001/* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt 010 * or http://forgerock.org/license/CDDLv1.0.html. 011 * See the License for the specific language governing permissions 012 * and limitations under the License. 013 * 014 * When distributing Covered Code, include this CDDL HEADER in each 015 * file and include the License file at legal-notices/CDDLv1_0.txt. 016 * If applicable, add the following below this CDDL HEADER, with the 017 * fields enclosed by brackets "[]" replaced with your own identifying 018 * information: 019 * Portions Copyright [yyyy] [name of copyright owner] 020 * 021 * CDDL HEADER END 022 * 023 * 024 * Copyright 2008 Sun Microsystems, Inc. 025 */ 026package org.forgerock.opendj.server.config.meta; 027 028 029 030import java.util.Collection; 031import java.util.SortedSet; 032import java.util.TreeSet; 033import org.forgerock.opendj.config.AdministratorAction; 034import org.forgerock.opendj.config.AggregationPropertyDefinition; 035import org.forgerock.opendj.config.AttributeTypePropertyDefinition; 036import org.forgerock.opendj.config.BooleanPropertyDefinition; 037import org.forgerock.opendj.config.ClassPropertyDefinition; 038import org.forgerock.opendj.config.client.ConcurrentModificationException; 039import org.forgerock.opendj.config.client.ManagedObject; 040import org.forgerock.opendj.config.client.MissingMandatoryPropertiesException; 041import org.forgerock.opendj.config.client.OperationRejectedException; 042import org.forgerock.opendj.config.conditions.Conditions; 043import org.forgerock.opendj.config.DefaultBehaviorProvider; 044import org.forgerock.opendj.config.DefinedDefaultBehaviorProvider; 045import org.forgerock.opendj.config.DurationPropertyDefinition; 046import org.forgerock.opendj.config.EnumPropertyDefinition; 047import org.forgerock.opendj.config.IntegerPropertyDefinition; 048import org.forgerock.opendj.config.ManagedObjectAlreadyExistsException; 049import org.forgerock.opendj.config.ManagedObjectDefinition; 050import org.forgerock.opendj.config.PropertyOption; 051import org.forgerock.opendj.config.PropertyProvider; 052import org.forgerock.opendj.config.server.ConfigurationChangeListener; 053import org.forgerock.opendj.config.server.ServerManagedObject; 054import org.forgerock.opendj.config.StringPropertyDefinition; 055import org.forgerock.opendj.config.Tag; 056import org.forgerock.opendj.config.UndefinedDefaultBehaviorProvider; 057import org.forgerock.opendj.ldap.DN; 058import org.forgerock.opendj.ldap.LdapException; 059import org.forgerock.opendj.ldap.schema.AttributeType; 060import org.forgerock.opendj.server.config.client.AccountStatusNotificationHandlerCfgClient; 061import org.forgerock.opendj.server.config.client.PasswordGeneratorCfgClient; 062import org.forgerock.opendj.server.config.client.PasswordPolicyCfgClient; 063import org.forgerock.opendj.server.config.client.PasswordStorageSchemeCfgClient; 064import org.forgerock.opendj.server.config.client.PasswordValidatorCfgClient; 065import org.forgerock.opendj.server.config.server.AccountStatusNotificationHandlerCfg; 066import org.forgerock.opendj.server.config.server.AuthenticationPolicyCfg; 067import org.forgerock.opendj.server.config.server.PasswordGeneratorCfg; 068import org.forgerock.opendj.server.config.server.PasswordPolicyCfg; 069import org.forgerock.opendj.server.config.server.PasswordStorageSchemeCfg; 070import org.forgerock.opendj.server.config.server.PasswordValidatorCfg; 071 072 073 074/** 075 * An interface for querying the Password Policy managed object 076 * definition meta information. 077 * <p> 078 * Password Policies define a number of password management rules, as 079 * well as requirements for authentication processing. 080 */ 081public final class PasswordPolicyCfgDefn extends ManagedObjectDefinition<PasswordPolicyCfgClient, PasswordPolicyCfg> { 082 083 // The singleton configuration definition instance. 084 private static final PasswordPolicyCfgDefn INSTANCE = new PasswordPolicyCfgDefn(); 085 086 087 088 /** 089 * Defines the set of permissable values for the "state-update-failure-policy" property. 090 * <p> 091 * Specifies how the server deals with the inability to update 092 * password policy state information during an authentication 093 * attempt. 