001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.opends.server.admin.std.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import java.util.TreeSet;
033import org.opends.server.admin.AdministratorAction;
034import org.opends.server.admin.AggregationPropertyDefinition;
035import org.opends.server.admin.AttributeTypePropertyDefinition;
036import org.opends.server.admin.BooleanPropertyDefinition;
037import org.opends.server.admin.ClassPropertyDefinition;
038import org.opends.server.admin.client.AuthorizationException;
039import org.opends.server.admin.client.CommunicationException;
040import org.opends.server.admin.client.ConcurrentModificationException;
041import org.opends.server.admin.client.ManagedObject;
042import org.opends.server.admin.client.MissingMandatoryPropertiesException;
043import org.opends.server.admin.client.OperationRejectedException;
044import org.opends.server.admin.condition.Conditions;
045import org.opends.server.admin.DefaultBehaviorProvider;
046import org.opends.server.admin.DefinedDefaultBehaviorProvider;
047import org.opends.server.admin.DurationPropertyDefinition;
048import org.opends.server.admin.EnumPropertyDefinition;
049import org.opends.server.admin.IntegerPropertyDefinition;
050import org.opends.server.admin.ManagedObjectAlreadyExistsException;
051import org.opends.server.admin.ManagedObjectDefinition;
052import org.opends.server.admin.PropertyOption;
053import org.opends.server.admin.PropertyProvider;
054import org.opends.server.admin.server.ConfigurationChangeListener;
055import org.opends.server.admin.server.ServerManagedObject;
056import org.opends.server.admin.std.client.AccountStatusNotificationHandlerCfgClient;
057import org.opends.server.admin.std.client.PasswordGeneratorCfgClient;
058import org.opends.server.admin.std.client.PasswordPolicyCfgClient;
059import org.opends.server.admin.std.client.PasswordStorageSchemeCfgClient;
060import org.opends.server.admin.std.client.PasswordValidatorCfgClient;
061import org.opends.server.admin.std.server.AccountStatusNotificationHandlerCfg;
062import org.opends.server.admin.std.server.AuthenticationPolicyCfg;
063import org.opends.server.admin.std.server.PasswordGeneratorCfg;
064import org.opends.server.admin.std.server.PasswordPolicyCfg;
065import org.opends.server.admin.std.server.PasswordStorageSchemeCfg;
066import org.opends.server.admin.std.server.PasswordValidatorCfg;
067import org.opends.server.admin.StringPropertyDefinition;
068import org.opends.server.admin.Tag;
069import org.opends.server.admin.UndefinedDefaultBehaviorProvider;
070import org.opends.server.types.AttributeType;
071import org.opends.server.types.DN;
072
073
074
075/**
076 * An interface for querying the Password Policy managed object
077 * definition meta information.
078 * <p>
079 * Password Policies define a number of password management rules, as
080 * well as requirements for authentication processing.
081 */
082public final class PasswordPolicyCfgDefn extends ManagedObjectDefinition<PasswordPolicyCfgClient, PasswordPolicyCfg> {
083
084  // The singleton configuration definition instance.
085  private static final PasswordPolicyCfgDefn INSTANCE = new PasswordPolicyCfgDefn();
086
087
088
089  /**
090   * Defines the set of permissable values for the "state-update-failure-policy" property.
091   * <p>
092   * Specifies how the server deals with the inability to update
093   * password policy state information during an authentication
094   * attempt.
095   * <p>
096   * In particular, this property can be used to control whether an
097   * otherwise successful bind operation fails if a failure occurs
098   * while attempting to update password policy state information (for
099   * example, to clear a record of previous authentication failures or
100   * to update the last login time). It can also be used to control
101   * whether to reject a bind request if it is known ahead of time that
102   * it will not be possible to update the authentication failure times
103   * in the event of an unsuccessful bind attempt (for example, if the
104   * backend writability mode is disabled).
105   */
106  public static enum StateUpdateFailurePolicy {
107
108    /**
109     * If a bind attempt would otherwise be successful, then do not
110     * reject it if a problem occurs while attempting to update the
111     * password policy state information for the user.
112     */
113    IGNORE("ignore"),
114
115
116
117    /**
118     * Proactively reject any bind attempt if it is known ahead of
119     * time that it would not be possible to update the user's password
120     * policy state information.
121     */
122    PROACTIVE("proactive"),
123
124
125
126    /**
127     * Even if a bind attempt would otherwise be successful, reject it
128     * if a problem occurs while attempting to update the password
129     * policy state information for the user.
130     */
131    REACTIVE("reactive");
132
133
134
135    // String representation of the value.
136    private final String name;
137
138
139
140    // Private constructor.
141    private StateUpdateFailurePolicy(String name) { this.name = name; }
142
143
144
145    /**
146     * {@inheritDoc}
147     */
148    public String toString() { return name; }
149
150  }
151
152
153
154  // The "account-status-notification-handler" property definition.
155  private static final AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
156
157
158
159  // The "allow-expired-password-changes" property definition.
160  private static final BooleanPropertyDefinition PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
161
162
163
164  // The "allow-multiple-password-values" property definition.
165  private static final BooleanPropertyDefinition PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
166
167
168
169  // The "allow-pre-encoded-passwords" property definition.
170  private static final BooleanPropertyDefinition PD_ALLOW_PRE_ENCODED_PASSWORDS;
171
172
173
174  // The "allow-user-password-changes" property definition.
175  private static final BooleanPropertyDefinition PD_ALLOW_USER_PASSWORD_CHANGES;
176
177
178
179  // The "default-password-storage-scheme" property definition.
180  private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
181
182
183
184  // The "deprecated-password-storage-scheme" property definition.
185  private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
186
187
188
189  // The "expire-passwords-without-warning" property definition.
190  private static final BooleanPropertyDefinition PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
191
192
193
194  // The "force-change-on-add" property definition.
195  private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_ADD;
196
197
198
199  // The "force-change-on-reset" property definition.
200  private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_RESET;
201
202
203
204  // The "grace-login-count" property definition.
205  private static final IntegerPropertyDefinition PD_GRACE_LOGIN_COUNT;
206
207
208
209  // The "idle-lockout-interval" property definition.
210  private static final DurationPropertyDefinition PD_IDLE_LOCKOUT_INTERVAL;
211
212
213
214  // The "java-class" property definition.
215  private static final ClassPropertyDefinition PD_JAVA_CLASS;
216
217
218
219  // The "last-login-time-attribute" property definition.
220  private static final AttributeTypePropertyDefinition PD_LAST_LOGIN_TIME_ATTRIBUTE;
221
222
223
224  // The "last-login-time-format" property definition.
225  private static final StringPropertyDefinition PD_LAST_LOGIN_TIME_FORMAT;
226
227
228
229  // The "lockout-duration" property definition.
230  private static final DurationPropertyDefinition PD_LOCKOUT_DURATION;
231
232
233
234  // The "lockout-failure-count" property definition.
235  private static final IntegerPropertyDefinition PD_LOCKOUT_FAILURE_COUNT;
236
237
238
239  // The "lockout-failure-expiration-interval" property definition.
240  private static final DurationPropertyDefinition PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
241
242
243
244  // The "max-password-age" property definition.
245  private static final DurationPropertyDefinition PD_MAX_PASSWORD_AGE;
246
247
248
249  // The "max-password-reset-age" property definition.
250  private static final DurationPropertyDefinition PD_MAX_PASSWORD_RESET_AGE;
251
252
253
254  // The "min-password-age" property definition.
255  private static final DurationPropertyDefinition PD_MIN_PASSWORD_AGE;
256
257
258
259  // The "password-attribute" property definition.
260  private static final AttributeTypePropertyDefinition PD_PASSWORD_ATTRIBUTE;
261
262
263
264  // The "password-change-requires-current-password" property definition.
265  private static final BooleanPropertyDefinition PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
266
267
268
269  // The "password-expiration-warning-interval" property definition.
270  private static final DurationPropertyDefinition PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
271
272
273
274  // The "password-generator" property definition.
275  private static final AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> PD_PASSWORD_GENERATOR;
276
277
278
279  // The "password-history-count" property definition.
280  private static final IntegerPropertyDefinition PD_PASSWORD_HISTORY_COUNT;
281
282
283
284  // The "password-history-duration" property definition.
285  private static final DurationPropertyDefinition PD_PASSWORD_HISTORY_DURATION;
286
287
288
289  // The "password-validator" property definition.
290  private static final AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> PD_PASSWORD_VALIDATOR;
291
292
293
294  // The "previous-last-login-time-format" property definition.
295  private static final StringPropertyDefinition PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
296
297
298
299  // The "require-change-by-time" property definition.
300  private static final StringPropertyDefinition PD_REQUIRE_CHANGE_BY_TIME;
301
302
303
304  // The "require-secure-authentication" property definition.
305  private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_AUTHENTICATION;
306
307
308
309  // The "require-secure-password-changes" property definition.
310  private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_PASSWORD_CHANGES;
311
312
313
314  // The "skip-validation-for-administrators" property definition.
315  private static final BooleanPropertyDefinition PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
316
317
318
319  // The "state-update-failure-policy" property definition.
320  private static final EnumPropertyDefinition<StateUpdateFailurePolicy> PD_STATE_UPDATE_FAILURE_POLICY;
321
322
323
324  // Build the "account-status-notification-handler" property definition.
