001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 */
026package org.forgerock.opendj.server.config.meta;
027
028
029
030import java.util.Collection;
031import java.util.SortedSet;
032import java.util.TreeSet;
033import org.forgerock.opendj.config.AdministratorAction;
034import org.forgerock.opendj.config.AggregationPropertyDefinition;
035import org.forgerock.opendj.config.AttributeTypePropertyDefinition;
036import org.forgerock.opendj.config.BooleanPropertyDefinition;
037import org.forgerock.opendj.config.ClassPropertyDefinition;
038import org.forgerock.opendj.config.client.ConcurrentModificationException;
039import org.forgerock.opendj.config.client.ManagedObject;
040import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException;
041import org.forgerock.opendj.config.client.OperationRejectedException;
042import org.forgerock.opendj.config.conditions.Conditions;
043import org.forgerock.opendj.config.DefaultBehaviorProvider;
044import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider;
045import org.forgerock.opendj.config.DurationPropertyDefinition;
046import org.forgerock.opendj.config.EnumPropertyDefinition;
047import org.forgerock.opendj.config.IntegerPropertyDefinition;
048import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException;
049import org.forgerock.opendj.config.ManagedObjectDefinition;
050import org.forgerock.opendj.config.PropertyOption;
051import org.forgerock.opendj.config.PropertyProvider;
052import org.forgerock.opendj.config.server.ConfigurationChangeListener;
053import org.forgerock.opendj.config.server.ServerManagedObject;
054import org.forgerock.opendj.config.StringPropertyDefinition;
055import org.forgerock.opendj.config.Tag;
056import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider;
057import org.forgerock.opendj.ldap.DN;
058import org.forgerock.opendj.ldap.LdapException;
059import org.forgerock.opendj.ldap.schema.AttributeType;
060import org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient;
061import org.forgerock.opendj.server.config.client.PasswordGeneratorCfgClient;
062import org.forgerock.opendj.server.config.client.PasswordPolicyCfgClient;
063import org.forgerock.opendj.server.config.client.PasswordStorageSchemeCfgClient;
064import org.forgerock.opendj.server.config.client.PasswordValidatorCfgClient;
065import org.forgerock.opendj.server.config.server.AccountStatusNotificationHandlerCfg;
066import org.forgerock.opendj.server.config.server.AuthenticationPolicyCfg;
067import org.forgerock.opendj.server.config.server.PasswordGeneratorCfg;
068import org.forgerock.opendj.server.config.server.PasswordPolicyCfg;
069import org.forgerock.opendj.server.config.server.PasswordStorageSchemeCfg;
070import org.forgerock.opendj.server.config.server.PasswordValidatorCfg;
071
072
073
074/**
075 * An interface for querying the Password Policy managed object
076 * definition meta information.
077 * <p>
078 * Password Policies define a number of password management rules, as
079 * well as requirements for authentication processing.
080 */
081public final class PasswordPolicyCfgDefn extends ManagedObjectDefinition<PasswordPolicyCfgClient, PasswordPolicyCfg> {
082
083  // The singleton configuration definition instance.
084  private static final PasswordPolicyCfgDefn INSTANCE = new PasswordPolicyCfgDefn();
085
086
087
088  /**
089   * Defines the set of permissable values for the "state-update-failure-policy" property.
090   * <p>
091   * Specifies how the server deals with the inability to update
092   * password policy state information during an authentication
093   * attempt.
094   * <p>
095   * In particular, this property can be used to control whether an
096   * otherwise successful bind operation fails if a failure occurs
097   * while attempting to update password policy state information (for
098   * example, to clear a record of previous authentication failures or
099   * to update the last login time). It can also be used to control
100   * whether to reject a bind request if it is known ahead of time that
101   * it will not be possible to update the authentication failure times
102   * in the event of an unsuccessful bind attempt (for example, if the
103   * backend writability mode is disabled).
104   */
105  public static enum StateUpdateFailurePolicy {
106
107    /**
108     * If a bind attempt would otherwise be successful, then do not
109     * reject it if a problem occurs while attempting to update the
110     * password policy state information for the user.
111     */
112    IGNORE("ignore"),
113
114
115
116    /**
117     * Proactively reject any bind attempt if it is known ahead of
118     * time that it would not be possible to update the user's password
119     * policy state information.
120     */
121    PROACTIVE("proactive"),
122
123
124
125    /**
126     * Even if a bind attempt would otherwise be successful, reject it
127     * if a problem occurs while attempting to update the password
128     * policy state information for the user.
129     */
130    REACTIVE("reactive");
131
132
133
134    // String representation of the value.
135    private final String name;
136
137
138
139    // Private constructor.
140    private StateUpdateFailurePolicy(String name) { this.name = name; }
141
142
143
144    /**
145     * {@inheritDoc}
146     */
147    public String toString() { return name; }
148
149  }
150
151
152
153  // The "account-status-notification-handler" property definition.
154  private static final AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
155
156
157
158  // The "allow-expired-password-changes" property definition.
159  private static final BooleanPropertyDefinition PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
160
161
162
163  // The "allow-multiple-password-values" property definition.
164  private static final BooleanPropertyDefinition PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
165
166
167
168  // The "allow-pre-encoded-passwords" property definition.
169  private static final BooleanPropertyDefinition PD_ALLOW_PRE_ENCODED_PASSWORDS;
170
171
172
173  // The "allow-user-password-changes" property definition.
174  private static final BooleanPropertyDefinition PD_ALLOW_USER_PASSWORD_CHANGES;
175
176
177
178  // The "default-password-storage-scheme" property definition.
179  private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
180
181
182
183  // The "deprecated-password-storage-scheme" property definition.
184  private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
185
186
187
188  // The "expire-passwords-without-warning" property definition.
189  private static final BooleanPropertyDefinition PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
190
191
192
193  // The "force-change-on-add" property definition.
194  private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_ADD;
195
196
197
198  // The "force-change-on-reset" property definition.
199  private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_RESET;
200
201
202
203  // The "grace-login-count" property definition.
204  private static final IntegerPropertyDefinition PD_GRACE_LOGIN_COUNT;
205
206
207
208  // The "idle-lockout-interval" property definition.
209  private static final DurationPropertyDefinition PD_IDLE_LOCKOUT_INTERVAL;
210
211
212
213  // The "java-class" property definition.
214  private static final ClassPropertyDefinition PD_JAVA_CLASS;
215
216
217
218  // The "last-login-time-attribute" property definition.
219  private static final AttributeTypePropertyDefinition PD_LAST_LOGIN_TIME_ATTRIBUTE;
220
221
222
223  // The "last-login-time-format" property definition.
224  private static final StringPropertyDefinition PD_LAST_LOGIN_TIME_FORMAT;
225
226
227
228  // The "lockout-duration" property definition.
229  private static final DurationPropertyDefinition PD_LOCKOUT_DURATION;
230
231
232
233  // The "lockout-failure-count" property definition.
234  private static final IntegerPropertyDefinition PD_LOCKOUT_FAILURE_COUNT;
235
236
237
238  // The "lockout-failure-expiration-interval" property definition.
239  private static final DurationPropertyDefinition PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
240
241
242
243  // The "max-password-age" property definition.
244  private static final DurationPropertyDefinition PD_MAX_PASSWORD_AGE;
245
246
247
248  // The "max-password-reset-age" property definition.
249  private static final DurationPropertyDefinition PD_MAX_PASSWORD_RESET_AGE;
250
251
252
253  // The "min-password-age" property definition.
254  private static final DurationPropertyDefinition PD_MIN_PASSWORD_AGE;
255
256
257
258  // The "password-attribute" property definition.
259  private static final AttributeTypePropertyDefinition PD_PASSWORD_ATTRIBUTE;
260
261
262
263  // The "password-change-requires-current-password" property definition.
264  private static final BooleanPropertyDefinition PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
265
266
267
268  // The "password-expiration-warning-interval" property definition.
269  private static final DurationPropertyDefinition PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
270
271
272
273  // The "password-generator" property definition.
274  private static final AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> PD_PASSWORD_GENERATOR;
275
276
277
278  // The "password-history-count" property definition.
279  private static final IntegerPropertyDefinition PD_PASSWORD_HISTORY_COUNT;
280
281
282
283  // The "password-history-duration" property definition.
284  private static final DurationPropertyDefinition PD_PASSWORD_HISTORY_DURATION;
285
286
287
288  // The "password-validator" property definition.
289  private static final AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> PD_PASSWORD_VALIDATOR;
290
291
292
293  // The "previous-last-login-time-format" property definition.
294  private static final StringPropertyDefinition PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
295
296
297
298  // The "require-change-by-time" property definition.
299  private static final StringPropertyDefinition PD_REQUIRE_CHANGE_BY_TIME;
300
301
302
303  // The "require-secure-authentication" property definition.
304  private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_AUTHENTICATION;
305
306
307
308  // The "require-secure-password-changes" property definition.
309  private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_PASSWORD_CHANGES;
310
311
312
313  // The "skip-validation-for-administrators" property definition.
314  private static final BooleanPropertyDefinition PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
315
316
317
318  // The "state-update-failure-policy" property definition.
319  private static final EnumPropertyDefinition<StateUpdateFailurePolicy> PD_STATE_UPDATE_FAILURE_POLICY;
320
321
322
323  // Build the "account-status-notification-handler" property definition.
324  static {
325      AggregationPropertyDefinition.Builder<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "account-status-notification-handler");
326      builder.setOption(PropertyOption.MULTI_VALUED);
327      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "account-status-notification-handler"));
328      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
329      builder.setParentPath("/");
330      builder.setRelationDefinition("account-status-notification-handler");
331      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
332      PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER = builder.getInstance();
333      INSTANCE.registerPropertyDefinition(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER);
334      INSTANCE.registerConstraint(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER.getSourceConstraint());
335  }
336
337
338
339  // Build the "allow-expired-password-changes" property definition.