094 * <p> 095 * In particular, this property can be used to control whether an 096 * otherwise successful bind operation fails if a failure occurs 097 * while attempting to update password policy state information (for 098 * example, to clear a record of previous authentication failures or 099 * to update the last login time). It can also be used to control 100 * whether to reject a bind request if it is known ahead of time that 101 * it will not be possible to update the authentication failure times 102 * in the event of an unsuccessful bind attempt (for example, if the 103 * backend writability mode is disabled). 104 */ 105 public static enum StateUpdateFailurePolicy { 106 107 /** 108 * If a bind attempt would otherwise be successful, then do not 109 * reject it if a problem occurs while attempting to update the 110 * password policy state information for the user. 111 */ 112 IGNORE("ignore"), 113 114 115 116 /** 117 * Proactively reject any bind attempt if it is known ahead of 118 * time that it would not be possible to update the user's password 119 * policy state information. 120 */ 121 PROACTIVE("proactive"), 122 123 124 125 /** 126 * Even if a bind attempt would otherwise be successful, reject it 127 * if a problem occurs while attempting to update the password 128 * policy state information for the user. 129 */ 130 REACTIVE("reactive"); 131 132 133 134 // String representation of the value. 135 private final String name; 136 137 138 139 // Private constructor. 140 private StateUpdateFailurePolicy(String name) { this.name = name; } 141 142 143 144 /** 145 * {@inheritDoc} 146 */ 147 public String toString() { return name; } 148 149 } 150 151 152 153 // The "account-status-notification-handler" property definition. 154 private static final AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER; 155 156 157 158 // The "allow-expired-password-changes" property definition. 159 private static final BooleanPropertyDefinition PD_ALLOW_EXPIRED_PASSWORD_CHANGES; 160 161 162 163 // The "allow-multiple-password-values" property definition. 164 private static final BooleanPropertyDefinition PD_ALLOW_MULTIPLE_PASSWORD_VALUES; 165 166 167 168 // The "allow-pre-encoded-passwords" property definition. 169 private static final BooleanPropertyDefinition PD_ALLOW_PRE_ENCODED_PASSWORDS; 170 171 172 173 // The "allow-user-password-changes" property definition. 174 private static final BooleanPropertyDefinition PD_ALLOW_USER_PASSWORD_CHANGES; 175 176 177 178 // The "default-password-storage-scheme" property definition. 179 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEFAULT_PASSWORD_STORAGE_SCHEME; 180 181 182 183 // The "deprecated-password-storage-scheme" property definition. 184 private static final AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> PD_DEPRECATED_PASSWORD_STORAGE_SCHEME; 185 186 187 188 // The "expire-passwords-without-warning" property definition. 189 private static final BooleanPropertyDefinition PD_EXPIRE_PASSWORDS_WITHOUT_WARNING; 190 191 192 193 // The "force-change-on-add" property definition. 194 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_ADD; 195 196 197 198 // The "force-change-on-reset" property definition. 199 private static final BooleanPropertyDefinition PD_FORCE_CHANGE_ON_RESET; 200 201 202 203 // The "grace-login-count" property definition. 204 private static final IntegerPropertyDefinition PD_GRACE_LOGIN_COUNT; 205 206 207 208 // The "idle-lockout-interval" property definition. 209 private static final DurationPropertyDefinition PD_IDLE_LOCKOUT_INTERVAL; 210 211 212 213 // The "java-class" property definition. 214 private static final ClassPropertyDefinition PD_JAVA_CLASS; 215 216 217 218 // The "last-login-time-attribute" property definition. 219 private static final AttributeTypePropertyDefinition PD_LAST_LOGIN_TIME_ATTRIBUTE; 220 221 222 223 // The "last-login-time-format" property definition. 224 private static final StringPropertyDefinition PD_LAST_LOGIN_TIME_FORMAT; 225 226 227 228 // The "lockout-duration" property definition. 229 private static final DurationPropertyDefinition PD_LOCKOUT_DURATION; 230 231 232 233 // The "lockout-failure-count" property definition. 234 private static final IntegerPropertyDefinition PD_LOCKOUT_FAILURE_COUNT; 235 236 237 238 // The "lockout-failure-expiration-interval" property definition. 239 private static final DurationPropertyDefinition PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL; 240 241 242 243 // The "max-password-age" property definition. 244 private static final DurationPropertyDefinition PD_MAX_PASSWORD_AGE; 245 246 247 248 // The "max-password-reset-age" property definition. 