325  static {
326      AggregationPropertyDefinition.Builder<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "account-status-notification-handler");
327      builder.setOption(PropertyOption.MULTI_VALUED);
328      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "account-status-notification-handler"));
329      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
330      builder.setParentPath("/");
331      builder.setRelationDefinition("account-status-notification-handler");
332      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
333      PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER = builder.getInstance();
334      INSTANCE.registerPropertyDefinition(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER);
335      INSTANCE.registerConstraint(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER.getSourceConstraint());
336  }
337
338
339
340  // Build the "allow-expired-password-changes" property definition.
341  static {
342      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-expired-password-changes");
343      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-expired-password-changes"));
344      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
345      builder.setDefaultBehaviorProvider(provider);
346      PD_ALLOW_EXPIRED_PASSWORD_CHANGES = builder.getInstance();
347      INSTANCE.registerPropertyDefinition(PD_ALLOW_EXPIRED_PASSWORD_CHANGES);
348  }
349
350
351
352  // Build the "allow-multiple-password-values" property definition.
353  static {
354      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-multiple-password-values");
355      builder.setOption(PropertyOption.ADVANCED);
356      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-multiple-password-values"));
357      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
358      builder.setDefaultBehaviorProvider(provider);
359      PD_ALLOW_MULTIPLE_PASSWORD_VALUES = builder.getInstance();
360      INSTANCE.registerPropertyDefinition(PD_ALLOW_MULTIPLE_PASSWORD_VALUES);
361  }
362
363
364
365  // Build the "allow-pre-encoded-passwords" property definition.
366  static {
367      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-pre-encoded-passwords");
368      builder.setOption(PropertyOption.ADVANCED);
369      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-pre-encoded-passwords"));
370      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
371      builder.setDefaultBehaviorProvider(provider);
372      PD_ALLOW_PRE_ENCODED_PASSWORDS = builder.getInstance();
373      INSTANCE.registerPropertyDefinition(PD_ALLOW_PRE_ENCODED_PASSWORDS);
374  }
375
376
377
378  // Build the "allow-user-password-changes" property definition.
379  static {
380      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-user-password-changes");
381      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-user-password-changes"));
382      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true");
383      builder.setDefaultBehaviorProvider(provider);
384      PD_ALLOW_USER_PASSWORD_CHANGES = builder.getInstance();
385      INSTANCE.registerPropertyDefinition(PD_ALLOW_USER_PASSWORD_CHANGES);
386  }
387
388
389
390  // Build the "default-password-storage-scheme" property definition.
391  static {
392      AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "default-password-storage-scheme");
393      builder.setOption(PropertyOption.MULTI_VALUED);
394      builder.setOption(PropertyOption.MANDATORY);
395      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-password-storage-scheme"));
396      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
397      builder.setParentPath("/");
398      builder.setRelationDefinition("password-storage-scheme");
399      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
400      PD_DEFAULT_PASSWORD_STORAGE_SCHEME = builder.getInstance();
401      INSTANCE.registerPropertyDefinition(PD_DEFAULT_PASSWORD_STORAGE_SCHEME);
402      INSTANCE.registerConstraint(PD_DEFAULT_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
403  }
404
405
406
407  // Build the "deprecated-password-storage-scheme" property definition.
408  static {
409      AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "deprecated-password-storage-scheme");
410      builder.setOption(PropertyOption.MULTI_VALUED);
411      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "deprecated-password-storage-scheme"));
412      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
413      builder.setParentPath("/");
414      builder.setRelationDefinition("password-storage-scheme");
415      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
416      PD_DEPRECATED_PASSWORD_STORAGE_SCHEME = builder.getInstance();
417      INSTANCE.registerPropertyDefinition(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME);
418      INSTANCE.registerConstraint(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
419  }
420
421
422
423  // Build the "expire-passwords-without-warning" property definition.
424  static {
425      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "expire-passwords-without-warning");
426      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "expire-passwords-without-warning"));
427      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
428      builder.setDefaultBehaviorProvider(provider);
429      PD_EXPIRE_PASSWORDS_WITHOUT_WARNING = builder.getInstance();
430      INSTANCE.registerPropertyDefinition(PD_EXPIRE_PASSWORDS_WITHOUT_WARNING);
431  }
432
433
434
435  // Build the "force-change-on-add" property definition.
436  static {
437      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-add");
438      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-add"));
439      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
440      builder.setDefaultBehaviorProvider(provider);
441      PD_FORCE_CHANGE_ON_ADD = builder.getInstance();
442      INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_ADD);
443  }
444
445
446
447  // Build the "force-change-on-reset" property definition.
448  static {
449      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-reset");
450      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-reset"));
451      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
452      builder.setDefaultBehaviorProvider(provider);
453      PD_FORCE_CHANGE_ON_RESET = builder.getInstance();
454      INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_RESET);
455  }
456
457
458
459  // Build the "grace-login-count" property definition.
460  static {
461      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "grace-login-count");
462      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "grace-login-count"));
463      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
464      builder.setDefaultBehaviorProvider(provider);
465      builder.setUpperLimit(2147483647);
466      builder.setLowerLimit(0);
467      PD_GRACE_LOGIN_COUNT = builder.getInstance();
468      INSTANCE.registerPropertyDefinition(PD_GRACE_LOGIN_COUNT);
469  }
470
471
472
473  // Build the "idle-lockout-interval" property definition.
474  static {
475      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "idle-lockout-interval");
476      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "idle-lockout-interval"));
477      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
478      builder.setDefaultBehaviorProvider(provider);
479      builder.setUpperLimit("2147483647");
480      builder.setLowerLimit("0");
481      PD_IDLE_LOCKOUT_INTERVAL = builder.getInstance();
482      INSTANCE.registerPropertyDefinition(PD_IDLE_LOCKOUT_INTERVAL);
483  }
484
485
486
487  // Build the "java-class" property definition.
488  static {
489      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
490      builder.setOption(PropertyOption.MANDATORY);
491      builder.setOption(PropertyOption.ADVANCED);
492      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
493      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.core.PasswordPolicyFactory");
494      builder.setDefaultBehaviorProvider(provider);
495      builder.addInstanceOf("org.opends.server.api.AuthenticationPolicyFactory");
496      PD_JAVA_CLASS = builder.getInstance();
497      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
498  }
499
500
501
502  // Build the "last-login-time-attribute" property definition.
503  static {
504      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "last-login-time-attribute");
505      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-attribute"));
506      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
507      PD_LAST_LOGIN_TIME_ATTRIBUTE = builder.getInstance();
508      INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_ATTRIBUTE);
509  }
510
511
512
513  // Build the "last-login-time-format" property definition.
514  static {
515      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "last-login-time-format");
516      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-format"));
517      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
518      builder.setPattern(".*", "STRING");
519      PD_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
520      INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_FORMAT);
521  }
522
523
524
525  // Build the "lockout-duration" property definition.
526  static {
527      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-duration");
528      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-duration"));
529      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
530      builder.setDefaultBehaviorProvider(provider);
531      builder.setBaseUnit("s");
532      builder.setUpperLimit("2147483647");
533      builder.setLowerLimit("0");
534      PD_LOCKOUT_DURATION = builder.getInstance();
535      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_DURATION);
536  }
537
538
539
540  // Build the "lockout-failure-count" property definition.
541  static {
542      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-count");
543      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-count"));
544      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
545      builder.setDefaultBehaviorProvider(provider);
546      builder.setUpperLimit(2147483647);
547      builder.setLowerLimit(0);
548      PD_LOCKOUT_FAILURE_COUNT = builder.getInstance();
549      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_COUNT);
550  }
551
552
553
554  // Build the "lockout-failure-expiration-interval" property definition.
555  static {
556      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-expiration-interval");
557      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-expiration-interval"));
558      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
559      builder.setDefaultBehaviorProvider(provider);
560      builder.setBaseUnit("s");
561      builder.setUpperLimit("2147483647");
562      builder.setLowerLimit("0");
563      PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL = builder.getInstance();
564      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL);
565  }
566
567
568
569  // Build the "max-password-age" property definition.
570  static {
571      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-age");
572      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-age"));
573      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
574      builder.setDefaultBehaviorProvider(provider);
575      builder.setBaseUnit("s");
576      builder.setUpperLimit("2147483647");
577      builder.setLowerLimit("0");
578      PD_MAX_PASSWORD_AGE = builder.getInstance();
579      INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_AGE);
580  }
581
582
583
584  // Build the "max-password-reset-age" property definition.
585  static {
586      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-reset-age");
587      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-reset-age"));
588      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
589      builder.setDefaultBehaviorProvider(provider);
590      builder.setBaseUnit("s");
591      builder.setUpperLimit("2147483647");
592      builder.setLowerLimit("0");
593      PD_MAX_PASSWORD_RESET_AGE = builder.getInstance();
594      INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_RESET_AGE);
595  }
596
597
598
599  // Build the "min-password-age" property definition.
600  static {
601      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "min-password-age");
602      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-password-age"));
603      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
604      builder.setDefaultBehaviorProvider(provider);
605      builder.setBaseUnit("s");
606      builder.setUpperLimit("2147483647");
607      builder.setLowerLimit("0");
608      PD_MIN_PASSWORD_AGE = builder.getInstance();
609      INSTANCE.registerPropertyDefinition(PD_MIN_PASSWORD_AGE);
610  }
611
612
613
614  // Build the "password-attribute" property definition.
615  static {
616      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "password-attribute");
617      builder.setOption(PropertyOption.MANDATORY);
618      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-attribute"));
619      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
620      PD_PASSWORD_ATTRIBUTE = builder.getInstance();
621      INSTANCE.registerPropertyDefinition(PD_PASSWORD_ATTRIBUTE);
622  }
623
624
625
626  // Build the "password-change-requires-current-password" property definition.