340  static {
341      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-expired-password-changes");
342      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-expired-password-changes"));
343      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
344      builder.setDefaultBehaviorProvider(provider);
345      PD_ALLOW_EXPIRED_PASSWORD_CHANGES = builder.getInstance();
346      INSTANCE.registerPropertyDefinition(PD_ALLOW_EXPIRED_PASSWORD_CHANGES);
347  }
348
349
350
351  // Build the "allow-multiple-password-values" property definition.
352  static {
353      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-multiple-password-values");
354      builder.setOption(PropertyOption.ADVANCED);
355      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-multiple-password-values"));
356      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
357      builder.setDefaultBehaviorProvider(provider);
358      PD_ALLOW_MULTIPLE_PASSWORD_VALUES = builder.getInstance();
359      INSTANCE.registerPropertyDefinition(PD_ALLOW_MULTIPLE_PASSWORD_VALUES);
360  }
361
362
363
364  // Build the "allow-pre-encoded-passwords" property definition.
365  static {
366      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-pre-encoded-passwords");
367      builder.setOption(PropertyOption.ADVANCED);
368      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-pre-encoded-passwords"));
369      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
370      builder.setDefaultBehaviorProvider(provider);
371      PD_ALLOW_PRE_ENCODED_PASSWORDS = builder.getInstance();
372      INSTANCE.registerPropertyDefinition(PD_ALLOW_PRE_ENCODED_PASSWORDS);
373  }
374
375
376
377  // Build the "allow-user-password-changes" property definition.
378  static {
379      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-user-password-changes");
380      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-user-password-changes"));
381      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true");
382      builder.setDefaultBehaviorProvider(provider);
383      PD_ALLOW_USER_PASSWORD_CHANGES = builder.getInstance();
384      INSTANCE.registerPropertyDefinition(PD_ALLOW_USER_PASSWORD_CHANGES);
385  }
386
387
388
389  // Build the "default-password-storage-scheme" property definition.
390  static {
391      AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "default-password-storage-scheme");
392      builder.setOption(PropertyOption.MULTI_VALUED);
393      builder.setOption(PropertyOption.MANDATORY);
394      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-password-storage-scheme"));
395      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
396      builder.setParentPath("/");
397      builder.setRelationDefinition("password-storage-scheme");
398      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
399      PD_DEFAULT_PASSWORD_STORAGE_SCHEME = builder.getInstance();
400      INSTANCE.registerPropertyDefinition(PD_DEFAULT_PASSWORD_STORAGE_SCHEME);
401      INSTANCE.registerConstraint(PD_DEFAULT_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
402  }
403
404
405
406  // Build the "deprecated-password-storage-scheme" property definition.
407  static {
408      AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "deprecated-password-storage-scheme");
409      builder.setOption(PropertyOption.MULTI_VALUED);
410      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "deprecated-password-storage-scheme"));
411      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
412      builder.setParentPath("/");
413      builder.setRelationDefinition("password-storage-scheme");
414      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
415      PD_DEPRECATED_PASSWORD_STORAGE_SCHEME = builder.getInstance();
416      INSTANCE.registerPropertyDefinition(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME);
417      INSTANCE.registerConstraint(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME.getSourceConstraint());
418  }
419
420
421
422  // Build the "expire-passwords-without-warning" property definition.
423  static {
424      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "expire-passwords-without-warning");
425      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "expire-passwords-without-warning"));
426      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
427      builder.setDefaultBehaviorProvider(provider);
428      PD_EXPIRE_PASSWORDS_WITHOUT_WARNING = builder.getInstance();
429      INSTANCE.registerPropertyDefinition(PD_EXPIRE_PASSWORDS_WITHOUT_WARNING);
430  }
431
432
433
434  // Build the "force-change-on-add" property definition.
435  static {
436      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-add");
437      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-add"));
438      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
439      builder.setDefaultBehaviorProvider(provider);
440      PD_FORCE_CHANGE_ON_ADD = builder.getInstance();
441      INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_ADD);
442  }
443
444
445
446  // Build the "force-change-on-reset" property definition.
447  static {
448      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-reset");
449      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-reset"));
450      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
451      builder.setDefaultBehaviorProvider(provider);
452      PD_FORCE_CHANGE_ON_RESET = builder.getInstance();
453      INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_RESET);
454  }
455
456
457
458  // Build the "grace-login-count" property definition.
459  static {
460      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "grace-login-count");
461      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "grace-login-count"));
462      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
463      builder.setDefaultBehaviorProvider(provider);
464      builder.setUpperLimit(2147483647);
465      builder.setLowerLimit(0);
466      PD_GRACE_LOGIN_COUNT = builder.getInstance();
467      INSTANCE.registerPropertyDefinition(PD_GRACE_LOGIN_COUNT);
468  }
469
470
471
472  // Build the "idle-lockout-interval" property definition.
473  static {
474      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "idle-lockout-interval");
475      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "idle-lockout-interval"));
476      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
477      builder.setDefaultBehaviorProvider(provider);
478      builder.setUpperLimit("2147483647");
479      builder.setLowerLimit("0");
480      PD_IDLE_LOCKOUT_INTERVAL = builder.getInstance();
481      INSTANCE.registerPropertyDefinition(PD_IDLE_LOCKOUT_INTERVAL);
482  }
483
484
485
486  // Build the "java-class" property definition.
487  static {
488      ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class");
489      builder.setOption(PropertyOption.MANDATORY);
490      builder.setOption(PropertyOption.ADVANCED);
491      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class"));
492      DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.core.PasswordPolicyFactory");
493      builder.setDefaultBehaviorProvider(provider);
494      builder.addInstanceOf("org.opends.server.api.AuthenticationPolicyFactory");
495      PD_JAVA_CLASS = builder.getInstance();
496      INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS);
497  }
498
499
500
501  // Build the "last-login-time-attribute" property definition.
502  static {
503      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "last-login-time-attribute");
504      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-attribute"));
505      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
506      PD_LAST_LOGIN_TIME_ATTRIBUTE = builder.getInstance();
507      INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_ATTRIBUTE);
508  }
509
510
511
512  // Build the "last-login-time-format" property definition.
513  static {
514      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "last-login-time-format");
515      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-format"));
516      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
517      builder.setPattern(".*", "STRING");
518      PD_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
519      INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_FORMAT);
520  }
521
522
523
524  // Build the "lockout-duration" property definition.
525  static {
526      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-duration");
527      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-duration"));
528      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
529      builder.setDefaultBehaviorProvider(provider);
530      builder.setBaseUnit("s");
531      builder.setUpperLimit("2147483647");
532      builder.setLowerLimit("0");
533      PD_LOCKOUT_DURATION = builder.getInstance();
534      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_DURATION);
535  }
536
537
538
539  // Build the "lockout-failure-count" property definition.
540  static {
541      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-count");
542      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-count"));
543      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
544      builder.setDefaultBehaviorProvider(provider);
545      builder.setUpperLimit(2147483647);
546      builder.setLowerLimit(0);
547      PD_LOCKOUT_FAILURE_COUNT = builder.getInstance();
548      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_COUNT);
549  }
550
551
552
553  // Build the "lockout-failure-expiration-interval" property definition.
554  static {
555      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-expiration-interval");
556      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-expiration-interval"));
557      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
558      builder.setDefaultBehaviorProvider(provider);
559      builder.setBaseUnit("s");
560      builder.setUpperLimit("2147483647");
561      builder.setLowerLimit("0");
562      PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL = builder.getInstance();
563      INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL);
564  }
565
566
567
568  // Build the "max-password-age" property definition.
569  static {
570      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-age");
571      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-age"));
572      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
573      builder.setDefaultBehaviorProvider(provider);
574      builder.setBaseUnit("s");
575      builder.setUpperLimit("2147483647");
576      builder.setLowerLimit("0");
577      PD_MAX_PASSWORD_AGE = builder.getInstance();
578      INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_AGE);
579  }
580
581
582
583  // Build the "max-password-reset-age" property definition.
584  static {
585      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-reset-age");
586      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-reset-age"));
587      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
588      builder.setDefaultBehaviorProvider(provider);
589      builder.setBaseUnit("s");
590      builder.setUpperLimit("2147483647");
591      builder.setLowerLimit("0");
592      PD_MAX_PASSWORD_RESET_AGE = builder.getInstance();
593      INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_RESET_AGE);
594  }
595
596
597
598  // Build the "min-password-age" property definition.
599  static {
600      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "min-password-age");
601      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-password-age"));
602      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
603      builder.setDefaultBehaviorProvider(provider);
604      builder.setBaseUnit("s");
605      builder.setUpperLimit("2147483647");
606      builder.setLowerLimit("0");
607      PD_MIN_PASSWORD_AGE = builder.getInstance();
608      INSTANCE.registerPropertyDefinition(PD_MIN_PASSWORD_AGE);
609  }
610
611
612
613  // Build the "password-attribute" property definition.
614  static {
615      AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "password-attribute");
616      builder.setOption(PropertyOption.MANDATORY);
617      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-attribute"));
618      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>());
619      PD_PASSWORD_ATTRIBUTE = builder.getInstance();
620      INSTANCE.registerPropertyDefinition(PD_PASSWORD_ATTRIBUTE);
621  }
622
623
624
625  // Build the "password-change-requires-current-password" property definition.
626  static {
627      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "password-change-requires-current-password");
628      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-change-requires-current-password"));
629      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
630      builder.setDefaultBehaviorProvider(provider);
631      PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD = builder.getInstance();
632      INSTANCE.registerPropertyDefinition(PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD);
633  }
634
635
636
637  // Build the "password-expiration-warning-interval" property definition.