249 private static final DurationPropertyDefinition PD_MAX_PASSWORD_RESET_AGE; 250 251 252 253 // The "min-password-age" property definition. 254 private static final DurationPropertyDefinition PD_MIN_PASSWORD_AGE; 255 256 257 258 // The "password-attribute" property definition. 259 private static final AttributeTypePropertyDefinition PD_PASSWORD_ATTRIBUTE; 260 261 262 263 // The "password-change-requires-current-password" property definition. 264 private static final BooleanPropertyDefinition PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD; 265 266 267 268 // The "password-expiration-warning-interval" property definition. 269 private static final DurationPropertyDefinition PD_PASSWORD_EXPIRATION_WARNING_INTERVAL; 270 271 272 273 // The "password-generator" property definition. 274 private static final AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> PD_PASSWORD_GENERATOR; 275 276 277 278 // The "password-history-count" property definition. 279 private static final IntegerPropertyDefinition PD_PASSWORD_HISTORY_COUNT; 280 281 282 283 // The "password-history-duration" property definition. 284 private static final DurationPropertyDefinition PD_PASSWORD_HISTORY_DURATION; 285 286 287 288 // The "password-validator" property definition. 289 private static final AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> PD_PASSWORD_VALIDATOR; 290 291 292 293 // The "previous-last-login-time-format" property definition. 294 private static final StringPropertyDefinition PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT; 295 296 297 298 // The "require-change-by-time" property definition. 299 private static final StringPropertyDefinition PD_REQUIRE_CHANGE_BY_TIME; 300 301 302 303 // The "require-secure-authentication" property definition. 304 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_AUTHENTICATION; 305 306 307 308 // The "require-secure-password-changes" property definition. 309 private static final BooleanPropertyDefinition PD_REQUIRE_SECURE_PASSWORD_CHANGES; 310 311 312 313 // The "skip-validation-for-administrators" property definition. 314 private static final BooleanPropertyDefinition PD_SKIP_VALIDATION_FOR_ADMINISTRATORS; 315 316 317 318 // The "state-update-failure-policy" property definition. 319 private static final EnumPropertyDefinition<StateUpdateFailurePolicy> PD_STATE_UPDATE_FAILURE_POLICY; 320 321 322 323 // Build the "account-status-notification-handler" property definition. 324 static { 325 AggregationPropertyDefinition.Builder<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "account-status-notification-handler"); 326 builder.setOption(PropertyOption.MULTI_VALUED); 327 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "account-status-notification-handler")); 328 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 329 builder.setParentPath("/"); 330 builder.setRelationDefinition("account-status-notification-handler"); 331 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 332 PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER = builder.getInstance(); 333 INSTANCE.registerPropertyDefinition(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER); 334 INSTANCE.registerConstraint(PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER.getSourceConstraint()); 335 } 336 337 338 339 // Build the "allow-expired-password-changes" property definition. 340 static { 341 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-expired-password-changes"); 342 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-expired-password-changes")); 343 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 344 builder.setDefaultBehaviorProvider(provider); 345 PD_ALLOW_EXPIRED_PASSWORD_CHANGES = builder.getInstance(); 346 INSTANCE.registerPropertyDefinition(PD_ALLOW_EXPIRED_PASSWORD_CHANGES); 347 } 348 349 350 351 // Build the "allow-multiple-password-values" property definition. 352 static { 353 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-multiple-password-values"); 354 builder.setOption(PropertyOption.ADVANCED); 355 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-multiple-password-values")); 356 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 357 builder.setDefaultBehaviorProvider(provider); 358 PD_ALLOW_MULTIPLE_PASSWORD_VALUES = builder.getInstance(); 359 INSTANCE.registerPropertyDefinition(PD_ALLOW_MULTIPLE_PASSWORD_VALUES); 360 } 361 362 363 364 // Build the "allow-pre-encoded-passwords" property definition. 