627  static {
628      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "password-change-requires-current-password");
629      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-change-requires-current-password"));
630      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
631      builder.setDefaultBehaviorProvider(provider);
632      PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD = builder.getInstance();
633      INSTANCE.registerPropertyDefinition(PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD);
634  }
635
636
637
638  // Build the "password-expiration-warning-interval" property definition.
639  static {
640      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-expiration-warning-interval");
641      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-expiration-warning-interval"));
642      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("5 days");
643      builder.setDefaultBehaviorProvider(provider);
644      PD_PASSWORD_EXPIRATION_WARNING_INTERVAL = builder.getInstance();
645      INSTANCE.registerPropertyDefinition(PD_PASSWORD_EXPIRATION_WARNING_INTERVAL);
646  }
647
648
649
650  // Build the "password-generator" property definition.
651  static {
652      AggregationPropertyDefinition.Builder<PasswordGeneratorCfgClient, PasswordGeneratorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-generator");
653      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-generator"));
654      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
655      builder.setParentPath("/");
656      builder.setRelationDefinition("password-generator");
657      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
658      PD_PASSWORD_GENERATOR = builder.getInstance();
659      INSTANCE.registerPropertyDefinition(PD_PASSWORD_GENERATOR);
660      INSTANCE.registerConstraint(PD_PASSWORD_GENERATOR.getSourceConstraint());
661  }
662
663
664
665  // Build the "password-history-count" property definition.
666  static {
667      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "password-history-count");
668      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-count"));
669      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
670      builder.setDefaultBehaviorProvider(provider);
671      builder.setUpperLimit(2147483647);
672      builder.setLowerLimit(0);
673      PD_PASSWORD_HISTORY_COUNT = builder.getInstance();
674      INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_COUNT);
675  }
676
677
678
679  // Build the "password-history-duration" property definition.
680  static {
681      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-history-duration");
682      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-duration"));
683      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
684      builder.setDefaultBehaviorProvider(provider);
685      builder.setAllowUnlimited(false);
686      builder.setBaseUnit("s");
687      builder.setUpperLimit("2147483647");
688      builder.setLowerLimit("0");
689      PD_PASSWORD_HISTORY_DURATION = builder.getInstance();
690      INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_DURATION);
691  }
692
693
694
695  // Build the "password-validator" property definition.
696  static {
697      AggregationPropertyDefinition.Builder<PasswordValidatorCfgClient, PasswordValidatorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-validator");
698      builder.setOption(PropertyOption.MULTI_VALUED);
699      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-validator"));
700      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
701      builder.setParentPath("/");
702      builder.setRelationDefinition("password-validator");
703      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
704      PD_PASSWORD_VALIDATOR = builder.getInstance();
705      INSTANCE.registerPropertyDefinition(PD_PASSWORD_VALIDATOR);
706      INSTANCE.registerConstraint(PD_PASSWORD_VALIDATOR.getSourceConstraint());
707  }
708
709
710
711  // Build the "previous-last-login-time-format" property definition.
712  static {
713      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "previous-last-login-time-format");
714      builder.setOption(PropertyOption.MULTI_VALUED);
715      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "previous-last-login-time-format"));
716      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
717      builder.setPattern(".*", "STRING");
718      PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
719      INSTANCE.registerPropertyDefinition(PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT);
720  }
721
722
723
724  // Build the "require-change-by-time" property definition.
725  static {
726      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "require-change-by-time");
727      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-change-by-time"));
728      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
729      builder.setPattern(".*", "STRING");
730      PD_REQUIRE_CHANGE_BY_TIME = builder.getInstance();
731      INSTANCE.registerPropertyDefinition(PD_REQUIRE_CHANGE_BY_TIME);
732  }
733
734
735
736  // Build the "require-secure-authentication" property definition.
737  static {
738      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-authentication");
739      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-authentication"));
740      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
741      builder.setDefaultBehaviorProvider(provider);
742      PD_REQUIRE_SECURE_AUTHENTICATION = builder.getInstance();
743      INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_AUTHENTICATION);
744  }
745
746
747
748  // Build the "require-secure-password-changes" property definition.
749  static {
750      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-password-changes");
751      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-password-changes"));
752      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
753      builder.setDefaultBehaviorProvider(provider);
754      PD_REQUIRE_SECURE_PASSWORD_CHANGES = builder.getInstance();
755      INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_PASSWORD_CHANGES);
756  }
757
758
759
760  // Build the "skip-validation-for-administrators" property definition.
761  static {
762      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "skip-validation-for-administrators");
763      builder.setOption(PropertyOption.ADVANCED);
764      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "skip-validation-for-administrators"));
765      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
766      builder.setDefaultBehaviorProvider(provider);
767      PD_SKIP_VALIDATION_FOR_ADMINISTRATORS = builder.getInstance();
768      INSTANCE.registerPropertyDefinition(PD_SKIP_VALIDATION_FOR_ADMINISTRATORS);
769  }
770
771
772
773  // Build the "state-update-failure-policy" property definition.
774  static {
775      EnumPropertyDefinition.Builder<StateUpdateFailurePolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "state-update-failure-policy");
776      builder.setOption(PropertyOption.ADVANCED);
777      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "state-update-failure-policy"));
778      DefaultBehaviorProvider<StateUpdateFailurePolicy> provider = new DefinedDefaultBehaviorProvider<StateUpdateFailurePolicy>("reactive");
779      builder.setDefaultBehaviorProvider(provider);
780      builder.setEnumClass(StateUpdateFailurePolicy.class);
781      PD_STATE_UPDATE_FAILURE_POLICY = builder.getInstance();
782      INSTANCE.registerPropertyDefinition(PD_STATE_UPDATE_FAILURE_POLICY);
783  }
784
785
786
787  // Register the tags associated with this managed object definition.
788  static {
789    INSTANCE.registerTag(Tag.valueOf("user-management"));
790  }
791
792
793
794  /**
795   * Get the Password Policy configuration definition singleton.
796   *
797   * @return Returns the Password Policy configuration definition
798   *         singleton.
799   */
800  public static PasswordPolicyCfgDefn getInstance() {
801    return INSTANCE;
802  }
803
804
805
806  /**
807   * Private constructor.
808   */
809  private PasswordPolicyCfgDefn() {
810    super("password-policy", AuthenticationPolicyCfgDefn.getInstance());
811  }
812
813
814
815  /**
816   * {@inheritDoc}
817   */
818  public PasswordPolicyCfgClient createClientConfiguration(
819      ManagedObject<? extends PasswordPolicyCfgClient> impl) {
820    return new PasswordPolicyCfgClientImpl(impl);
821  }
822
823
824
825  /**
826   * {@inheritDoc}
827   */
828  public PasswordPolicyCfg createServerConfiguration(
829      ServerManagedObject<? extends PasswordPolicyCfg> impl) {
830    return new PasswordPolicyCfgServerImpl(impl);
831  }
832
833
834
835  /**
836   * {@inheritDoc}
837   */
838  public Class<PasswordPolicyCfg> getServerConfigurationClass() {
839    return PasswordPolicyCfg.class;
840  }
841
842
843
844  /**
845   * Get the "account-status-notification-handler" property definition.
846   * <p>
847   * Specifies the names of the account status notification handlers
848   * that are used with the associated password storage scheme.
849   *
850   * @return Returns the "account-status-notification-handler" property definition.
851   */
852  public AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> getAccountStatusNotificationHandlerPropertyDefinition() {
853    return PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
854  }
855
856
857
858  /**
859   * Get the "allow-expired-password-changes" property definition.
860   * <p>
861   * Indicates whether a user whose password is expired is still
862   * allowed to change that password using the password modify extended
863   * operation.
864   *
865   * @return Returns the "allow-expired-password-changes" property definition.
866   */
867  public BooleanPropertyDefinition getAllowExpiredPasswordChangesPropertyDefinition() {
868    return PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
869  }
870
871
872
873  /**
874   * Get the "allow-multiple-password-values" property definition.
875   * <p>
876   * Indicates whether user entries can have multiple distinct values
877   * for the password attribute.
878   * <p>
879   * This is potentially dangerous because many mechanisms used to
880   * change the password do not work well with such a configuration. If
881   * multiple password values are allowed, then any of them can be used
882   * to authenticate, and they are all subject to the same policy
883   * constraints.
884   *
885   * @return Returns the "allow-multiple-password-values" property definition.
886   */
887  public BooleanPropertyDefinition getAllowMultiplePasswordValuesPropertyDefinition() {
888    return PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
889  }
890
891
892
893  /**
894   * Get the "allow-pre-encoded-passwords" property definition.
895   * <p>
896   * Indicates whether users can change their passwords by providing a
897   * pre-encoded value.
898   * <p>
899   * This can cause a security risk because the clear-text version of
900   * the password is not known and therefore validation checks cannot
901   * be applied to it.
902   *
903   * @return Returns the "allow-pre-encoded-passwords" property definition.
904   */
905  public BooleanPropertyDefinition getAllowPreEncodedPasswordsPropertyDefinition() {
906    return PD_ALLOW_PRE_ENCODED_PASSWORDS;
907  }
908
909
910
911  /**
912   * Get the "allow-user-password-changes" property definition.
913   * <p>
914   * Indicates whether users can change their own passwords.
915   * <p>
916   * This check is made in addition to access control evaluation. Both
917   * must allow the password change for it to occur.
918   *
919   * @return Returns the "allow-user-password-changes" property definition.
920   */
921  public BooleanPropertyDefinition getAllowUserPasswordChangesPropertyDefinition() {
922    return PD_ALLOW_USER_PASSWORD_CHANGES;
923  }
924
925
926
927  /**
928   * Get the "default-password-storage-scheme" property definition.
