2250 for (String value : values) {
2251 DN dn = INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition().getChildDN(value);
2252 dnValues.add(dn);
2253 }
2254 return dnValues;
2255 }
2256
2257
2258
2259 /**
2260 * {@inheritDoc}
2261 */
2262 public boolean isAllowExpiredPasswordChanges() {
2263 return pAllowExpiredPasswordChanges;
2264 }
2265
2266
2267
2268 /**
2269 * {@inheritDoc}
2270 */
2271 public boolean isAllowMultiplePasswordValues() {
2272 return pAllowMultiplePasswordValues;
2273 }
2274
2275
2276
2277 /**
2278 * {@inheritDoc}
2279 */
2280 public boolean isAllowPreEncodedPasswords() {
2281 return pAllowPreEncodedPasswords;
2282 }
2283
2284
2285
2286 /**
2287 * {@inheritDoc}
2288 */
2289 public boolean isAllowUserPasswordChanges() {
2290 return pAllowUserPasswordChanges;
2291 }
2292
2293
2294
2295 /**
2296 * {@inheritDoc}
2297 */
2298 public SortedSet<String> getDefaultPasswordStorageScheme() {
2299 return pDefaultPasswordStorageScheme;
2300 }
2301
2302
2303
2304 /**
2305 * {@inheritDoc}
2306 */
2307 public SortedSet<DN> getDefaultPasswordStorageSchemeDNs() {
2308 SortedSet<String> values = getDefaultPasswordStorageScheme();
2309 SortedSet<DN> dnValues = new TreeSet<DN>();
2310 for (String value : values) {
2311 DN dn = INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition().getChildDN(value);
2312 dnValues.add(dn);
2313 }
2314 return dnValues;
2315 }
2316
2317
2318
2319 /**
2320 * {@inheritDoc}
2321 */
2322 public SortedSet<String> getDeprecatedPasswordStorageScheme() {
2323 return pDeprecatedPasswordStorageScheme;
2324 }
2325
2326
2327
2328 /**
2329 * {@inheritDoc}
2330 */
2331 public SortedSet<DN> getDeprecatedPasswordStorageSchemeDNs() {
2332 SortedSet<String> values = getDeprecatedPasswordStorageScheme();
2333 SortedSet<DN> dnValues = new TreeSet<DN>();
2334 for (String value : values) {
2335 DN dn = INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition().getChildDN(value);
2336 dnValues.add(dn);
2337 }
2338 return dnValues;
2339 }
2340
2341
2342
2343 /**
2344 * {@inheritDoc}
2345 */
2346 public boolean isExpirePasswordsWithoutWarning() {
2347 return pExpirePasswordsWithoutWarning;
2348 }
2349
2350
2351
2352 /**
2353 * {@inheritDoc}
2354 */
2355 public boolean isForceChangeOnAdd() {
2356 return pForceChangeOnAdd;
2357 }
2358
2359
2360
2361 /**
2362 * {@inheritDoc}
2363 */
2364 public boolean isForceChangeOnReset() {
2365 return pForceChangeOnReset;
2366 }
2367
2368
2369
2370 /**
2371 * {@inheritDoc}
2372 */
2373 public int getGraceLoginCount() {
2374 return pGraceLoginCount;
2375 }
2376
2377
2378
2379 /**
2380 * {@inheritDoc}
2381 */
2382 public long getIdleLockoutInterval() {
2383 return pIdleLockoutInterval;
2384 }
2385
2386
2387
2388 /**
2389 * {@inheritDoc}
2390 */
2391 public AttributeType getLastLoginTimeAttribute() {
2392 return pLastLoginTimeAttribute;
2393 }
2394
2395
2396
2397 /**
2398 * {@inheritDoc}
2399 */
2400 public String getLastLoginTimeFormat() {
2401 return pLastLoginTimeFormat;
2402 }
2403
2404
2405
2406 /**
2407 * {@inheritDoc}
2408 */
2409 public long getLockoutDuration() {
2410 return pLockoutDuration;
2411 }
2412
2413
2414
2415 /**
2416 * {@inheritDoc}
2417 */
2418 public int getLockoutFailureCount() {
2419 return pLockoutFailureCount;
2420 }
2421
2422
2423
2424 /**
2425 * {@inheritDoc}
2426 */
2427 public long getLockoutFailureExpirationInterval() {