638  static {
639      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-expiration-warning-interval");
640      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-expiration-warning-interval"));
641      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("5 days");
642      builder.setDefaultBehaviorProvider(provider);
643      PD_PASSWORD_EXPIRATION_WARNING_INTERVAL = builder.getInstance();
644      INSTANCE.registerPropertyDefinition(PD_PASSWORD_EXPIRATION_WARNING_INTERVAL);
645  }
646
647
648
649  // Build the "password-generator" property definition.
650  static {
651      AggregationPropertyDefinition.Builder<PasswordGeneratorCfgClient, PasswordGeneratorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-generator");
652      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-generator"));
653      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
654      builder.setParentPath("/");
655      builder.setRelationDefinition("password-generator");
656      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
657      PD_PASSWORD_GENERATOR = builder.getInstance();
658      INSTANCE.registerPropertyDefinition(PD_PASSWORD_GENERATOR);
659      INSTANCE.registerConstraint(PD_PASSWORD_GENERATOR.getSourceConstraint());
660  }
661
662
663
664  // Build the "password-history-count" property definition.
665  static {
666      IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "password-history-count");
667      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-count"));
668      DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0");
669      builder.setDefaultBehaviorProvider(provider);
670      builder.setUpperLimit(2147483647);
671      builder.setLowerLimit(0);
672      PD_PASSWORD_HISTORY_COUNT = builder.getInstance();
673      INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_COUNT);
674  }
675
676
677
678  // Build the "password-history-duration" property definition.
679  static {
680      DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-history-duration");
681      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-duration"));
682      DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds");
683      builder.setDefaultBehaviorProvider(provider);
684      builder.setAllowUnlimited(false);
685      builder.setBaseUnit("s");
686      builder.setUpperLimit("2147483647");
687      builder.setLowerLimit("0");
688      PD_PASSWORD_HISTORY_DURATION = builder.getInstance();
689      INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_DURATION);
690  }
691
692
693
694  // Build the "password-validator" property definition.
695  static {
696      AggregationPropertyDefinition.Builder<PasswordValidatorCfgClient, PasswordValidatorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-validator");
697      builder.setOption(PropertyOption.MULTI_VALUED);
698      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-validator"));
699      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
700      builder.setParentPath("/");
701      builder.setRelationDefinition("password-validator");
702      builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true"));
703      PD_PASSWORD_VALIDATOR = builder.getInstance();
704      INSTANCE.registerPropertyDefinition(PD_PASSWORD_VALIDATOR);
705      INSTANCE.registerConstraint(PD_PASSWORD_VALIDATOR.getSourceConstraint());
706  }
707
708
709
710  // Build the "previous-last-login-time-format" property definition.
711  static {
712      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "previous-last-login-time-format");
713      builder.setOption(PropertyOption.MULTI_VALUED);
714      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "previous-last-login-time-format"));
715      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
716      builder.setPattern(".*", "STRING");
717      PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT = builder.getInstance();
718      INSTANCE.registerPropertyDefinition(PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT);
719  }
720
721
722
723  // Build the "require-change-by-time" property definition.
724  static {
725      StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "require-change-by-time");
726      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-change-by-time"));
727      builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>());
728      builder.setPattern(".*", "STRING");
729      PD_REQUIRE_CHANGE_BY_TIME = builder.getInstance();
730      INSTANCE.registerPropertyDefinition(PD_REQUIRE_CHANGE_BY_TIME);
731  }
732
733
734
735  // Build the "require-secure-authentication" property definition.
736  static {
737      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-authentication");
738      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-authentication"));
739      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
740      builder.setDefaultBehaviorProvider(provider);
741      PD_REQUIRE_SECURE_AUTHENTICATION = builder.getInstance();
742      INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_AUTHENTICATION);
743  }
744
745
746
747  // Build the "require-secure-password-changes" property definition.
748  static {
749      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-password-changes");
750      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-password-changes"));
751      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
752      builder.setDefaultBehaviorProvider(provider);
753      PD_REQUIRE_SECURE_PASSWORD_CHANGES = builder.getInstance();
754      INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_PASSWORD_CHANGES);
755  }
756
757
758
759  // Build the "skip-validation-for-administrators" property definition.
760  static {
761      BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "skip-validation-for-administrators");
762      builder.setOption(PropertyOption.ADVANCED);
763      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "skip-validation-for-administrators"));
764      DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false");
765      builder.setDefaultBehaviorProvider(provider);
766      PD_SKIP_VALIDATION_FOR_ADMINISTRATORS = builder.getInstance();
767      INSTANCE.registerPropertyDefinition(PD_SKIP_VALIDATION_FOR_ADMINISTRATORS);
768  }
769
770
771
772  // Build the "state-update-failure-policy" property definition.
773  static {
774      EnumPropertyDefinition.Builder<StateUpdateFailurePolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "state-update-failure-policy");
775      builder.setOption(PropertyOption.ADVANCED);
776      builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "state-update-failure-policy"));
777      DefaultBehaviorProvider<StateUpdateFailurePolicy> provider = new DefinedDefaultBehaviorProvider<StateUpdateFailurePolicy>("reactive");
778      builder.setDefaultBehaviorProvider(provider);
779      builder.setEnumClass(StateUpdateFailurePolicy.class);
780      PD_STATE_UPDATE_FAILURE_POLICY = builder.getInstance();
781      INSTANCE.registerPropertyDefinition(PD_STATE_UPDATE_FAILURE_POLICY);
782  }
783
784
785
786  // Register the tags associated with this managed object definition.
787  static {
788    INSTANCE.registerTag(Tag.valueOf("user-management"));
789  }
790
791
792
793  /**
794   * Get the Password Policy configuration definition singleton.
795   *
796   * @return Returns the Password Policy configuration definition
797   *         singleton.
798   */
799  public static PasswordPolicyCfgDefn getInstance() {
800    return INSTANCE;
801  }
802
803
804
805  /**
806   * Private constructor.
807   */
808  private PasswordPolicyCfgDefn() {
809    super("password-policy", AuthenticationPolicyCfgDefn.getInstance());
810  }
811
812
813
814  /**
815   * {@inheritDoc}
816   */
817  public PasswordPolicyCfgClient createClientConfiguration(
818      ManagedObject<? extends PasswordPolicyCfgClient> impl) {
819    return new PasswordPolicyCfgClientImpl(impl);
820  }
821
822
823
824  /**
825   * {@inheritDoc}
826   */
827  public PasswordPolicyCfg createServerConfiguration(
828      ServerManagedObject<? extends PasswordPolicyCfg> impl) {
829    return new PasswordPolicyCfgServerImpl(impl);
830  }
831
832
833
834  /**
835   * {@inheritDoc}
836   */
837  public Class<PasswordPolicyCfg> getServerConfigurationClass() {
838    return PasswordPolicyCfg.class;
839  }
840
841
842
843  /**
844   * Get the "account-status-notification-handler" property definition.
845   * <p>
846   * Specifies the names of the account status notification handlers
847   * that are used with the associated password storage scheme.
848   *
849   * @return Returns the "account-status-notification-handler" property definition.
850   */
851  public AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> getAccountStatusNotificationHandlerPropertyDefinition() {
852    return PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER;
853  }
854
855
856
857  /**
858   * Get the "allow-expired-password-changes" property definition.
859   * <p>
860   * Indicates whether a user whose password is expired is still
861   * allowed to change that password using the password modify extended
862   * operation.
863   *
864   * @return Returns the "allow-expired-password-changes" property definition.
865   */
866  public BooleanPropertyDefinition getAllowExpiredPasswordChangesPropertyDefinition() {
867    return PD_ALLOW_EXPIRED_PASSWORD_CHANGES;
868  }
869
870
871
872  /**
873   * Get the "allow-multiple-password-values" property definition.
874   * <p>
875   * Indicates whether user entries can have multiple distinct values
876   * for the password attribute.
877   * <p>
878   * This is potentially dangerous because many mechanisms used to
879   * change the password do not work well with such a configuration. If
880   * multiple password values are allowed, then any of them can be used
881   * to authenticate, and they are all subject to the same policy
882   * constraints.
883   *
884   * @return Returns the "allow-multiple-password-values" property definition.
885   */
886  public BooleanPropertyDefinition getAllowMultiplePasswordValuesPropertyDefinition() {
887    return PD_ALLOW_MULTIPLE_PASSWORD_VALUES;
888  }
889
890
891
892  /**
893   * Get the "allow-pre-encoded-passwords" property definition.
894   * <p>
895   * Indicates whether users can change their passwords by providing a
896   * pre-encoded value.
897   * <p>
898   * This can cause a security risk because the clear-text version of
899   * the password is not known and therefore validation checks cannot
900   * be applied to it.
901   *
902   * @return Returns the "allow-pre-encoded-passwords" property definition.
903   */
904  public BooleanPropertyDefinition getAllowPreEncodedPasswordsPropertyDefinition() {
905    return PD_ALLOW_PRE_ENCODED_PASSWORDS;
906  }
907
908
909
910  /**
911   * Get the "allow-user-password-changes" property definition.
912   * <p>
913   * Indicates whether users can change their own passwords.
914   * <p>
915   * This check is made in addition to access control evaluation. Both
916   * must allow the password change for it to occur.
917   *
918   * @return Returns the "allow-user-password-changes" property definition.
919   */
920  public BooleanPropertyDefinition getAllowUserPasswordChangesPropertyDefinition() {
921    return PD_ALLOW_USER_PASSWORD_CHANGES;
922  }
923
924
925
926  /**
927   * Get the "default-password-storage-scheme" property definition.
928   * <p>
929   * Specifies the names of the password storage schemes that are used
930   * to encode clear-text passwords for this password policy.