929   * <p>
930   * Specifies the names of the password storage schemes that are used
931   * to encode clear-text passwords for this password policy.
932   *
933   * @return Returns the "default-password-storage-scheme" property definition.
934   */
935  public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDefaultPasswordStorageSchemePropertyDefinition() {
936    return PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
937  }
938
939
940
941  /**
942   * Get the "deprecated-password-storage-scheme" property definition.
943   * <p>
944   * Specifies the names of the password storage schemes that are
945   * considered deprecated for this password policy.
946   * <p>
947   * If a user with this password policy authenticates to the server
948   * and his/her password is encoded with a deprecated scheme, those
949   * values are removed and replaced with values encoded using the
950   * default password storage scheme(s).
951   *
952   * @return Returns the "deprecated-password-storage-scheme" property definition.
953   */
954  public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDeprecatedPasswordStorageSchemePropertyDefinition() {
955    return PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
956  }
957
958
959
960  /**
961   * Get the "expire-passwords-without-warning" property definition.
962   * <p>
963   * Indicates whether the directory server allows a user's password
964   * to expire even if that user has never seen an expiration warning
965   * notification.
966   * <p>
967   * If this property is true, accounts always expire when the
968   * expiration time arrives. If this property is false or disabled,
969   * the user always receives at least one warning notification, and
970   * the password expiration is set to the warning time plus the
971   * warning interval.
972   *
973   * @return Returns the "expire-passwords-without-warning" property definition.
974   */
975  public BooleanPropertyDefinition getExpirePasswordsWithoutWarningPropertyDefinition() {
976    return PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
977  }
978
979
980
981  /**
982   * Get the "force-change-on-add" property definition.
983   * <p>
984   * Indicates whether users are forced to change their passwords upon
985   * first authenticating to the directory server after their account
986   * has been created.
987   *
988   * @return Returns the "force-change-on-add" property definition.
989   */
990  public BooleanPropertyDefinition getForceChangeOnAddPropertyDefinition() {
991    return PD_FORCE_CHANGE_ON_ADD;
992  }
993
994
995
996  /**
997   * Get the "force-change-on-reset" property definition.
998   * <p>
999   * Indicates whether users are forced to change their passwords if
1000   * they are reset by an administrator.
1001   * <p>
1002   * For this purpose, anyone with permission to change a given user's
1003   * password other than that user is considered an administrator.
1004   *
1005   * @return Returns the "force-change-on-reset" property definition.
1006   */
1007  public BooleanPropertyDefinition getForceChangeOnResetPropertyDefinition() {
1008    return PD_FORCE_CHANGE_ON_RESET;
1009  }
1010
1011
1012
1013  /**
1014   * Get the "grace-login-count" property definition.
1015   * <p>
1016   * Specifies the number of grace logins that a user is allowed after
1017   * the account has expired to allow that user to choose a new
1018   * password.
1019   * <p>
1020   * A value of 0 indicates that no grace logins are allowed.
1021   *
1022   * @return Returns the "grace-login-count" property definition.
1023   */
1024  public IntegerPropertyDefinition getGraceLoginCountPropertyDefinition() {
1025    return PD_GRACE_LOGIN_COUNT;
1026  }
1027
1028
1029
1030  /**
1031   * Get the "idle-lockout-interval" property definition.
1032   * <p>
1033   * Specifies the maximum length of time that an account may remain
1034   * idle (that is, the associated user does not authenticate to the
1035   * server) before that user is locked out.
1036   * <p>
1037   * The value of this attribute is an integer followed by a unit of
1038   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1039   * indicates that idle accounts are not automatically locked out.
1040   * This feature is available only if the last login time is
1041   * maintained.
1042   *
1043   * @return Returns the "idle-lockout-interval" property definition.
1044   */
1045  public DurationPropertyDefinition getIdleLockoutIntervalPropertyDefinition() {
1046    return PD_IDLE_LOCKOUT_INTERVAL;
1047  }
1048
1049
1050
1051  /**
1052   * Get the "java-class" property definition.
1053   * <p>
1054   * Specifies the fully-qualified name of the Java class which
1055   * provides the Password Policy implementation.
1056   *
1057   * @return Returns the "java-class" property definition.
1058   */
1059  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
1060    return PD_JAVA_CLASS;
1061  }
1062
1063
1064
1065  /**
1066   * Get the "last-login-time-attribute" property definition.
1067   * <p>
1068   * Specifies the name or OID of the attribute type that is used to
1069   * hold the last login time for users with the associated password
1070   * policy.
1071   * <p>
1072   * This attribute type must be defined in the directory server
1073   * schema and must either be defined as an operational attribute or
1074   * must be allowed by the set of objectClasses for all users with the
1075   * associated password policy.
1076   *
1077   * @return Returns the "last-login-time-attribute" property definition.
1078   */
1079  public AttributeTypePropertyDefinition getLastLoginTimeAttributePropertyDefinition() {
1080    return PD_LAST_LOGIN_TIME_ATTRIBUTE;
1081  }
1082
1083
1084
1085  /**
1086   * Get the "last-login-time-format" property definition.
1087   * <p>
1088   * Specifies the format string that is used to generate the last
1089   * login time value for users with the associated password policy.
1090   * <p>
1091   * This format string conforms to the syntax described in the API
1092   * documentation for the java.text.SimpleDateFormat class.
1093   *
1094   * @return Returns the "last-login-time-format" property definition.
1095   */
1096  public StringPropertyDefinition getLastLoginTimeFormatPropertyDefinition() {
1097    return PD_LAST_LOGIN_TIME_FORMAT;
1098  }
1099
1100
1101
1102  /**
1103   * Get the "lockout-duration" property definition.
1104   * <p>
1105   * Specifies the length of time that an account is locked after too
1106   * many authentication failures.
1107   * <p>
1108   * The value of this attribute is an integer followed by a unit of
1109   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1110   * indicates that the account must remain locked until an
1111   * administrator resets the password.
1112   *
1113   * @return Returns the "lockout-duration" property definition.
1114   */
1115  public DurationPropertyDefinition getLockoutDurationPropertyDefinition() {
1116    return PD_LOCKOUT_DURATION;
1117  }
1118
1119
1120
1121  /**
1122   * Get the "lockout-failure-count" property definition.
1123   * <p>
1124   * Specifies the maximum number of authentication failures that a
1125   * user is allowed before the account is locked out.
1126   * <p>
1127   * A value of 0 indicates that accounts are never locked out due to
1128   * failed attempts.
1129   *
1130   * @return Returns the "lockout-failure-count" property definition.
1131   */
1132  public IntegerPropertyDefinition getLockoutFailureCountPropertyDefinition() {
1133    return PD_LOCKOUT_FAILURE_COUNT;
1134  }
1135
1136
1137
1138  /**
1139   * Get the "lockout-failure-expiration-interval" property definition.
1140   * <p>
1141   * Specifies the length of time before an authentication failure is
1142   * no longer counted against a user for the purposes of account
1143   * lockout.
1144   * <p>
1145   * The value of this attribute is an integer followed by a unit of
1146   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1147   * indicates that the authentication failures must never expire. The
1148   * failure count is always cleared upon a successful authentication.
1149   *
1150   * @return Returns the "lockout-failure-expiration-interval" property definition.
1151   */
1152  public DurationPropertyDefinition getLockoutFailureExpirationIntervalPropertyDefinition() {
1153    return PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
1154  }
1155
1156
1157
1158  /**
1159   * Get the "max-password-age" property definition.
1160   * <p>
1161   * Specifies the maximum length of time that a user can continue
1162   * using the same password before it must be changed (that is, the
1163   * password expiration interval).
1164   * <p>
1165   * The value of this attribute is an integer followed by a unit of
1166   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1167   * disables password expiration.
1168   *
1169   * @return Returns the "max-password-age" property definition.
1170   */
1171  public DurationPropertyDefinition getMaxPasswordAgePropertyDefinition() {
1172    return PD_MAX_PASSWORD_AGE;
1173  }
1174
1175
1176
1177  /**
1178   * Get the "max-password-reset-age" property definition.
1179   * <p>
1180   * Specifies the maximum length of time that users have to change
1181   * passwords after they have been reset by an administrator before
1182   * they become locked.
1183   * <p>
1184   * The value of this attribute is an integer followed by a unit of
1185   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1186   * disables this feature.
1187   *
1188   * @return Returns the "max-password-reset-age" property definition.
1189   */
1190  public DurationPropertyDefinition getMaxPasswordResetAgePropertyDefinition() {
1191    return PD_MAX_PASSWORD_RESET_AGE;
1192  }
1193
1194
1195
1196  /**
1197   * Get the "min-password-age" property definition.
1198   * <p>
1199   * Specifies the minimum length of time after a password change
1200   * before the user is allowed to change the password again.
1201   * <p>
1202   * The value of this attribute is an integer followed by a unit of
1203   * seconds, minutes, hours, days, or weeks. This setting can be used
1204   * to prevent users from changing their passwords repeatedly over a
1205   * short period of time to flush an old password from the history so
1206   * that it can be re-used.
1207   *
1208   * @return Returns the "min-password-age" property definition.
1209   */
1210  public DurationPropertyDefinition getMinPasswordAgePropertyDefinition() {
1211    return PD_MIN_PASSWORD_AGE;
1212  }
1213
1214
1215
1216  /**
1217   * Get the "password-attribute" property definition.
1218   * <p>
1219   * Specifies the attribute type used to hold user passwords.
1220   * <p>
1221   * This attribute type must be defined in the server schema, and it
1222   * must have either the user password or auth password syntax.