2428 return pLockoutFailureExpirationInterval;
2429 }
2430
2431
2432
2433 /**
2434 * {@inheritDoc}
2435 */
2436 public long getMaxPasswordAge() {
2437 return pMaxPasswordAge;
2438 }
2439
2440
2441
2442 /**
2443 * {@inheritDoc}
2444 */
2445 public long getMaxPasswordResetAge() {
2446 return pMaxPasswordResetAge;
2447 }
2448
2449
2450
2451 /**
2452 * {@inheritDoc}
2453 */
2454 public long getMinPasswordAge() {
2455 return pMinPasswordAge;
2456 }
2457
2458
2459
2460 /**
2461 * {@inheritDoc}
2462 */
2463 public AttributeType getPasswordAttribute() {
2464 return pPasswordAttribute;
2465 }
2466
2467
2468
2469 /**
2470 * {@inheritDoc}
2471 */
2472 public boolean isPasswordChangeRequiresCurrentPassword() {
2473 return pPasswordChangeRequiresCurrentPassword;
2474 }
2475
2476
2477
2478 /**
2479 * {@inheritDoc}
2480 */
2481 public long getPasswordExpirationWarningInterval() {
2482 return pPasswordExpirationWarningInterval;
2483 }
2484
2485
2486
2487 /**
2488 * {@inheritDoc}
2489 */
2490 public String getPasswordGenerator() {
2491 return pPasswordGenerator;
2492 }
2493
2494
2495
2496 /**
2497 * {@inheritDoc}
2498 */
2499 public DN getPasswordGeneratorDN() {
2500 String value = getPasswordGenerator();
2501 if (value == null) return null;
2502 return INSTANCE.getPasswordGeneratorPropertyDefinition().getChildDN(value);
2503 }
2504
2505
2506
2507 /**
2508 * {@inheritDoc}
2509 */
2510 public int getPasswordHistoryCount() {
2511 return pPasswordHistoryCount;
2512 }
2513
2514
2515
2516 /**
2517 * {@inheritDoc}
2518 */
2519 public long getPasswordHistoryDuration() {
2520 return pPasswordHistoryDuration;
2521 }
2522
2523
2524
2525 /**
2526 * {@inheritDoc}
2527 */
2528 public SortedSet<String> getPasswordValidator() {
2529 return pPasswordValidator;
2530 }
2531
2532
2533
2534 /**
2535 * {@inheritDoc}
2536 */
2537 public SortedSet<DN> getPasswordValidatorDNs() {
2538 SortedSet<String> values = getPasswordValidator();
2539 SortedSet<DN> dnValues = new TreeSet<DN>();
2540 for (String value : values) {
2541 DN dn = INSTANCE.getPasswordValidatorPropertyDefinition().getChildDN(value);
2542 dnValues.add(dn);
2543 }
2544 return dnValues;
2545 }
2546
2547
2548
2549 /**
2550 * {@inheritDoc}
2551 */
2552 public SortedSet<String> getPreviousLastLoginTimeFormat() {
2553 return pPreviousLastLoginTimeFormat;
2554 }
2555
2556
2557
2558 /**
2559 * {@inheritDoc}
2560 */
2561 public String getRequireChangeByTime() {
2562 return pRequireChangeByTime;
2563 }
2564
2565
2566
2567 /**
2568 * {@inheritDoc}
2569 */
2570 public boolean isRequireSecureAuthentication() {
2571 return pRequireSecureAuthentication;
2572 }
2573
2574
2575
2576 /**
2577 * {@inheritDoc}
2578 */
2579 public boolean isRequireSecurePasswordChanges() {
2580 return pRequireSecurePasswordChanges;
2581 }
2582
2583
2584
2585 /**
2586 * {@inheritDoc}
2587 */
2588 public boolean isSkipValidationForAdministrators() {
2589 return pSkipValidationForAdministrators;
2590 }
2591
2592
2593
2594 /**
2595 * {@inheritDoc}
2596 */
2597 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2598 return pStateUpdateFailurePolicy;
2599 }
2600
2601
2602
2603 /**
2604 * {@inheritDoc}
2605 */
2606 public Class<? extends PasswordPolicyCfg> configurationClass() {
2607 return PasswordPolicyCfg.class;
2608 }
2609
2610
2611
2612 /**
2613 * {@inheritDoc}
2614 */
2615 public DN dn() {
2616 return impl.getDN();
2617 }
2618
2619 }
2620 }