931   *
932   * @return Returns the "default-password-storage-scheme" property definition.
933   */
934  public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDefaultPasswordStorageSchemePropertyDefinition() {
935    return PD_DEFAULT_PASSWORD_STORAGE_SCHEME;
936  }
937
938
939
940  /**
941   * Get the "deprecated-password-storage-scheme" property definition.
942   * <p>
943   * Specifies the names of the password storage schemes that are
944   * considered deprecated for this password policy.
945   * <p>
946   * If a user with this password policy authenticates to the server
947   * and his/her password is encoded with a deprecated scheme, those
948   * values are removed and replaced with values encoded using the
949   * default password storage scheme(s).
950   *
951   * @return Returns the "deprecated-password-storage-scheme" property definition.
952   */
953  public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDeprecatedPasswordStorageSchemePropertyDefinition() {
954    return PD_DEPRECATED_PASSWORD_STORAGE_SCHEME;
955  }
956
957
958
959  /**
960   * Get the "expire-passwords-without-warning" property definition.
961   * <p>
962   * Indicates whether the directory server allows a user's password
963   * to expire even if that user has never seen an expiration warning
964   * notification.
965   * <p>
966   * If this property is true, accounts always expire when the
967   * expiration time arrives. If this property is false or disabled,
968   * the user always receives at least one warning notification, and
969   * the password expiration is set to the warning time plus the
970   * warning interval.
971   *
972   * @return Returns the "expire-passwords-without-warning" property definition.
973   */
974  public BooleanPropertyDefinition getExpirePasswordsWithoutWarningPropertyDefinition() {
975    return PD_EXPIRE_PASSWORDS_WITHOUT_WARNING;
976  }
977
978
979
980  /**
981   * Get the "force-change-on-add" property definition.
982   * <p>
983   * Indicates whether users are forced to change their passwords upon
984   * first authenticating to the directory server after their account
985   * has been created.
986   *
987   * @return Returns the "force-change-on-add" property definition.
988   */
989  public BooleanPropertyDefinition getForceChangeOnAddPropertyDefinition() {
990    return PD_FORCE_CHANGE_ON_ADD;
991  }
992
993
994
995  /**
996   * Get the "force-change-on-reset" property definition.
997   * <p>
998   * Indicates whether users are forced to change their passwords if
999   * they are reset by an administrator.
1000   * <p>
1001   * For this purpose, anyone with permission to change a given user's
1002   * password other than that user is considered an administrator.
1003   *
1004   * @return Returns the "force-change-on-reset" property definition.
1005   */
1006  public BooleanPropertyDefinition getForceChangeOnResetPropertyDefinition() {
1007    return PD_FORCE_CHANGE_ON_RESET;
1008  }
1009
1010
1011
1012  /**
1013   * Get the "grace-login-count" property definition.
1014   * <p>
1015   * Specifies the number of grace logins that a user is allowed after
1016   * the account has expired to allow that user to choose a new
1017   * password.
1018   * <p>
1019   * A value of 0 indicates that no grace logins are allowed.
1020   *
1021   * @return Returns the "grace-login-count" property definition.
1022   */
1023  public IntegerPropertyDefinition getGraceLoginCountPropertyDefinition() {
1024    return PD_GRACE_LOGIN_COUNT;
1025  }
1026
1027
1028
1029  /**
1030   * Get the "idle-lockout-interval" property definition.
1031   * <p>
1032   * Specifies the maximum length of time that an account may remain
1033   * idle (that is, the associated user does not authenticate to the
1034   * server) before that user is locked out.
1035   * <p>
1036   * The value of this attribute is an integer followed by a unit of
1037   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1038   * indicates that idle accounts are not automatically locked out.
1039   * This feature is available only if the last login time is
1040   * maintained.
1041   *
1042   * @return Returns the "idle-lockout-interval" property definition.
1043   */
1044  public DurationPropertyDefinition getIdleLockoutIntervalPropertyDefinition() {
1045    return PD_IDLE_LOCKOUT_INTERVAL;
1046  }
1047
1048
1049
1050  /**
1051   * Get the "java-class" property definition.
1052   * <p>
1053   * Specifies the fully-qualified name of the Java class which
1054   * provides the Password Policy implementation.
1055   *
1056   * @return Returns the "java-class" property definition.
1057   */
1058  public ClassPropertyDefinition getJavaClassPropertyDefinition() {
1059    return PD_JAVA_CLASS;
1060  }
1061
1062
1063
1064  /**
1065   * Get the "last-login-time-attribute" property definition.
1066   * <p>
1067   * Specifies the name or OID of the attribute type that is used to
1068   * hold the last login time for users with the associated password
1069   * policy.
1070   * <p>
1071   * This attribute type must be defined in the directory server
1072   * schema and must either be defined as an operational attribute or
1073   * must be allowed by the set of objectClasses for all users with the
1074   * associated password policy.
1075   *
1076   * @return Returns the "last-login-time-attribute" property definition.
1077   */
1078  public AttributeTypePropertyDefinition getLastLoginTimeAttributePropertyDefinition() {
1079    return PD_LAST_LOGIN_TIME_ATTRIBUTE;
1080  }
1081
1082
1083
1084  /**
1085   * Get the "last-login-time-format" property definition.
1086   * <p>
1087   * Specifies the format string that is used to generate the last
1088   * login time value for users with the associated password policy.
1089   * <p>
1090   * This format string conforms to the syntax described in the API
1091   * documentation for the java.text.SimpleDateFormat class.
1092   *
1093   * @return Returns the "last-login-time-format" property definition.
1094   */
1095  public StringPropertyDefinition getLastLoginTimeFormatPropertyDefinition() {
1096    return PD_LAST_LOGIN_TIME_FORMAT;
1097  }
1098
1099
1100
1101  /**
1102   * Get the "lockout-duration" property definition.
1103   * <p>
1104   * Specifies the length of time that an account is locked after too
1105   * many authentication failures.
1106   * <p>
1107   * The value of this attribute is an integer followed by a unit of
1108   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1109   * indicates that the account must remain locked until an
1110   * administrator resets the password.
1111   *
1112   * @return Returns the "lockout-duration" property definition.
1113   */
1114  public DurationPropertyDefinition getLockoutDurationPropertyDefinition() {
1115    return PD_LOCKOUT_DURATION;
1116  }
1117
1118
1119
1120  /**
1121   * Get the "lockout-failure-count" property definition.
1122   * <p>
1123   * Specifies the maximum number of authentication failures that a
1124   * user is allowed before the account is locked out.
1125   * <p>
1126   * A value of 0 indicates that accounts are never locked out due to
1127   * failed attempts.
1128   *
1129   * @return Returns the "lockout-failure-count" property definition.
1130   */
1131  public IntegerPropertyDefinition getLockoutFailureCountPropertyDefinition() {
1132    return PD_LOCKOUT_FAILURE_COUNT;
1133  }
1134
1135
1136
1137  /**
1138   * Get the "lockout-failure-expiration-interval" property definition.
1139   * <p>
1140   * Specifies the length of time before an authentication failure is
1141   * no longer counted against a user for the purposes of account
1142   * lockout.
1143   * <p>
1144   * The value of this attribute is an integer followed by a unit of
1145   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1146   * indicates that the authentication failures must never expire. The
1147   * failure count is always cleared upon a successful authentication.
1148   *
1149   * @return Returns the "lockout-failure-expiration-interval" property definition.
1150   */
1151  public DurationPropertyDefinition getLockoutFailureExpirationIntervalPropertyDefinition() {
1152    return PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL;
1153  }
1154
1155
1156
1157  /**
1158   * Get the "max-password-age" property definition.
1159   * <p>
1160   * Specifies the maximum length of time that a user can continue
1161   * using the same password before it must be changed (that is, the
1162   * password expiration interval).
1163   * <p>
1164   * The value of this attribute is an integer followed by a unit of
1165   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1166   * disables password expiration.
1167   *
1168   * @return Returns the "max-password-age" property definition.
1169   */
1170  public DurationPropertyDefinition getMaxPasswordAgePropertyDefinition() {
1171    return PD_MAX_PASSWORD_AGE;
1172  }
1173
1174
1175
1176  /**
1177   * Get the "max-password-reset-age" property definition.
1178   * <p>
1179   * Specifies the maximum length of time that users have to change
1180   * passwords after they have been reset by an administrator before
1181   * they become locked.
1182   * <p>
1183   * The value of this attribute is an integer followed by a unit of
1184   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1185   * disables this feature.
1186   *
1187   * @return Returns the "max-password-reset-age" property definition.
1188   */
1189  public DurationPropertyDefinition getMaxPasswordResetAgePropertyDefinition() {
1190    return PD_MAX_PASSWORD_RESET_AGE;
1191  }
1192
1193
1194
1195  /**
1196   * Get the "min-password-age" property definition.
1197   * <p>
1198   * Specifies the minimum length of time after a password change
1199   * before the user is allowed to change the password again.
1200   * <p>
1201   * The value of this attribute is an integer followed by a unit of
1202   * seconds, minutes, hours, days, or weeks. This setting can be used
1203   * to prevent users from changing their passwords repeatedly over a
1204   * short period of time to flush an old password from the history so
1205   * that it can be re-used.
1206   *
1207   * @return Returns the "min-password-age" property definition.
1208   */
1209  public DurationPropertyDefinition getMinPasswordAgePropertyDefinition() {
1210    return PD_MIN_PASSWORD_AGE;
1211  }
1212
1213
1214
1215  /**
1216   * Get the "password-attribute" property definition.
1217   * <p>
1218   * Specifies the attribute type used to hold user passwords.
1219   * <p>
1220   * This attribute type must be defined in the server schema, and it
1221   * must have either the user password or auth password syntax.