1223   *
1224   * @return Returns the "password-attribute" property definition.
1225   */
1226  public AttributeTypePropertyDefinition getPasswordAttributePropertyDefinition() {
1227    return PD_PASSWORD_ATTRIBUTE;
1228  }
1229
1230
1231
1232  /**
1233   * Get the "password-change-requires-current-password" property definition.
1234   * <p>
1235   * Indicates whether user password changes must use the password
1236   * modify extended operation and must include the user's current
1237   * password before the change is allowed.
1238   *
1239   * @return Returns the "password-change-requires-current-password" property definition.
1240   */
1241  public BooleanPropertyDefinition getPasswordChangeRequiresCurrentPasswordPropertyDefinition() {
1242    return PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
1243  }
1244
1245
1246
1247  /**
1248   * Get the "password-expiration-warning-interval" property definition.
1249   * <p>
1250   * Specifies the maximum length of time before a user's password
1251   * actually expires that the server begins to include warning
1252   * notifications in bind responses for that user.
1253   * <p>
1254   * The value of this attribute is an integer followed by a unit of
1255   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1256   * disables the warning interval.
1257   *
1258   * @return Returns the "password-expiration-warning-interval" property definition.
1259   */
1260  public DurationPropertyDefinition getPasswordExpirationWarningIntervalPropertyDefinition() {
1261    return PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
1262  }
1263
1264
1265
1266  /**
1267   * Get the "password-generator" property definition.
1268   * <p>
1269   * Specifies the name of the password generator that is used with
1270   * the associated password policy.
1271   * <p>
1272   * This is used in conjunction with the password modify extended
1273   * operation to generate a new password for a user when none was
1274   * provided in the request.
1275   *
1276   * @return Returns the "password-generator" property definition.
1277   */
1278  public AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> getPasswordGeneratorPropertyDefinition() {
1279    return PD_PASSWORD_GENERATOR;
1280  }
1281
1282
1283
1284  /**
1285   * Get the "password-history-count" property definition.
1286   * <p>
1287   * Specifies the maximum number of former passwords to maintain in
1288   * the password history.
1289   * <p>
1290   * When choosing a new password, the proposed password is checked to
1291   * ensure that it does not match the current password, nor any other
1292   * password in the history list. A value of zero indicates that
1293   * either no password history is to be maintained (if the password
1294   * history duration has a value of zero seconds), or that there is no
1295   * maximum number of passwords to maintain in the history (if the
1296   * password history duration has a value greater than zero seconds).
1297   *
1298   * @return Returns the "password-history-count" property definition.
1299   */
1300  public IntegerPropertyDefinition getPasswordHistoryCountPropertyDefinition() {
1301    return PD_PASSWORD_HISTORY_COUNT;
1302  }
1303
1304
1305
1306  /**
1307   * Get the "password-history-duration" property definition.
1308   * <p>
1309   * Specifies the maximum length of time that passwords remain in the
1310   * password history.
1311   * <p>
1312   * When choosing a new password, the proposed password is checked to
1313   * ensure that it does not match the current password, nor any other
1314   * password in the history list. A value of zero seconds indicates
1315   * that either no password history is to be maintained (if the
1316   * password history count has a value of zero), or that there is no
1317   * maximum duration for passwords in the history (if the password
1318   * history count has a value greater than zero).
1319   *
1320   * @return Returns the "password-history-duration" property definition.
1321   */
1322  public DurationPropertyDefinition getPasswordHistoryDurationPropertyDefinition() {
1323    return PD_PASSWORD_HISTORY_DURATION;
1324  }
1325
1326
1327
1328  /**
1329   * Get the "password-validator" property definition.
1330   * <p>
1331   * Specifies the names of the password validators that are used with
1332   * the associated password storage scheme.
1333   * <p>
1334   * The password validators are invoked when a user attempts to
1335   * provide a new password, to determine whether the new password is
1336   * acceptable.
1337   *
1338   * @return Returns the "password-validator" property definition.
1339   */
1340  public AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> getPasswordValidatorPropertyDefinition() {
1341    return PD_PASSWORD_VALIDATOR;
1342  }
1343
1344
1345
1346  /**
1347   * Get the "previous-last-login-time-format" property definition.
1348   * <p>
1349   * Specifies the format string(s) that might have been used with the
1350   * last login time at any point in the past for users associated with
1351   * the password policy.
1352   * <p>
1353   * These values are used to make it possible to parse previous
1354   * values, but are not used to set new values. The format strings
1355   * conform to the syntax described in the API documentation for the
1356   * java.text.SimpleDateFormat class.
1357   *
1358   * @return Returns the "previous-last-login-time-format" property definition.
1359   */
1360  public StringPropertyDefinition getPreviousLastLoginTimeFormatPropertyDefinition() {
1361    return PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
1362  }
1363
1364
1365
1366  /**
1367   * Get the "require-change-by-time" property definition.
1368   * <p>
1369   * Specifies the time by which all users with the associated
1370   * password policy must change their passwords.
1371   * <p>
1372   * The value is expressed in a generalized time format. If this time
1373   * is equal to the current time or is in the past, then all users are
1374   * required to change their passwords immediately. The behavior of
1375   * the server in this mode is identical to the behavior observed when
1376   * users are forced to change their passwords after an administrative
1377   * reset.
1378   *
1379   * @return Returns the "require-change-by-time" property definition.
1380   */
1381  public StringPropertyDefinition getRequireChangeByTimePropertyDefinition() {
1382    return PD_REQUIRE_CHANGE_BY_TIME;
1383  }
1384
1385
1386
1387  /**
1388   * Get the "require-secure-authentication" property definition.
1389   * <p>
1390   * Indicates whether users with the associated password policy are
1391   * required to authenticate in a secure manner.
1392   * <p>
1393   * This might mean either using a secure communication channel
1394   * between the client and the server, or using a SASL mechanism that
1395   * does not expose the credentials.
1396   *
1397   * @return Returns the "require-secure-authentication" property definition.
1398   */
1399  public BooleanPropertyDefinition getRequireSecureAuthenticationPropertyDefinition() {
1400    return PD_REQUIRE_SECURE_AUTHENTICATION;
1401  }
1402
1403
1404
1405  /**
1406   * Get the "require-secure-password-changes" property definition.
1407   * <p>
1408   * Indicates whether users with the associated password policy are
1409   * required to change their password in a secure manner that does not
1410   * expose the credentials.
1411   *
1412   * @return Returns the "require-secure-password-changes" property definition.
1413   */
1414  public BooleanPropertyDefinition getRequireSecurePasswordChangesPropertyDefinition() {
1415    return PD_REQUIRE_SECURE_PASSWORD_CHANGES;
1416  }
1417
1418
1419
1420  /**
1421   * Get the "skip-validation-for-administrators" property definition.
1422   * <p>
1423   * Indicates whether passwords set by administrators are allowed to
1424   * bypass the password validation process that is required for user
1425   * password changes.
1426   *
1427   * @return Returns the "skip-validation-for-administrators" property definition.
1428   */
1429  public BooleanPropertyDefinition getSkipValidationForAdministratorsPropertyDefinition() {
1430    return PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
1431  }
1432
1433
1434
1435  /**
1436   * Get the "state-update-failure-policy" property definition.
1437   * <p>
1438   * Specifies how the server deals with the inability to update
1439   * password policy state information during an authentication
1440   * attempt.
1441   * <p>
1442   * In particular, this property can be used to control whether an
1443   * otherwise successful bind operation fails if a failure occurs
1444   * while attempting to update password policy state information (for
1445   * example, to clear a record of previous authentication failures or
1446   * to update the last login time). It can also be used to control
1447   * whether to reject a bind request if it is known ahead of time that
1448   * it will not be possible to update the authentication failure times
1449   * in the event of an unsuccessful bind attempt (for example, if the
1450   * backend writability mode is disabled).
1451   *
1452   * @return Returns the "state-update-failure-policy" property definition.
1453   */
1454  public EnumPropertyDefinition<StateUpdateFailurePolicy> getStateUpdateFailurePolicyPropertyDefinition() {
1455    return PD_STATE_UPDATE_FAILURE_POLICY;
1456  }
1457
1458
1459
1460  /**
1461   * Managed object client implementation.
1462   */
1463  private static class PasswordPolicyCfgClientImpl implements
1464    PasswordPolicyCfgClient {
1465
1466    // Private implementation.
1467    private ManagedObject<? extends PasswordPolicyCfgClient> impl;
1468
1469
1470
1471    // Private constructor.