365 static { 366 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-pre-encoded-passwords"); 367 builder.setOption(PropertyOption.ADVANCED); 368 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-pre-encoded-passwords")); 369 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 370 builder.setDefaultBehaviorProvider(provider); 371 PD_ALLOW_PRE_ENCODED_PASSWORDS = builder.getInstance(); 372 INSTANCE.registerPropertyDefinition(PD_ALLOW_PRE_ENCODED_PASSWORDS); 373 } 374 375 376 377 // Build the "allow-user-password-changes" property definition. 378 static { 379 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "allow-user-password-changes"); 380 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "allow-user-password-changes")); 381 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("true"); 382 builder.setDefaultBehaviorProvider(provider); 383 PD_ALLOW_USER_PASSWORD_CHANGES = builder.getInstance(); 384 INSTANCE.registerPropertyDefinition(PD_ALLOW_USER_PASSWORD_CHANGES); 385 } 386 387 388 389 // Build the "default-password-storage-scheme" property definition. 390 static { 391 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "default-password-storage-scheme"); 392 builder.setOption(PropertyOption.MULTI_VALUED); 393 builder.setOption(PropertyOption.MANDATORY); 394 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "default-password-storage-scheme")); 395 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 396 builder.setParentPath("/"); 397 builder.setRelationDefinition("password-storage-scheme"); 398 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 399 PD_DEFAULT_PASSWORD_STORAGE_SCHEME = builder.getInstance(); 400 INSTANCE.registerPropertyDefinition(PD_DEFAULT_PASSWORD_STORAGE_SCHEME); 401 INSTANCE.registerConstraint(PD_DEFAULT_PASSWORD_STORAGE_SCHEME.getSourceConstraint()); 402 } 403 404 405 406 // Build the "deprecated-password-storage-scheme" property definition. 407 static { 408 AggregationPropertyDefinition.Builder<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "deprecated-password-storage-scheme"); 409 builder.setOption(PropertyOption.MULTI_VALUED); 410 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "deprecated-password-storage-scheme")); 411 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 412 builder.setParentPath("/"); 413 builder.setRelationDefinition("password-storage-scheme"); 414 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 415 PD_DEPRECATED_PASSWORD_STORAGE_SCHEME = builder.getInstance(); 416 INSTANCE.registerPropertyDefinition(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME); 417 INSTANCE.registerConstraint(PD_DEPRECATED_PASSWORD_STORAGE_SCHEME.getSourceConstraint()); 418 } 419 420 421 422 // Build the "expire-passwords-without-warning" property definition. 423 static { 424 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "expire-passwords-without-warning"); 425 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "expire-passwords-without-warning")); 426 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 427 builder.setDefaultBehaviorProvider(provider); 428 PD_EXPIRE_PASSWORDS_WITHOUT_WARNING = builder.getInstance(); 429 INSTANCE.registerPropertyDefinition(PD_EXPIRE_PASSWORDS_WITHOUT_WARNING); 430 } 431 432 433 434 // Build the "force-change-on-add" property definition. 435 static { 436 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-add"); 437 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-add")); 438 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 439 builder.setDefaultBehaviorProvider(provider); 440 PD_FORCE_CHANGE_ON_ADD = builder.getInstance(); 441 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_ADD); 442 } 443 444 445 446 // Build the "force-change-on-reset" property definition. 447 static { 448 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "force-change-on-reset"); 449 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "force-change-on-reset")); 450 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 451 builder.setDefaultBehaviorProvider(provider); 452 PD_FORCE_CHANGE_ON_RESET = builder.getInstance(); 453 INSTANCE.registerPropertyDefinition(PD_FORCE_CHANGE_ON_RESET); 454 } 455 456 457 458 // Build the "grace-login-count" property definition. 459 static { 460 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "grace-login-count"); 461 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "grace-login-count")); 462 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 463 builder.setDefaultBehaviorProvider(provider); 464 builder.setUpperLimit(2147483647); 465 builder.setLowerLimit(0); 466 PD_GRACE_LOGIN_COUNT = builder.getInstance(); 467 INSTANCE.registerPropertyDefinition(PD_GRACE_LOGIN_COUNT); 468 } 469 470 471 472 // Build the "idle-lockout-interval" property definition. 