1222   *
1223   * @return Returns the "password-attribute" property definition.
1224   */
1225  public AttributeTypePropertyDefinition getPasswordAttributePropertyDefinition() {
1226    return PD_PASSWORD_ATTRIBUTE;
1227  }
1228
1229
1230
1231  /**
1232   * Get the "password-change-requires-current-password" property definition.
1233   * <p>
1234   * Indicates whether user password changes must use the password
1235   * modify extended operation and must include the user's current
1236   * password before the change is allowed.
1237   *
1238   * @return Returns the "password-change-requires-current-password" property definition.
1239   */
1240  public BooleanPropertyDefinition getPasswordChangeRequiresCurrentPasswordPropertyDefinition() {
1241    return PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD;
1242  }
1243
1244
1245
1246  /**
1247   * Get the "password-expiration-warning-interval" property definition.
1248   * <p>
1249   * Specifies the maximum length of time before a user's password
1250   * actually expires that the server begins to include warning
1251   * notifications in bind responses for that user.
1252   * <p>
1253   * The value of this attribute is an integer followed by a unit of
1254   * seconds, minutes, hours, days, or weeks. A value of 0 seconds
1255   * disables the warning interval.
1256   *
1257   * @return Returns the "password-expiration-warning-interval" property definition.
1258   */
1259  public DurationPropertyDefinition getPasswordExpirationWarningIntervalPropertyDefinition() {
1260    return PD_PASSWORD_EXPIRATION_WARNING_INTERVAL;
1261  }
1262
1263
1264
1265  /**
1266   * Get the "password-generator" property definition.
1267   * <p>
1268   * Specifies the name of the password generator that is used with
1269   * the associated password policy.
1270   * <p>
1271   * This is used in conjunction with the password modify extended
1272   * operation to generate a new password for a user when none was
1273   * provided in the request.
1274   *
1275   * @return Returns the "password-generator" property definition.
1276   */
1277  public AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> getPasswordGeneratorPropertyDefinition() {
1278    return PD_PASSWORD_GENERATOR;
1279  }
1280
1281
1282
1283  /**
1284   * Get the "password-history-count" property definition.
1285   * <p>
1286   * Specifies the maximum number of former passwords to maintain in
1287   * the password history.
1288   * <p>
1289   * When choosing a new password, the proposed password is checked to
1290   * ensure that it does not match the current password, nor any other
1291   * password in the history list. A value of zero indicates that
1292   * either no password history is to be maintained (if the password
1293   * history duration has a value of zero seconds), or that there is no
1294   * maximum number of passwords to maintain in the history (if the
1295   * password history duration has a value greater than zero seconds).
1296   *
1297   * @return Returns the "password-history-count" property definition.
1298   */
1299  public IntegerPropertyDefinition getPasswordHistoryCountPropertyDefinition() {
1300    return PD_PASSWORD_HISTORY_COUNT;
1301  }
1302
1303
1304
1305  /**
1306   * Get the "password-history-duration" property definition.
1307   * <p>
1308   * Specifies the maximum length of time that passwords remain in the
1309   * password history.
1310   * <p>
1311   * When choosing a new password, the proposed password is checked to
1312   * ensure that it does not match the current password, nor any other
1313   * password in the history list. A value of zero seconds indicates
1314   * that either no password history is to be maintained (if the
1315   * password history count has a value of zero), or that there is no
1316   * maximum duration for passwords in the history (if the password
1317   * history count has a value greater than zero).
1318   *
1319   * @return Returns the "password-history-duration" property definition.
1320   */
1321  public DurationPropertyDefinition getPasswordHistoryDurationPropertyDefinition() {
1322    return PD_PASSWORD_HISTORY_DURATION;
1323  }
1324
1325
1326
1327  /**
1328   * Get the "password-validator" property definition.
1329   * <p>
1330   * Specifies the names of the password validators that are used with
1331   * the associated password storage scheme.
1332   * <p>
1333   * The password validators are invoked when a user attempts to
1334   * provide a new password, to determine whether the new password is
1335   * acceptable.
1336   *
1337   * @return Returns the "password-validator" property definition.
1338   */
1339  public AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> getPasswordValidatorPropertyDefinition() {
1340    return PD_PASSWORD_VALIDATOR;
1341  }
1342
1343
1344
1345  /**
1346   * Get the "previous-last-login-time-format" property definition.
1347   * <p>
1348   * Specifies the format string(s) that might have been used with the
1349   * last login time at any point in the past for users associated with
1350   * the password policy.
1351   * <p>
1352   * These values are used to make it possible to parse previous
1353   * values, but are not used to set new values. The format strings
1354   * conform to the syntax described in the API documentation for the
1355   * java.text.SimpleDateFormat class.
1356   *
1357   * @return Returns the "previous-last-login-time-format" property definition.
1358   */
1359  public StringPropertyDefinition getPreviousLastLoginTimeFormatPropertyDefinition() {
1360    return PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT;
1361  }
1362
1363
1364
1365  /**
1366   * Get the "require-change-by-time" property definition.
1367   * <p>
1368   * Specifies the time by which all users with the associated
1369   * password policy must change their passwords.
1370   * <p>
1371   * The value is expressed in a generalized time format. If this time
1372   * is equal to the current time or is in the past, then all users are
1373   * required to change their passwords immediately. The behavior of
1374   * the server in this mode is identical to the behavior observed when
1375   * users are forced to change their passwords after an administrative
1376   * reset.
1377   *
1378   * @return Returns the "require-change-by-time" property definition.
1379   */
1380  public StringPropertyDefinition getRequireChangeByTimePropertyDefinition() {
1381    return PD_REQUIRE_CHANGE_BY_TIME;
1382  }
1383
1384
1385
1386  /**
1387   * Get the "require-secure-authentication" property definition.
1388   * <p>
1389   * Indicates whether users with the associated password policy are
1390   * required to authenticate in a secure manner.
1391   * <p>
1392   * This might mean either using a secure communication channel
1393   * between the client and the server, or using a SASL mechanism that
1394   * does not expose the credentials.
1395   *
1396   * @return Returns the "require-secure-authentication" property definition.
1397   */
1398  public BooleanPropertyDefinition getRequireSecureAuthenticationPropertyDefinition() {
1399    return PD_REQUIRE_SECURE_AUTHENTICATION;
1400  }
1401
1402
1403
1404  /**
1405   * Get the "require-secure-password-changes" property definition.
1406   * <p>
1407   * Indicates whether users with the associated password policy are
1408   * required to change their password in a secure manner that does not
1409   * expose the credentials.
1410   *
1411   * @return Returns the "require-secure-password-changes" property definition.
1412   */
1413  public BooleanPropertyDefinition getRequireSecurePasswordChangesPropertyDefinition() {
1414    return PD_REQUIRE_SECURE_PASSWORD_CHANGES;
1415  }
1416
1417
1418
1419  /**
1420   * Get the "skip-validation-for-administrators" property definition.
1421   * <p>
1422   * Indicates whether passwords set by administrators are allowed to
1423   * bypass the password validation process that is required for user
1424   * password changes.
1425   *
1426   * @return Returns the "skip-validation-for-administrators" property definition.
1427   */
1428  public BooleanPropertyDefinition getSkipValidationForAdministratorsPropertyDefinition() {
1429    return PD_SKIP_VALIDATION_FOR_ADMINISTRATORS;
1430  }
1431
1432
1433
1434  /**
1435   * Get the "state-update-failure-policy" property definition.
1436   * <p>
1437   * Specifies how the server deals with the inability to update
1438   * password policy state information during an authentication
1439   * attempt.
1440   * <p>
1441   * In particular, this property can be used to control whether an
1442   * otherwise successful bind operation fails if a failure occurs
1443   * while attempting to update password policy state information (for
1444   * example, to clear a record of previous authentication failures or
1445   * to update the last login time). It can also be used to control
1446   * whether to reject a bind request if it is known ahead of time that
1447   * it will not be possible to update the authentication failure times
1448   * in the event of an unsuccessful bind attempt (for example, if the
1449   * backend writability mode is disabled).
1450   *
1451   * @return Returns the "state-update-failure-policy" property definition.
1452   */
1453  public EnumPropertyDefinition<StateUpdateFailurePolicy> getStateUpdateFailurePolicyPropertyDefinition() {
1454    return PD_STATE_UPDATE_FAILURE_POLICY;
1455  }
1456
1457
1458
1459  /**
1460   * Managed object client implementation.
1461   */
1462  private static class PasswordPolicyCfgClientImpl implements
1463    PasswordPolicyCfgClient {
1464
1465    // Private implementation.
1466    private ManagedObject<? extends PasswordPolicyCfgClient> impl;
1467
1468
1469
1470    // Private constructor.