1472    private PasswordPolicyCfgClientImpl(
1473        ManagedObject<? extends PasswordPolicyCfgClient> impl) {
1474      this.impl = impl;
1475    }
1476
1477
1478
1479    /**
1480     * {@inheritDoc}
1481     */
1482    public SortedSet<String> getAccountStatusNotificationHandler() {
1483      return impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
1484    }
1485
1486
1487
1488    /**
1489     * {@inheritDoc}
1490     */
1491    public void setAccountStatusNotificationHandler(Collection<String> values) {
1492      impl.setPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition(), values);
1493    }
1494
1495
1496
1497    /**
1498     * {@inheritDoc}
1499     */
1500    public boolean isAllowExpiredPasswordChanges() {
1501      return impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
1502    }
1503
1504
1505
1506    /**
1507     * {@inheritDoc}
1508     */
1509    public void setAllowExpiredPasswordChanges(Boolean value) {
1510      impl.setPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition(), value);
1511    }
1512
1513
1514
1515    /**
1516     * {@inheritDoc}
1517     */
1518    public boolean isAllowMultiplePasswordValues() {
1519      return impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
1520    }
1521
1522
1523
1524    /**
1525     * {@inheritDoc}
1526     */
1527    public void setAllowMultiplePasswordValues(Boolean value) {
1528      impl.setPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition(), value);
1529    }
1530
1531
1532
1533    /**
1534     * {@inheritDoc}
1535     */
1536    public boolean isAllowPreEncodedPasswords() {
1537      return impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
1538    }
1539
1540
1541
1542    /**
1543     * {@inheritDoc}
1544     */
1545    public void setAllowPreEncodedPasswords(Boolean value) {
1546      impl.setPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition(), value);
1547    }
1548
1549
1550
1551    /**
1552     * {@inheritDoc}
1553     */
1554    public boolean isAllowUserPasswordChanges() {
1555      return impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
1556    }
1557
1558
1559
1560    /**
1561     * {@inheritDoc}
1562     */
1563    public void setAllowUserPasswordChanges(Boolean value) {
1564      impl.setPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition(), value);
1565    }
1566
1567
1568
1569    /**
1570     * {@inheritDoc}
1571     */
1572    public SortedSet<String> getDefaultPasswordStorageScheme() {
1573      return impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
1574    }
1575
1576
1577
1578    /**
1579     * {@inheritDoc}
1580     */
1581    public void setDefaultPasswordStorageScheme(Collection<String> values) {
1582      impl.setPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition(), values);
1583    }
1584
1585
1586
1587    /**
1588     * {@inheritDoc}
1589     */
1590    public SortedSet<String> getDeprecatedPasswordStorageScheme() {
1591      return impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
1592    }
1593
1594
1595
1596    /**
1597     * {@inheritDoc}
1598     */
1599    public void setDeprecatedPasswordStorageScheme(Collection<String> values) {
1600      impl.setPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition(), values);
1601    }
1602
1603
1604
1605    /**
1606     * {@inheritDoc}
1607     */
1608    public boolean isExpirePasswordsWithoutWarning() {
1609      return impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
1610    }
1611
1612
1613
1614    /**
1615     * {@inheritDoc}
1616     */
1617    public void setExpirePasswordsWithoutWarning(Boolean value) {
1618      impl.setPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition(), value);
1619    }
1620
1621
1622
1623    /**
1624     * {@inheritDoc}
1625     */
1626    public boolean isForceChangeOnAdd() {
1627      return impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
1628    }
1629
1630
1631
1632    /**
1633     * {@inheritDoc}
1634     */
1635    public void setForceChangeOnAdd(Boolean value) {
1636      impl.setPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition(), value);
1637    }
1638
1639
1640
1641    /**
1642     * {@inheritDoc}
1643     */
1644    public boolean isForceChangeOnReset() {
1645      return impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
1646    }
1647
1648
1649
1650    /**
1651     * {@inheritDoc}
1652     */
1653    public void setForceChangeOnReset(Boolean value) {
1654      impl.setPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition(), value);
1655    }
1656
1657
1658
1659    /**
1660     * {@inheritDoc}
1661     */
1662    public int getGraceLoginCount() {
1663      return impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
1664    }
1665
1666
1667
1668    /**
1669     * {@inheritDoc}
1670     */
1671    public void setGraceLoginCount(Integer value) {
1672      impl.setPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition(), value);
1673    }
1674
1675
1676
1677    /**
1678     * {@inheritDoc}
1679     */
1680    public long getIdleLockoutInterval() {
1681      return impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
1682    }
1683
1684
1685
1686    /**
1687     * {@inheritDoc}
1688     */
1689    public void setIdleLockoutInterval(Long value) {
1690      impl.setPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition(), value);
1691    }
1692
1693
1694
1695    /**
1696     * {@inheritDoc}
1697     */
1698    public String getJavaClass() {
1699      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
1700    }
1701
1702
1703
1704    /**
1705     * {@inheritDoc}
1706     */
1707    public void setJavaClass(String value) {
1708      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
1709    }
1710
1711
1712
1713    /**
1714     * {@inheritDoc}
1715     */
1716    public AttributeType getLastLoginTimeAttribute() {
1717      return impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
1718    }
1719
1720
1721
1722    /**
1723     * {@inheritDoc}
1724     */
1725    public void setLastLoginTimeAttribute(AttributeType value) {
1726      impl.setPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition(), value);
1727    }
1728
1729
1730
1731    /**
1732     * {@inheritDoc}
1733     */
1734    public String getLastLoginTimeFormat() {
1735      return impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
1736    }
1737
1738
1739
1740    /**
1741     * {@inheritDoc}
1742     */
1743    public void setLastLoginTimeFormat(String value) {
1744      impl.setPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition(), value);
1745    }
1746
1747
1748
1749    /**
1750     * {@inheritDoc}
1751     */
1752    public long getLockoutDuration() {
1753      return impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
1754    }
1755
1756
1757
1758    /**
1759     * {@inheritDoc}
1760     */
1761    public void setLockoutDuration(Long value) {
1762      impl.setPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition(), value);
1763    }
1764
1765
1766
1767    /**
1768     * {@inheritDoc}
1769     */
1770    public int getLockoutFailureCount() {
1771      return impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
1772    }
1773
1774
1775
1776    /**
1777     * {@inheritDoc}
1778     */
1779    public void setLockoutFailureCount(Integer value) {
1780      impl.setPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition(), value);
1781    }
1782
1783
1784
1785    /**
1786     * {@inheritDoc}
1787     */
1788    public long getLockoutFailureExpirationInterval() {
1789      return impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
1790    }
1791
1792
1793
1794    /**
1795     * {@inheritDoc}
1796     */
1797    public void setLockoutFailureExpirationInterval(Long value) {
1798      impl.setPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition(), value);
1799    }
1800
1801
1802
1803    /**
1804     * {@inheritDoc}
1805     */
1806    public long getMaxPasswordAge() {
1807      return impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
1808    }
1809
1810
1811
1812    /**
1813     * {@inheritDoc}
1814     */
1815    public void setMaxPasswordAge(Long value) {
1816      impl.setPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition(), value);
1817    }
1818
1819
1820
1821    /**
1822     * {@inheritDoc}
1823     */
1824    public long getMaxPasswordResetAge() {
1825      return impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
1826    }
1827
1828
1829
1830    /**
1831     * {@inheritDoc}
1832     */
1833    public void setMaxPasswordResetAge(Long value) {
1834      impl.setPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition(), value);
1835    }
1836
1837
1838
1839    /**
1840     * {@inheritDoc}
1841     */
1842    public long getMinPasswordAge() {
1843      return impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
1844    }
1845
1846
1847
1848    /**
1849     * {@inheritDoc}
1850     */
1851    public void setMinPasswordAge(Long value) {
1852      impl.setPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition(), value);
1853    }
1854
1855
1856
1857    /**
1858     * {@inheritDoc}
1859     */
1860    public AttributeType getPasswordAttribute() {
1861      return impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
1862    }
1863
1864
1865
1866    /**
1867     * {@inheritDoc}
1868     */
1869    public void setPasswordAttribute(AttributeType value) {
1870      impl.setPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition(), value);
1871    }
1872
1873
1874
1875    /**
1876     * {@inheritDoc}
1877     */
1878    public boolean isPasswordChangeRequiresCurrentPassword() {
1879      return impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
1880    }
1881
1882
1883
1884    /**
1885     * {@inheritDoc}
1886     */
1887    public void setPasswordChangeRequiresCurrentPassword(Boolean value) {
1888      impl.setPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition(), value);
1889    }
1890
1891
1892
1893    /**
1894     * {@inheritDoc}
1895     */
1896    public long getPasswordExpirationWarningInterval() {
1897      return impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
1898    }
1899
1900
1901
1902    /**
1903     * {@inheritDoc}
1904     */
1905    public void setPasswordExpirationWarningInterval(Long value) {
1906      impl.setPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition(), value);
1907    }
1908
1909
1910
1911    /**
1912     * {@inheritDoc}
1913     */
1914    public String getPasswordGenerator() {
1915      return impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
1916    }
1917
1918
1919
1920    /**
1921     * {@inheritDoc}
1922     */
1923    public void setPasswordGenerator(String value) {
1924      impl.setPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition(), value);
1925    }
1926
1927
1928
1929    /**
1930     * {@inheritDoc}
1931     */
1932    public int getPasswordHistoryCount() {
1933      return impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
1934    }
1935
1936
1937
1938    /**
1939     * {@inheritDoc}
1940     */
1941    public void setPasswordHistoryCount(Integer value) {
1942      impl.setPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition(), value);
1943    }
1944
1945
1946
1947    /**
1948     * {@inheritDoc}
1949     */
1950    public long getPasswordHistoryDuration() {
1951      return impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
1952    }
1953
1954
1955
1956    /**
1957     * {@inheritDoc}
1958     */
1959    public void setPasswordHistoryDuration(Long value) {
1960      impl.setPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition(), value);
1961    }
1962
1963
1964
1965    /**
1966     * {@inheritDoc}
1967     */
1968    public SortedSet<String> getPasswordValidator() {
1969      return impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
1970    }
1971
1972
1973
1974    /**
1975     * {@inheritDoc}
1976     */
1977    public void setPasswordValidator(Collection<String> values) {
1978      impl.setPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition(), values);
1979    }
1980
1981
1982
1983    /**
1984     * {@inheritDoc}
1985     */
1986    public SortedSet<String> getPreviousLastLoginTimeFormat() {
1987      return impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
1988    }
1989
1990
1991
1992    /**
1993     * {@inheritDoc}
1994     */
1995    public void setPreviousLastLoginTimeFormat(Collection<String> values) {
1996      impl.setPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition(), values);
1997    }
1998
1999
2000
2001    /**
2002     * {@inheritDoc}
2003     */
2004    public String getRequireChangeByTime() {
2005      return impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
2006    }
2007
2008
2009
2010    /**
2011     * {@inheritDoc}
2012     */
2013    public void setRequireChangeByTime(String value) {
2014      impl.setPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition(), value);
2015    }
2016
2017
2018
2019    /**
2020     * {@inheritDoc}
2021     */
2022    public boolean isRequireSecureAuthentication() {
2023      return impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
2024    }
2025
2026
2027
2028    /**
2029     * {@inheritDoc}
2030     */
2031    public void setRequireSecureAuthentication(Boolean value) {
2032      impl.setPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition(), value);
2033    }
2034
2035
2036
2037    /**
2038     * {@inheritDoc}
2039     */
2040    public boolean isRequireSecurePasswordChanges() {
2041      return impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
2042    }
2043
2044
2045
2046    /**
2047     * {@inheritDoc}
2048     */
2049    public void setRequireSecurePasswordChanges(Boolean value) {
2050      impl.setPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition(), value);
2051    }
2052
2053
2054
2055    /**
2056     * {@inheritDoc}
2057     */
2058    public boolean isSkipValidationForAdministrators() {
2059      return impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2060    }
2061
2062
2063
2064    /**
2065     * {@inheritDoc}
2066     */
2067    public void setSkipValidationForAdministrators(Boolean value) {
2068      impl.setPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition(), value);
2069    }
2070
2071
2072
2073    /**
2074     * {@inheritDoc}
2075     */
2076    public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2077      return impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2078    }
2079
2080
2081
2082    /**
2083     * {@inheritDoc}
2084     */
2085    public void setStateUpdateFailurePolicy(StateUpdateFailurePolicy value) {
2086      impl.setPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition(), value);
2087    }
2088
2089
2090
2091    /**
2092     * {@inheritDoc}
2093     */
2094    public ManagedObjectDefinition<? extends PasswordPolicyCfgClient, ? extends PasswordPolicyCfg> definition() {
2095      return INSTANCE;
2096    }
2097
2098
2099
2100    /**
2101     * {@inheritDoc}
2102     */
2103    public PropertyProvider properties() {
2104      return impl;
2105    }
2106
2107
2108
2109    /**
2110     * {@inheritDoc}
2111     */
2112    public void commit() throws ManagedObjectAlreadyExistsException,
2113        MissingMandatoryPropertiesException, ConcurrentModificationException,
2114        OperationRejectedException, AuthorizationException,
2115        CommunicationException {
2116      impl.commit();
2117    }
2118
2119  }
2120
2121
2122
2123  /**
2124   * Managed object server implementation.