473 static { 474 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "idle-lockout-interval"); 475 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "idle-lockout-interval")); 476 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 477 builder.setDefaultBehaviorProvider(provider); 478 builder.setUpperLimit("2147483647"); 479 builder.setLowerLimit("0"); 480 PD_IDLE_LOCKOUT_INTERVAL = builder.getInstance(); 481 INSTANCE.registerPropertyDefinition(PD_IDLE_LOCKOUT_INTERVAL); 482 } 483 484 485 486 // Build the "java-class" property definition. 487 static { 488 ClassPropertyDefinition.Builder builder = ClassPropertyDefinition.createBuilder(INSTANCE, "java-class"); 489 builder.setOption(PropertyOption.MANDATORY); 490 builder.setOption(PropertyOption.ADVANCED); 491 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.COMPONENT_RESTART, INSTANCE, "java-class")); 492 DefaultBehaviorProvider<String> provider = new DefinedDefaultBehaviorProvider<String>("org.opends.server.core.PasswordPolicyFactory"); 493 builder.setDefaultBehaviorProvider(provider); 494 builder.addInstanceOf("org.opends.server.api.AuthenticationPolicyFactory"); 495 PD_JAVA_CLASS = builder.getInstance(); 496 INSTANCE.registerPropertyDefinition(PD_JAVA_CLASS); 497 } 498 499 500 501 // Build the "last-login-time-attribute" property definition. 502 static { 503 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "last-login-time-attribute"); 504 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-attribute")); 505 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 506 PD_LAST_LOGIN_TIME_ATTRIBUTE = builder.getInstance(); 507 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_ATTRIBUTE); 508 } 509 510 511 512 // Build the "last-login-time-format" property definition. 513 static { 514 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "last-login-time-format"); 515 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "last-login-time-format")); 516 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 517 builder.setPattern(".*", "STRING"); 518 PD_LAST_LOGIN_TIME_FORMAT = builder.getInstance(); 519 INSTANCE.registerPropertyDefinition(PD_LAST_LOGIN_TIME_FORMAT); 520 } 521 522 523 524 // Build the "lockout-duration" property definition. 525 static { 526 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-duration"); 527 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-duration")); 528 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 529 builder.setDefaultBehaviorProvider(provider); 530 builder.setBaseUnit("s"); 531 builder.setUpperLimit("2147483647"); 532 builder.setLowerLimit("0"); 533 PD_LOCKOUT_DURATION = builder.getInstance(); 534 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_DURATION); 535 } 536 537 538 539 // Build the "lockout-failure-count" property definition. 540 static { 541 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-count"); 542 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-count")); 543 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 544 builder.setDefaultBehaviorProvider(provider); 545 builder.setUpperLimit(2147483647); 546 builder.setLowerLimit(0); 547 PD_LOCKOUT_FAILURE_COUNT = builder.getInstance(); 548 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_COUNT); 549 } 550 551 552 553 // Build the "lockout-failure-expiration-interval" property definition. 554 static { 555 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "lockout-failure-expiration-interval"); 556 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "lockout-failure-expiration-interval")); 557 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 558 builder.setDefaultBehaviorProvider(provider); 559 builder.setBaseUnit("s"); 560 builder.setUpperLimit("2147483647"); 561 builder.setLowerLimit("0"); 562 PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL = builder.getInstance(); 563 INSTANCE.registerPropertyDefinition(PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL); 564 } 565 566 567 568 // Build the "max-password-age" property definition. 