1471    private PasswordPolicyCfgClientImpl(
1472        ManagedObject<? extends PasswordPolicyCfgClient> impl) {
1473      this.impl = impl;
1474    }
1475
1476
1477
1478    /**
1479     * {@inheritDoc}
1480     */
1481    public SortedSet<String> getAccountStatusNotificationHandler() {
1482      return impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
1483    }
1484
1485
1486
1487    /**
1488     * {@inheritDoc}
1489     */
1490    public void setAccountStatusNotificationHandler(Collection<String> values) {
1491      impl.setPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition(), values);
1492    }
1493
1494
1495
1496    /**
1497     * {@inheritDoc}
1498     */
1499    public boolean isAllowExpiredPasswordChanges() {
1500      return impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
1501    }
1502
1503
1504
1505    /**
1506     * {@inheritDoc}
1507     */
1508    public void setAllowExpiredPasswordChanges(Boolean value) {
1509      impl.setPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition(), value);
1510    }
1511
1512
1513
1514    /**
1515     * {@inheritDoc}
1516     */
1517    public boolean isAllowMultiplePasswordValues() {
1518      return impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
1519    }
1520
1521
1522
1523    /**
1524     * {@inheritDoc}
1525     */
1526    public void setAllowMultiplePasswordValues(Boolean value) {
1527      impl.setPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition(), value);
1528    }
1529
1530
1531
1532    /**
1533     * {@inheritDoc}
1534     */
1535    public boolean isAllowPreEncodedPasswords() {
1536      return impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
1537    }
1538
1539
1540
1541    /**
1542     * {@inheritDoc}
1543     */
1544    public void setAllowPreEncodedPasswords(Boolean value) {
1545      impl.setPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition(), value);
1546    }
1547
1548
1549
1550    /**
1551     * {@inheritDoc}
1552     */
1553    public boolean isAllowUserPasswordChanges() {
1554      return impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
1555    }
1556
1557
1558
1559    /**
1560     * {@inheritDoc}
1561     */
1562    public void setAllowUserPasswordChanges(Boolean value) {
1563      impl.setPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition(), value);
1564    }
1565
1566
1567
1568    /**
1569     * {@inheritDoc}
1570     */
1571    public SortedSet<String> getDefaultPasswordStorageScheme() {
1572      return impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
1573    }
1574
1575
1576
1577    /**
1578     * {@inheritDoc}
1579     */
1580    public void setDefaultPasswordStorageScheme(Collection<String> values) {
1581      impl.setPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition(), values);
1582    }
1583
1584
1585
1586    /**
1587     * {@inheritDoc}
1588     */
1589    public SortedSet<String> getDeprecatedPasswordStorageScheme() {
1590      return impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
1591    }
1592
1593
1594
1595    /**
1596     * {@inheritDoc}
1597     */
1598    public void setDeprecatedPasswordStorageScheme(Collection<String> values) {
1599      impl.setPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition(), values);
1600    }
1601
1602
1603
1604    /**
1605     * {@inheritDoc}
1606     */
1607    public boolean isExpirePasswordsWithoutWarning() {
1608      return impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
1609    }
1610
1611
1612
1613    /**
1614     * {@inheritDoc}
1615     */
1616    public void setExpirePasswordsWithoutWarning(Boolean value) {
1617      impl.setPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition(), value);
1618    }
1619
1620
1621
1622    /**
1623     * {@inheritDoc}
1624     */
1625    public boolean isForceChangeOnAdd() {
1626      return impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
1627    }
1628
1629
1630
1631    /**
1632     * {@inheritDoc}
1633     */
1634    public void setForceChangeOnAdd(Boolean value) {
1635      impl.setPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition(), value);
1636    }
1637
1638
1639
1640    /**
1641     * {@inheritDoc}
1642     */
1643    public boolean isForceChangeOnReset() {
1644      return impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
1645    }
1646
1647
1648
1649    /**
1650     * {@inheritDoc}
1651     */
1652    public void setForceChangeOnReset(Boolean value) {
1653      impl.setPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition(), value);
1654    }
1655
1656
1657
1658    /**
1659     * {@inheritDoc}
1660     */
1661    public int getGraceLoginCount() {
1662      return impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
1663    }
1664
1665
1666
1667    /**
1668     * {@inheritDoc}
1669     */
1670    public void setGraceLoginCount(Integer value) {
1671      impl.setPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition(), value);
1672    }
1673
1674
1675
1676    /**
1677     * {@inheritDoc}
1678     */
1679    public long getIdleLockoutInterval() {
1680      return impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
1681    }
1682
1683
1684
1685    /**
1686     * {@inheritDoc}
1687     */
1688    public void setIdleLockoutInterval(Long value) {
1689      impl.setPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition(), value);
1690    }
1691
1692
1693
1694    /**
1695     * {@inheritDoc}
1696     */
1697    public String getJavaClass() {
1698      return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
1699    }
1700
1701
1702
1703    /**
1704     * {@inheritDoc}
1705     */
1706    public void setJavaClass(String value) {
1707      impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value);
1708    }
1709
1710
1711
1712    /**
1713     * {@inheritDoc}
1714     */
1715    public AttributeType getLastLoginTimeAttribute() {
1716      return impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
1717    }
1718
1719
1720
1721    /**
1722     * {@inheritDoc}
1723     */
1724    public void setLastLoginTimeAttribute(AttributeType value) {
1725      impl.setPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition(), value);
1726    }
1727
1728
1729
1730    /**
1731     * {@inheritDoc}
1732     */
1733    public String getLastLoginTimeFormat() {
1734      return impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
1735    }
1736
1737
1738
1739    /**
1740     * {@inheritDoc}
1741     */
1742    public void setLastLoginTimeFormat(String value) {
1743      impl.setPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition(), value);
1744    }
1745
1746
1747
1748    /**
1749     * {@inheritDoc}
1750     */
1751    public long getLockoutDuration() {
1752      return impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
1753    }
1754
1755
1756
1757    /**
1758     * {@inheritDoc}
1759     */
1760    public void setLockoutDuration(Long value) {
1761      impl.setPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition(), value);
1762    }
1763
1764
1765
1766    /**
1767     * {@inheritDoc}
1768     */
1769    public int getLockoutFailureCount() {
1770      return impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
1771    }
1772
1773
1774
1775    /**
1776     * {@inheritDoc}
1777     */
1778    public void setLockoutFailureCount(Integer value) {
1779      impl.setPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition(), value);
1780    }
1781
1782
1783
1784    /**
1785     * {@inheritDoc}
1786     */
1787    public long getLockoutFailureExpirationInterval() {
1788      return impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
1789    }
1790
1791
1792
1793    /**
1794     * {@inheritDoc}
1795     */
1796    public void setLockoutFailureExpirationInterval(Long value) {
1797      impl.setPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition(), value);
1798    }
1799
1800
1801
1802    /**
1803     * {@inheritDoc}
1804     */
1805    public long getMaxPasswordAge() {
1806      return impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
1807    }
1808
1809
1810
1811    /**
1812     * {@inheritDoc}
1813     */
1814    public void setMaxPasswordAge(Long value) {
1815      impl.setPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition(), value);
1816    }
1817
1818
1819
1820    /**
1821     * {@inheritDoc}
1822     */
1823    public long getMaxPasswordResetAge() {
1824      return impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
1825    }
1826
1827
1828
1829    /**
1830     * {@inheritDoc}
1831     */
1832    public void setMaxPasswordResetAge(Long value) {
1833      impl.setPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition(), value);
1834    }
1835
1836
1837
1838    /**
1839     * {@inheritDoc}
1840     */
1841    public long getMinPasswordAge() {
1842      return impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
1843    }
1844
1845
1846
1847    /**
1848     * {@inheritDoc}
1849     */
1850    public void setMinPasswordAge(Long value) {
1851      impl.setPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition(), value);
1852    }
1853
1854
1855
1856    /**
1857     * {@inheritDoc}
1858     */
1859    public AttributeType getPasswordAttribute() {
1860      return impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
1861    }
1862
1863
1864
1865    /**
1866     * {@inheritDoc}
1867     */
1868    public void setPasswordAttribute(AttributeType value) {
1869      impl.setPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition(), value);
1870    }
1871
1872
1873
1874    /**
1875     * {@inheritDoc}
1876     */
1877    public boolean isPasswordChangeRequiresCurrentPassword() {
1878      return impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
1879    }
1880
1881
1882
1883    /**
1884     * {@inheritDoc}
1885     */
1886    public void setPasswordChangeRequiresCurrentPassword(Boolean value) {
1887      impl.setPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition(), value);
1888    }
1889
1890
1891
1892    /**
1893     * {@inheritDoc}
1894     */
1895    public long getPasswordExpirationWarningInterval() {
1896      return impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
1897    }
1898
1899
1900
1901    /**
1902     * {@inheritDoc}
1903     */
1904    public void setPasswordExpirationWarningInterval(Long value) {
1905      impl.setPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition(), value);
1906    }
1907
1908
1909
1910    /**
1911     * {@inheritDoc}
1912     */
1913    public String getPasswordGenerator() {
1914      return impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
1915    }
1916
1917
1918
1919    /**
1920     * {@inheritDoc}
1921     */
1922    public void setPasswordGenerator(String value) {
1923      impl.setPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition(), value);
1924    }
1925
1926
1927
1928    /**
1929     * {@inheritDoc}
1930     */
1931    public int getPasswordHistoryCount() {
1932      return impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
1933    }
1934
1935
1936
1937    /**
1938     * {@inheritDoc}
1939     */
1940    public void setPasswordHistoryCount(Integer value) {
1941      impl.setPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition(), value);
1942    }
1943
1944
1945
1946    /**
1947     * {@inheritDoc}
1948     */
1949    public long getPasswordHistoryDuration() {
1950      return impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
1951    }
1952
1953
1954
1955    /**
1956     * {@inheritDoc}
1957     */
1958    public void setPasswordHistoryDuration(Long value) {
1959      impl.setPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition(), value);
1960    }
1961
1962
1963
1964    /**
1965     * {@inheritDoc}
1966     */
1967    public SortedSet<String> getPasswordValidator() {
1968      return impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
1969    }
1970
1971
1972
1973    /**
1974     * {@inheritDoc}
1975     */
1976    public void setPasswordValidator(Collection<String> values) {
1977      impl.setPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition(), values);
1978    }
1979
1980
1981
1982    /**
1983     * {@inheritDoc}
1984     */
1985    public SortedSet<String> getPreviousLastLoginTimeFormat() {
1986      return impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
1987    }
1988
1989
1990
1991    /**
1992     * {@inheritDoc}
1993     */
1994    public void setPreviousLastLoginTimeFormat(Collection<String> values) {
1995      impl.setPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition(), values);
1996    }
1997
1998
1999
2000    /**
2001     * {@inheritDoc}
2002     */
2003    public String getRequireChangeByTime() {
2004      return impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
2005    }
2006
2007
2008
2009    /**
2010     * {@inheritDoc}
2011     */
2012    public void setRequireChangeByTime(String value) {
2013      impl.setPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition(), value);
2014    }
2015
2016
2017
2018    /**
2019     * {@inheritDoc}
2020     */
2021    public boolean isRequireSecureAuthentication() {
2022      return impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
2023    }
2024
2025
2026
2027    /**
2028     * {@inheritDoc}
2029     */
2030    public void setRequireSecureAuthentication(Boolean value) {
2031      impl.setPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition(), value);
2032    }
2033
2034
2035
2036    /**
2037     * {@inheritDoc}
2038     */
2039    public boolean isRequireSecurePasswordChanges() {
2040      return impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
2041    }
2042
2043
2044
2045    /**
2046     * {@inheritDoc}
2047     */
2048    public void setRequireSecurePasswordChanges(Boolean value) {
2049      impl.setPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition(), value);
2050    }
2051
2052
2053
2054    /**
2055     * {@inheritDoc}
2056     */
2057    public boolean isSkipValidationForAdministrators() {
2058      return impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2059    }
2060
2061
2062
2063    /**
2064     * {@inheritDoc}
2065     */
2066    public void setSkipValidationForAdministrators(Boolean value) {
2067      impl.setPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition(), value);
2068    }
2069
2070
2071
2072    /**
2073     * {@inheritDoc}
2074     */
2075    public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2076      return impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2077    }
2078
2079
2080
2081    /**
2082     * {@inheritDoc}
2083     */
2084    public void setStateUpdateFailurePolicy(StateUpdateFailurePolicy value) {
2085      impl.setPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition(), value);
2086    }
2087
2088
2089
2090    /**
2091     * {@inheritDoc}
2092     */
2093    public ManagedObjectDefinition<? extends PasswordPolicyCfgClient, ? extends PasswordPolicyCfg> definition() {
2094      return INSTANCE;
2095    }
2096
2097
2098
2099    /**
2100     * {@inheritDoc}
2101     */
2102    public PropertyProvider properties() {
2103      return impl;
2104    }
2105
2106
2107
2108    /**
2109     * {@inheritDoc}
2110     */
2111    public void commit() throws ManagedObjectAlreadyExistsException,
2112        MissingMandatoryPropertiesException, ConcurrentModificationException,
2113        OperationRejectedException, LdapException {
2114      impl.commit();
2115    }
2116
2117  }
2118
2119
2120
2121  /**
2122   * Managed object server implementation.