2125   */
2126  private static class PasswordPolicyCfgServerImpl implements
2127    PasswordPolicyCfg {
2128
2129    // Private implementation.
2130    private ServerManagedObject<? extends PasswordPolicyCfg> impl;
2131
2132    // The value of the "account-status-notification-handler" property.
2133    private final SortedSet<String> pAccountStatusNotificationHandler;
2134
2135    // The value of the "allow-expired-password-changes" property.
2136    private final boolean pAllowExpiredPasswordChanges;
2137
2138    // The value of the "allow-multiple-password-values" property.
2139    private final boolean pAllowMultiplePasswordValues;
2140
2141    // The value of the "allow-pre-encoded-passwords" property.
2142    private final boolean pAllowPreEncodedPasswords;
2143
2144    // The value of the "allow-user-password-changes" property.
2145    private final boolean pAllowUserPasswordChanges;
2146
2147    // The value of the "default-password-storage-scheme" property.
2148    private final SortedSet<String> pDefaultPasswordStorageScheme;
2149
2150    // The value of the "deprecated-password-storage-scheme" property.
2151    private final SortedSet<String> pDeprecatedPasswordStorageScheme;
2152
2153    // The value of the "expire-passwords-without-warning" property.
2154    private final boolean pExpirePasswordsWithoutWarning;
2155
2156    // The value of the "force-change-on-add" property.
2157    private final boolean pForceChangeOnAdd;
2158
2159    // The value of the "force-change-on-reset" property.
2160    private final boolean pForceChangeOnReset;
2161
2162    // The value of the "grace-login-count" property.
2163    private final int pGraceLoginCount;
2164
2165    // The value of the "idle-lockout-interval" property.
2166    private final long pIdleLockoutInterval;
2167
2168    // The value of the "java-class" property.
2169    private final String pJavaClass;
2170
2171    // The value of the "last-login-time-attribute" property.
2172    private final AttributeType pLastLoginTimeAttribute;
2173
2174    // The value of the "last-login-time-format" property.
2175    private final String pLastLoginTimeFormat;
2176
2177    // The value of the "lockout-duration" property.
2178    private final long pLockoutDuration;
2179
2180    // The value of the "lockout-failure-count" property.
2181    private final int pLockoutFailureCount;
2182
2183    // The value of the "lockout-failure-expiration-interval" property.
2184    private final long pLockoutFailureExpirationInterval;
2185
2186    // The value of the "max-password-age" property.
2187    private final long pMaxPasswordAge;
2188
2189    // The value of the "max-password-reset-age" property.
2190    private final long pMaxPasswordResetAge;
2191
2192    // The value of the "min-password-age" property.
2193    private final long pMinPasswordAge;
2194
2195    // The value of the "password-attribute" property.
2196    private final AttributeType pPasswordAttribute;
2197
2198    // The value of the "password-change-requires-current-password" property.
2199    private final boolean pPasswordChangeRequiresCurrentPassword;
2200
2201    // The value of the "password-expiration-warning-interval" property.
2202    private final long pPasswordExpirationWarningInterval;
2203
2204    // The value of the "password-generator" property.
2205    private final String pPasswordGenerator;
2206
2207    // The value of the "password-history-count" property.
2208    private final int pPasswordHistoryCount;
2209
2210    // The value of the "password-history-duration" property.
2211    private final long pPasswordHistoryDuration;
2212
2213    // The value of the "password-validator" property.
2214    private final SortedSet<String> pPasswordValidator;
2215
2216    // The value of the "previous-last-login-time-format" property.
2217    private final SortedSet<String> pPreviousLastLoginTimeFormat;
2218
2219    // The value of the "require-change-by-time" property.
2220    private final String pRequireChangeByTime;
2221
2222    // The value of the "require-secure-authentication" property.
2223    private final boolean pRequireSecureAuthentication;
2224
2225    // The value of the "require-secure-password-changes" property.
2226    private final boolean pRequireSecurePasswordChanges;
2227
2228    // The value of the "skip-validation-for-administrators" property.
2229    private final boolean pSkipValidationForAdministrators;
2230
2231    // The value of the "state-update-failure-policy" property.
2232    private final StateUpdateFailurePolicy pStateUpdateFailurePolicy;
2233
2234
2235
2236    // Private constructor.