569 static { 570 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-age"); 571 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-age")); 572 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 573 builder.setDefaultBehaviorProvider(provider); 574 builder.setBaseUnit("s"); 575 builder.setUpperLimit("2147483647"); 576 builder.setLowerLimit("0"); 577 PD_MAX_PASSWORD_AGE = builder.getInstance(); 578 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_AGE); 579 } 580 581 582 583 // Build the "max-password-reset-age" property definition. 584 static { 585 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "max-password-reset-age"); 586 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "max-password-reset-age")); 587 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 588 builder.setDefaultBehaviorProvider(provider); 589 builder.setBaseUnit("s"); 590 builder.setUpperLimit("2147483647"); 591 builder.setLowerLimit("0"); 592 PD_MAX_PASSWORD_RESET_AGE = builder.getInstance(); 593 INSTANCE.registerPropertyDefinition(PD_MAX_PASSWORD_RESET_AGE); 594 } 595 596 597 598 // Build the "min-password-age" property definition. 599 static { 600 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "min-password-age"); 601 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "min-password-age")); 602 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 603 builder.setDefaultBehaviorProvider(provider); 604 builder.setBaseUnit("s"); 605 builder.setUpperLimit("2147483647"); 606 builder.setLowerLimit("0"); 607 PD_MIN_PASSWORD_AGE = builder.getInstance(); 608 INSTANCE.registerPropertyDefinition(PD_MIN_PASSWORD_AGE); 609 } 610 611 612 613 // Build the "password-attribute" property definition. 614 static { 615 AttributeTypePropertyDefinition.Builder builder = AttributeTypePropertyDefinition.createBuilder(INSTANCE, "password-attribute"); 616 builder.setOption(PropertyOption.MANDATORY); 617 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-attribute")); 618 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<AttributeType>()); 619 PD_PASSWORD_ATTRIBUTE = builder.getInstance(); 620 INSTANCE.registerPropertyDefinition(PD_PASSWORD_ATTRIBUTE); 621 } 622 623 624 625 // Build the "password-change-requires-current-password" property definition. 626 static { 627 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "password-change-requires-current-password"); 628 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-change-requires-current-password")); 629 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 630 builder.setDefaultBehaviorProvider(provider); 631 PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD = builder.getInstance(); 632 INSTANCE.registerPropertyDefinition(PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD); 633 } 634 635 636 637 // Build the "password-expiration-warning-interval" property definition. 638 static { 639 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-expiration-warning-interval"); 640 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-expiration-warning-interval")); 641 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("5 days"); 642 builder.setDefaultBehaviorProvider(provider); 643 PD_PASSWORD_EXPIRATION_WARNING_INTERVAL = builder.getInstance(); 644 INSTANCE.registerPropertyDefinition(PD_PASSWORD_EXPIRATION_WARNING_INTERVAL); 645 } 646 647 648 649 // Build the "password-generator" property definition. 650 static { 651 AggregationPropertyDefinition.Builder<PasswordGeneratorCfgClient, PasswordGeneratorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-generator"); 652 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-generator")); 653 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 654 builder.setParentPath("/"); 655 builder.setRelationDefinition("password-generator"); 656 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 657 PD_PASSWORD_GENERATOR = builder.getInstance(); 658 INSTANCE.registerPropertyDefinition(PD_PASSWORD_GENERATOR); 659 INSTANCE.registerConstraint(PD_PASSWORD_GENERATOR.getSourceConstraint()); 660 } 661 662 663 664 // Build the "password-history-count" property definition. 665 static { 666 IntegerPropertyDefinition.Builder builder = IntegerPropertyDefinition.createBuilder(INSTANCE, "password-history-count"); 667 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-count")); 668 DefaultBehaviorProvider<Integer> provider = new DefinedDefaultBehaviorProvider<Integer>("0"); 669 builder.setDefaultBehaviorProvider(provider); 670 builder.setUpperLimit(2147483647); 671 builder.setLowerLimit(0); 672 PD_PASSWORD_HISTORY_COUNT = builder.getInstance(); 673 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_COUNT); 674 } 675 676 677 678 // Build the "password-history-duration" property definition. 