2123   */
2124  private static class PasswordPolicyCfgServerImpl implements
2125    PasswordPolicyCfg {
2126
2127    // Private implementation.
2128    private ServerManagedObject<? extends PasswordPolicyCfg> impl;
2129
2130    // The value of the "account-status-notification-handler" property.
2131    private final SortedSet<String> pAccountStatusNotificationHandler;
2132
2133    // The value of the "allow-expired-password-changes" property.
2134    private final boolean pAllowExpiredPasswordChanges;
2135
2136    // The value of the "allow-multiple-password-values" property.
2137    private final boolean pAllowMultiplePasswordValues;
2138
2139    // The value of the "allow-pre-encoded-passwords" property.
2140    private final boolean pAllowPreEncodedPasswords;
2141
2142    // The value of the "allow-user-password-changes" property.
2143    private final boolean pAllowUserPasswordChanges;
2144
2145    // The value of the "default-password-storage-scheme" property.
2146    private final SortedSet<String> pDefaultPasswordStorageScheme;
2147
2148    // The value of the "deprecated-password-storage-scheme" property.
2149    private final SortedSet<String> pDeprecatedPasswordStorageScheme;
2150
2151    // The value of the "expire-passwords-without-warning" property.
2152    private final boolean pExpirePasswordsWithoutWarning;
2153
2154    // The value of the "force-change-on-add" property.
2155    private final boolean pForceChangeOnAdd;
2156
2157    // The value of the "force-change-on-reset" property.
2158    private final boolean pForceChangeOnReset;
2159
2160    // The value of the "grace-login-count" property.
2161    private final int pGraceLoginCount;
2162
2163    // The value of the "idle-lockout-interval" property.
2164    private final long pIdleLockoutInterval;
2165
2166    // The value of the "java-class" property.
2167    private final String pJavaClass;
2168
2169    // The value of the "last-login-time-attribute" property.
2170    private final AttributeType pLastLoginTimeAttribute;
2171
2172    // The value of the "last-login-time-format" property.
2173    private final String pLastLoginTimeFormat;
2174
2175    // The value of the "lockout-duration" property.
2176    private final long pLockoutDuration;
2177
2178    // The value of the "lockout-failure-count" property.
2179    private final int pLockoutFailureCount;
2180
2181    // The value of the "lockout-failure-expiration-interval" property.
2182    private final long pLockoutFailureExpirationInterval;
2183
2184    // The value of the "max-password-age" property.
2185    private final long pMaxPasswordAge;
2186
2187    // The value of the "max-password-reset-age" property.
2188    private final long pMaxPasswordResetAge;
2189
2190    // The value of the "min-password-age" property.
2191    private final long pMinPasswordAge;
2192
2193    // The value of the "password-attribute" property.
2194    private final AttributeType pPasswordAttribute;
2195
2196    // The value of the "password-change-requires-current-password" property.
2197    private final boolean pPasswordChangeRequiresCurrentPassword;
2198
2199    // The value of the "password-expiration-warning-interval" property.
2200    private final long pPasswordExpirationWarningInterval;
2201
2202    // The value of the "password-generator" property.
2203    private final String pPasswordGenerator;
2204
2205    // The value of the "password-history-count" property.
2206    private final int pPasswordHistoryCount;
2207
2208    // The value of the "password-history-duration" property.
2209    private final long pPasswordHistoryDuration;
2210
2211    // The value of the "password-validator" property.
2212    private final SortedSet<String> pPasswordValidator;
2213
2214    // The value of the "previous-last-login-time-format" property.
2215    private final SortedSet<String> pPreviousLastLoginTimeFormat;
2216
2217    // The value of the "require-change-by-time" property.
2218    private final String pRequireChangeByTime;
2219
2220    // The value of the "require-secure-authentication" property.
2221    private final boolean pRequireSecureAuthentication;
2222
2223    // The value of the "require-secure-password-changes" property.
2224    private final boolean pRequireSecurePasswordChanges;
2225
2226    // The value of the "skip-validation-for-administrators" property.
2227    private final boolean pSkipValidationForAdministrators;
2228
2229    // The value of the "state-update-failure-policy" property.
2230    private final StateUpdateFailurePolicy pStateUpdateFailurePolicy;
2231
2232
2233
2234    // Private constructor.