2237    private PasswordPolicyCfgServerImpl(ServerManagedObject<? extends PasswordPolicyCfg> impl) {
2238      this.impl = impl;
2239      this.pAccountStatusNotificationHandler = impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
2240      this.pAllowExpiredPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
2241      this.pAllowMultiplePasswordValues = impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
2242      this.pAllowPreEncodedPasswords = impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
2243      this.pAllowUserPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
2244      this.pDefaultPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
2245      this.pDeprecatedPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
2246      this.pExpirePasswordsWithoutWarning = impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
2247      this.pForceChangeOnAdd = impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
2248      this.pForceChangeOnReset = impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
2249      this.pGraceLoginCount = impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
2250      this.pIdleLockoutInterval = impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
2251      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
2252      this.pLastLoginTimeAttribute = impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
2253      this.pLastLoginTimeFormat = impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
2254      this.pLockoutDuration = impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
2255      this.pLockoutFailureCount = impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
2256      this.pLockoutFailureExpirationInterval = impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
2257      this.pMaxPasswordAge = impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
2258      this.pMaxPasswordResetAge = impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
2259      this.pMinPasswordAge = impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
2260      this.pPasswordAttribute = impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
2261      this.pPasswordChangeRequiresCurrentPassword = impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
2262      this.pPasswordExpirationWarningInterval = impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
2263      this.pPasswordGenerator = impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
2264      this.pPasswordHistoryCount = impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
2265      this.pPasswordHistoryDuration = impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
2266      this.pPasswordValidator = impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
2267      this.pPreviousLastLoginTimeFormat = impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
2268      this.pRequireChangeByTime = impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
2269      this.pRequireSecureAuthentication = impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
2270      this.pRequireSecurePasswordChanges = impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
2271      this.pSkipValidationForAdministrators = impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2272      this.pStateUpdateFailurePolicy = impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2273    }
2274
2275
2276
2277    /**
2278     * {@inheritDoc}
2279     */
2280    public void addPasswordPolicyChangeListener(
2281        ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2282      impl.registerChangeListener(listener);
2283    }
2284
2285
2286
2287    /**
2288     * {@inheritDoc}
2289     */
2290    public void removePasswordPolicyChangeListener(
2291        ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2292      impl.deregisterChangeListener(listener);
2293    }
2294    /**
2295     * {@inheritDoc}
2296     */
2297    public void addChangeListener(
2298        ConfigurationChangeListener<AuthenticationPolicyCfg> listener) {
2299      impl.registerChangeListener(listener);
2300    }
2301
2302
2303
2304    /**
2305     * {@inheritDoc}
2306     */
2307    public void removeChangeListener(
2308        ConfigurationChangeListener<AuthenticationPolicyCfg> listener) {
2309      impl.deregisterChangeListener(listener);
2310    }
2311
2312
2313
2314    /**
2315     * {@inheritDoc}
2316     */
2317    public SortedSet<String> getAccountStatusNotificationHandler() {
2318      return pAccountStatusNotificationHandler;
2319    }
2320
2321
2322
2323    /**
2324     * {@inheritDoc}
2325     */
2326    public SortedSet<DN> getAccountStatusNotificationHandlerDNs() {
2327      SortedSet<String> values = getAccountStatusNotificationHandler();
2328      SortedSet<DN> dnValues = new TreeSet<DN>();
2329      for (String value : values) {
2330        DN dn = INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition().getChildDN(value);
2331        dnValues.add(dn);
2332      }
2333      return dnValues;
2334    }
2335
2336
2337
2338    /**
2339     * {@inheritDoc}
2340     */
2341    public boolean isAllowExpiredPasswordChanges() {
2342      return pAllowExpiredPasswordChanges;
2343    }
2344
2345
2346
2347    /**
2348     * {@inheritDoc}
2349     */
2350    public boolean isAllowMultiplePasswordValues() {
2351      return pAllowMultiplePasswordValues;
2352    }
2353
2354
2355
2356    /**
2357     * {@inheritDoc}
2358     */
2359    public boolean isAllowPreEncodedPasswords() {
2360      return pAllowPreEncodedPasswords;
2361    }
2362
2363
2364
2365    /**
2366     * {@inheritDoc}
2367     */
2368    public boolean isAllowUserPasswordChanges() {
2369      return pAllowUserPasswordChanges;
2370    }
2371
2372
2373
2374    /**
2375     * {@inheritDoc}
2376     */
2377    public SortedSet<String> getDefaultPasswordStorageScheme() {
2378      return pDefaultPasswordStorageScheme;
2379    }
2380
2381
2382
2383    /**
2384     * {@inheritDoc}
2385     */
2386    public SortedSet<DN> getDefaultPasswordStorageSchemeDNs() {
2387      SortedSet<String> values = getDefaultPasswordStorageScheme();
2388      SortedSet<DN> dnValues = new TreeSet<DN>();
2389      for (String value : values) {
2390        DN dn = INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition().getChildDN(value);
2391        dnValues.add(dn);
2392      }
2393      return dnValues;
2394    }
2395
2396
2397
2398    /**
2399     * {@inheritDoc}
2400     */
2401    public SortedSet<String> getDeprecatedPasswordStorageScheme() {
2402      return pDeprecatedPasswordStorageScheme;
2403    }
2404
2405
2406
2407    /**
2408     * {@inheritDoc}
2409     */
2410    public SortedSet<DN> getDeprecatedPasswordStorageSchemeDNs() {
2411      SortedSet<String> values = getDeprecatedPasswordStorageScheme();
2412      SortedSet<DN> dnValues = new TreeSet<DN>();
2413      for (String value : values) {
2414        DN dn = INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition().getChildDN(value);
2415        dnValues.add(dn);
2416      }
2417      return dnValues;
2418    }
2419
2420
2421
2422    /**
2423     * {@inheritDoc}
2424     */
2425    public boolean isExpirePasswordsWithoutWarning() {
2426      return pExpirePasswordsWithoutWarning;
2427    }
2428
2429
2430
2431    /**
2432     * {@inheritDoc}
2433     */
2434    public boolean isForceChangeOnAdd() {
2435      return pForceChangeOnAdd;
2436    }
2437
2438
2439
2440    /**
2441     * {@inheritDoc}
2442     */
2443    public boolean isForceChangeOnReset() {
2444      return pForceChangeOnReset;
2445    }
2446
2447
2448
2449    /**
2450     * {@inheritDoc}
2451     */
2452    public int getGraceLoginCount() {
2453      return pGraceLoginCount;
2454    }
2455
2456
2457
2458    /**
2459     * {@inheritDoc}
2460     */
2461    public long getIdleLockoutInterval() {
2462      return pIdleLockoutInterval;
2463    }
2464
2465
2466
2467    /**
2468     * {@inheritDoc}
2469     */
2470    public String getJavaClass() {
2471      return pJavaClass;
2472    }
2473
2474
2475
2476    /**
2477     * {@inheritDoc}
2478     */
2479    public AttributeType getLastLoginTimeAttribute() {
2480      return pLastLoginTimeAttribute;
2481    }
2482
2483
2484
2485    /**
2486     * {@inheritDoc}
2487     */
2488    public String getLastLoginTimeFormat() {
2489      return pLastLoginTimeFormat;
2490    }
2491
2492
2493
2494    /**
2495     * {@inheritDoc}
2496     */
2497    public long getLockoutDuration() {
2498      return pLockoutDuration;
2499    }
2500
2501
2502
2503    /**
2504     * {@inheritDoc}
2505     */
2506    public int getLockoutFailureCount() {
2507      return pLockoutFailureCount;
2508    }
2509
2510
2511
2512    /**
2513     * {@inheritDoc}
2514     */
2515    public long getLockoutFailureExpirationInterval() {
2516      return pLockoutFailureExpirationInterval;
2517    }
2518
2519
2520
2521    /**
2522     * {@inheritDoc}
2523     */
2524    public long getMaxPasswordAge() {
2525      return pMaxPasswordAge;
2526    }
2527
2528
2529
2530    /**
2531     * {@inheritDoc}
2532     */
2533    public long getMaxPasswordResetAge() {
2534      return pMaxPasswordResetAge;
2535    }
2536
2537
2538
2539    /**
2540     * {@inheritDoc}
2541     */
2542    public long getMinPasswordAge() {
2543      return pMinPasswordAge;
2544    }
2545
2546
2547
2548    /**
2549     * {@inheritDoc}
2550     */
2551    public AttributeType getPasswordAttribute() {
2552      return pPasswordAttribute;
2553    }
2554
2555
2556
2557    /**
2558     * {@inheritDoc}
2559     */
2560    public boolean isPasswordChangeRequiresCurrentPassword() {
2561      return pPasswordChangeRequiresCurrentPassword;
2562    }
2563
2564
2565
2566    /**
2567     * {@inheritDoc}
2568     */
2569    public long getPasswordExpirationWarningInterval() {
2570      return pPasswordExpirationWarningInterval;
2571    }
2572
2573
2574
2575    /**
2576     * {@inheritDoc}
2577     */
2578    public String getPasswordGenerator() {
2579      return pPasswordGenerator;
2580    }
2581
2582
2583
2584    /**
2585     * {@inheritDoc}
2586     */
2587    public DN getPasswordGeneratorDN() {
2588      String value = getPasswordGenerator();
2589      if (value == null) return null;
2590      return INSTANCE.getPasswordGeneratorPropertyDefinition().getChildDN(value);
2591    }
2592
2593
2594
2595    /**
2596     * {@inheritDoc}
2597     */
2598    public int getPasswordHistoryCount() {
2599      return pPasswordHistoryCount;
2600    }
2601
2602
2603
2604    /**
2605     * {@inheritDoc}
2606     */
2607    public long getPasswordHistoryDuration() {
2608      return pPasswordHistoryDuration;
2609    }
2610
2611
2612
2613    /**
2614     * {@inheritDoc}
2615     */
2616    public SortedSet<String> getPasswordValidator() {
2617      return pPasswordValidator;
2618    }
2619
2620
2621
2622    /**
2623     * {@inheritDoc}
2624     */
2625    public SortedSet<DN> getPasswordValidatorDNs() {
2626      SortedSet<String> values = getPasswordValidator();
2627      SortedSet<DN> dnValues = new TreeSet<DN>();
2628      for (String value : values) {
2629        DN dn = INSTANCE.getPasswordValidatorPropertyDefinition().getChildDN(value);
2630        dnValues.add(dn);
2631      }
2632      return dnValues;
2633    }
2634
2635
2636
2637    /**
2638     * {@inheritDoc}
2639     */
2640    public SortedSet<String> getPreviousLastLoginTimeFormat() {
2641      return pPreviousLastLoginTimeFormat;
2642    }
2643
2644
2645
2646    /**
2647     * {@inheritDoc}
2648     */
2649    public String getRequireChangeByTime() {
2650      return pRequireChangeByTime;
2651    }
2652
2653
2654
2655    /**
2656     * {@inheritDoc}
2657     */
2658    public boolean isRequireSecureAuthentication() {
2659      return pRequireSecureAuthentication;
2660    }
2661
2662
2663
2664    /**
2665     * {@inheritDoc}
2666     */
2667    public boolean isRequireSecurePasswordChanges() {
2668      return pRequireSecurePasswordChanges;
2669    }
2670
2671
2672
2673    /**
2674     * {@inheritDoc}
2675     */
2676    public boolean isSkipValidationForAdministrators() {
2677      return pSkipValidationForAdministrators;
2678    }
2679
2680
2681
2682    /**
2683     * {@inheritDoc}
2684     */
2685    public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2686      return pStateUpdateFailurePolicy;
2687    }
2688
2689
2690
2691    /**
2692     * {@inheritDoc}
2693     */
2694    public Class<? extends PasswordPolicyCfg> configurationClass() {
2695      return PasswordPolicyCfg.class;
2696    }
2697
2698
2699
2700    /**
2701     * {@inheritDoc}
2702     */
2703    public DN dn() {
2704      return impl.getDN();
2705    }
2706
2707  }
2708}