2235    private PasswordPolicyCfgServerImpl(ServerManagedObject<? extends PasswordPolicyCfg> impl) {
2236      this.impl = impl;
2237      this.pAccountStatusNotificationHandler = impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition());
2238      this.pAllowExpiredPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition());
2239      this.pAllowMultiplePasswordValues = impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition());
2240      this.pAllowPreEncodedPasswords = impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition());
2241      this.pAllowUserPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition());
2242      this.pDefaultPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition());
2243      this.pDeprecatedPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition());
2244      this.pExpirePasswordsWithoutWarning = impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition());
2245      this.pForceChangeOnAdd = impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition());
2246      this.pForceChangeOnReset = impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition());
2247      this.pGraceLoginCount = impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition());
2248      this.pIdleLockoutInterval = impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition());
2249      this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition());
2250      this.pLastLoginTimeAttribute = impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition());
2251      this.pLastLoginTimeFormat = impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition());
2252      this.pLockoutDuration = impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition());
2253      this.pLockoutFailureCount = impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition());
2254      this.pLockoutFailureExpirationInterval = impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition());
2255      this.pMaxPasswordAge = impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition());
2256      this.pMaxPasswordResetAge = impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition());
2257      this.pMinPasswordAge = impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition());
2258      this.pPasswordAttribute = impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition());
2259      this.pPasswordChangeRequiresCurrentPassword = impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition());
2260      this.pPasswordExpirationWarningInterval = impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition());
2261      this.pPasswordGenerator = impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition());
2262      this.pPasswordHistoryCount = impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition());
2263      this.pPasswordHistoryDuration = impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition());
2264      this.pPasswordValidator = impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition());
2265      this.pPreviousLastLoginTimeFormat = impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition());
2266      this.pRequireChangeByTime = impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition());
2267      this.pRequireSecureAuthentication = impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition());
2268      this.pRequireSecurePasswordChanges = impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition());
2269      this.pSkipValidationForAdministrators = impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition());
2270      this.pStateUpdateFailurePolicy = impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition());
2271    }
2272
2273
2274
2275    /**
2276     * {@inheritDoc}
2277     */
2278    public void addPasswordPolicyChangeListener(
2279        ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2280      impl.registerChangeListener(listener);
2281    }
2282
2283
2284
2285    /**
2286     * {@inheritDoc}
2287     */
2288    public void removePasswordPolicyChangeListener(
2289        ConfigurationChangeListener<PasswordPolicyCfg> listener) {
2290      impl.deregisterChangeListener(listener);
2291    }
2292    /**
2293     * {@inheritDoc}
2294     */
2295    public void addChangeListener(
2296        ConfigurationChangeListener<AuthenticationPolicyCfg> listener) {
2297      impl.registerChangeListener(listener);
2298    }
2299
2300
2301
2302    /**
2303     * {@inheritDoc}
2304     */
2305    public void removeChangeListener(
2306        ConfigurationChangeListener<AuthenticationPolicyCfg> listener) {
2307      impl.deregisterChangeListener(listener);
2308    }
2309
2310
2311
2312    /**
2313     * {@inheritDoc}
2314     */
2315    public SortedSet<String> getAccountStatusNotificationHandler() {
2316      return pAccountStatusNotificationHandler;
2317    }
2318
2319
2320
2321    /**
2322     * {@inheritDoc}
2323     */
2324    public SortedSet<DN> getAccountStatusNotificationHandlerDNs() {
2325      SortedSet<String> values = getAccountStatusNotificationHandler();
2326      SortedSet<DN> dnValues = new TreeSet<DN>();
2327      for (String value : values) {
2328        DN dn = INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition().getChildDN(value);
2329        dnValues.add(dn);
2330      }
2331      return dnValues;
2332    }
2333
2334
2335
2336    /**
2337     * {@inheritDoc}
2338     */
2339    public boolean isAllowExpiredPasswordChanges() {
2340      return pAllowExpiredPasswordChanges;
2341    }
2342
2343
2344
2345    /**
2346     * {@inheritDoc}
2347     */
2348    public boolean isAllowMultiplePasswordValues() {
2349      return pAllowMultiplePasswordValues;
2350    }
2351
2352
2353
2354    /**
2355     * {@inheritDoc}
2356     */
2357    public boolean isAllowPreEncodedPasswords() {
2358      return pAllowPreEncodedPasswords;
2359    }
2360
2361
2362
2363    /**
2364     * {@inheritDoc}
2365     */
2366    public boolean isAllowUserPasswordChanges() {
2367      return pAllowUserPasswordChanges;
2368    }
2369
2370
2371
2372    /**
2373     * {@inheritDoc}
2374     */
2375    public SortedSet<String> getDefaultPasswordStorageScheme() {
2376      return pDefaultPasswordStorageScheme;
2377    }
2378
2379
2380
2381    /**
2382     * {@inheritDoc}
2383     */
2384    public SortedSet<DN> getDefaultPasswordStorageSchemeDNs() {
2385      SortedSet<String> values = getDefaultPasswordStorageScheme();
2386      SortedSet<DN> dnValues = new TreeSet<DN>();
2387      for (String value : values) {
2388        DN dn = INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition().getChildDN(value);
2389        dnValues.add(dn);
2390      }
2391      return dnValues;
2392    }
2393
2394
2395
2396    /**
2397     * {@inheritDoc}
2398     */
2399    public SortedSet<String> getDeprecatedPasswordStorageScheme() {
2400      return pDeprecatedPasswordStorageScheme;
2401    }
2402
2403
2404
2405    /**
2406     * {@inheritDoc}
2407     */
2408    public SortedSet<DN> getDeprecatedPasswordStorageSchemeDNs() {
2409      SortedSet<String> values = getDeprecatedPasswordStorageScheme();
2410      SortedSet<DN> dnValues = new TreeSet<DN>();
2411      for (String value : values) {
2412        DN dn = INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition().getChildDN(value);
2413        dnValues.add(dn);
2414      }
2415      return dnValues;
2416    }
2417
2418
2419
2420    /**
2421     * {@inheritDoc}
2422     */
2423    public boolean isExpirePasswordsWithoutWarning() {
2424      return pExpirePasswordsWithoutWarning;
2425    }
2426
2427
2428
2429    /**
2430     * {@inheritDoc}
2431     */
2432    public boolean isForceChangeOnAdd() {
2433      return pForceChangeOnAdd;
2434    }
2435
2436
2437
2438    /**
2439     * {@inheritDoc}
2440     */
2441    public boolean isForceChangeOnReset() {
2442      return pForceChangeOnReset;
2443    }
2444
2445
2446
2447    /**
2448     * {@inheritDoc}
2449     */
2450    public int getGraceLoginCount() {
2451      return pGraceLoginCount;
2452    }
2453
2454
2455
2456    /**
2457     * {@inheritDoc}
2458     */
2459    public long getIdleLockoutInterval() {
2460      return pIdleLockoutInterval;
2461    }
2462
2463
2464
2465    /**
2466     * {@inheritDoc}
2467     */
2468    public String getJavaClass() {
2469      return pJavaClass;
2470    }
2471
2472
2473
2474    /**
2475     * {@inheritDoc}
2476     */
2477    public AttributeType getLastLoginTimeAttribute() {
2478      return pLastLoginTimeAttribute;
2479    }
2480
2481
2482
2483    /**
2484     * {@inheritDoc}
2485     */
2486    public String getLastLoginTimeFormat() {
2487      return pLastLoginTimeFormat;
2488    }
2489
2490
2491
2492    /**
2493     * {@inheritDoc}
2494     */
2495    public long getLockoutDuration() {
2496      return pLockoutDuration;
2497    }
2498
2499
2500
2501    /**
2502     * {@inheritDoc}
2503     */
2504    public int getLockoutFailureCount() {
2505      return pLockoutFailureCount;
2506    }
2507
2508
2509
2510    /**
2511     * {@inheritDoc}
2512     */
2513    public long getLockoutFailureExpirationInterval() {
2514      return pLockoutFailureExpirationInterval;
2515    }
2516
2517
2518
2519    /**
2520     * {@inheritDoc}
2521     */
2522    public long getMaxPasswordAge() {
2523      return pMaxPasswordAge;
2524    }
2525
2526
2527
2528    /**
2529     * {@inheritDoc}
2530     */
2531    public long getMaxPasswordResetAge() {
2532      return pMaxPasswordResetAge;
2533    }
2534
2535
2536
2537    /**
2538     * {@inheritDoc}
2539     */
2540    public long getMinPasswordAge() {
2541      return pMinPasswordAge;
2542    }
2543
2544
2545
2546    /**
2547     * {@inheritDoc}
2548     */
2549    public AttributeType getPasswordAttribute() {
2550      return pPasswordAttribute;
2551    }
2552
2553
2554
2555    /**
2556     * {@inheritDoc}
2557     */
2558    public boolean isPasswordChangeRequiresCurrentPassword() {
2559      return pPasswordChangeRequiresCurrentPassword;
2560    }
2561
2562
2563
2564    /**
2565     * {@inheritDoc}
2566     */
2567    public long getPasswordExpirationWarningInterval() {
2568      return pPasswordExpirationWarningInterval;
2569    }
2570
2571
2572
2573    /**
2574     * {@inheritDoc}
2575     */
2576    public String getPasswordGenerator() {
2577      return pPasswordGenerator;
2578    }
2579
2580
2581
2582    /**
2583     * {@inheritDoc}
2584     */
2585    public DN getPasswordGeneratorDN() {
2586      String value = getPasswordGenerator();
2587      if (value == null) return null;
2588      return INSTANCE.getPasswordGeneratorPropertyDefinition().getChildDN(value);
2589    }
2590
2591
2592
2593    /**
2594     * {@inheritDoc}
2595     */
2596    public int getPasswordHistoryCount() {
2597      return pPasswordHistoryCount;
2598    }
2599
2600
2601
2602    /**
2603     * {@inheritDoc}
2604     */
2605    public long getPasswordHistoryDuration() {
2606      return pPasswordHistoryDuration;
2607    }
2608
2609
2610
2611    /**
2612     * {@inheritDoc}
2613     */
2614    public SortedSet<String> getPasswordValidator() {
2615      return pPasswordValidator;
2616    }
2617
2618
2619
2620    /**
2621     * {@inheritDoc}
2622     */
2623    public SortedSet<DN> getPasswordValidatorDNs() {
2624      SortedSet<String> values = getPasswordValidator();
2625      SortedSet<DN> dnValues = new TreeSet<DN>();
2626      for (String value : values) {
2627        DN dn = INSTANCE.getPasswordValidatorPropertyDefinition().getChildDN(value);
2628        dnValues.add(dn);
2629      }
2630      return dnValues;
2631    }
2632
2633
2634
2635    /**
2636     * {@inheritDoc}
2637     */
2638    public SortedSet<String> getPreviousLastLoginTimeFormat() {
2639      return pPreviousLastLoginTimeFormat;
2640    }
2641
2642
2643
2644    /**
2645     * {@inheritDoc}
2646     */
2647    public String getRequireChangeByTime() {
2648      return pRequireChangeByTime;
2649    }
2650
2651
2652
2653    /**
2654     * {@inheritDoc}
2655     */
2656    public boolean isRequireSecureAuthentication() {
2657      return pRequireSecureAuthentication;
2658    }
2659
2660
2661
2662    /**
2663     * {@inheritDoc}
2664     */
2665    public boolean isRequireSecurePasswordChanges() {
2666      return pRequireSecurePasswordChanges;
2667    }
2668
2669
2670
2671    /**
2672     * {@inheritDoc}
2673     */
2674    public boolean isSkipValidationForAdministrators() {
2675      return pSkipValidationForAdministrators;
2676    }
2677
2678
2679
2680    /**
2681     * {@inheritDoc}
2682     */
2683    public StateUpdateFailurePolicy getStateUpdateFailurePolicy() {
2684      return pStateUpdateFailurePolicy;
2685    }
2686
2687
2688
2689    /**
2690     * {@inheritDoc}
2691     */
2692    public Class<? extends PasswordPolicyCfg> configurationClass() {
2693      return PasswordPolicyCfg.class;
2694    }
2695
2696
2697
2698    /**
2699     * {@inheritDoc}
2700     */
2701    public DN dn() {
2702      return impl.getDN();
2703    }
2704
2705  }
2706}