679 static { 680 DurationPropertyDefinition.Builder builder = DurationPropertyDefinition.createBuilder(INSTANCE, "password-history-duration"); 681 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-history-duration")); 682 DefaultBehaviorProvider<Long> provider = new DefinedDefaultBehaviorProvider<Long>("0 seconds"); 683 builder.setDefaultBehaviorProvider(provider); 684 builder.setAllowUnlimited(false); 685 builder.setBaseUnit("s"); 686 builder.setUpperLimit("2147483647"); 687 builder.setLowerLimit("0"); 688 PD_PASSWORD_HISTORY_DURATION = builder.getInstance(); 689 INSTANCE.registerPropertyDefinition(PD_PASSWORD_HISTORY_DURATION); 690 } 691 692 693 694 // Build the "password-validator" property definition. 695 static { 696 AggregationPropertyDefinition.Builder<PasswordValidatorCfgClient, PasswordValidatorCfg> builder = AggregationPropertyDefinition.createBuilder(INSTANCE, "password-validator"); 697 builder.setOption(PropertyOption.MULTI_VALUED); 698 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "password-validator")); 699 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 700 builder.setParentPath("/"); 701 builder.setRelationDefinition("password-validator"); 702 builder.setTargetIsEnabledCondition(Conditions.contains("enabled", "true")); 703 PD_PASSWORD_VALIDATOR = builder.getInstance(); 704 INSTANCE.registerPropertyDefinition(PD_PASSWORD_VALIDATOR); 705 INSTANCE.registerConstraint(PD_PASSWORD_VALIDATOR.getSourceConstraint()); 706 } 707 708 709 710 // Build the "previous-last-login-time-format" property definition. 711 static { 712 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "previous-last-login-time-format"); 713 builder.setOption(PropertyOption.MULTI_VALUED); 714 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "previous-last-login-time-format")); 715 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 716 builder.setPattern(".*", "STRING"); 717 PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT = builder.getInstance(); 718 INSTANCE.registerPropertyDefinition(PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT); 719 } 720 721 722 723 // Build the "require-change-by-time" property definition. 724 static { 725 StringPropertyDefinition.Builder builder = StringPropertyDefinition.createBuilder(INSTANCE, "require-change-by-time"); 726 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-change-by-time")); 727 builder.setDefaultBehaviorProvider(new UndefinedDefaultBehaviorProvider<String>()); 728 builder.setPattern(".*", "STRING"); 729 PD_REQUIRE_CHANGE_BY_TIME = builder.getInstance(); 730 INSTANCE.registerPropertyDefinition(PD_REQUIRE_CHANGE_BY_TIME); 731 } 732 733 734 735 // Build the "require-secure-authentication" property definition. 736 static { 737 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-authentication"); 738 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-authentication")); 739 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 740 builder.setDefaultBehaviorProvider(provider); 741 PD_REQUIRE_SECURE_AUTHENTICATION = builder.getInstance(); 742 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_AUTHENTICATION); 743 } 744 745 746 747 // Build the "require-secure-password-changes" property definition. 748 static { 749 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "require-secure-password-changes"); 750 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "require-secure-password-changes")); 751 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 752 builder.setDefaultBehaviorProvider(provider); 753 PD_REQUIRE_SECURE_PASSWORD_CHANGES = builder.getInstance(); 754 INSTANCE.registerPropertyDefinition(PD_REQUIRE_SECURE_PASSWORD_CHANGES); 755 } 756 757 758 759 // Build the "skip-validation-for-administrators" property definition. 760 static { 761 BooleanPropertyDefinition.Builder builder = BooleanPropertyDefinition.createBuilder(INSTANCE, "skip-validation-for-administrators"); 762 builder.setOption(PropertyOption.ADVANCED); 763 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "skip-validation-for-administrators")); 764 DefaultBehaviorProvider<Boolean> provider = new DefinedDefaultBehaviorProvider<Boolean>("false"); 765 builder.setDefaultBehaviorProvider(provider); 766 PD_SKIP_VALIDATION_FOR_ADMINISTRATORS = builder.getInstance(); 767 INSTANCE.registerPropertyDefinition(PD_SKIP_VALIDATION_FOR_ADMINISTRATORS); 768 } 769 770 771 772 // Build the "state-update-failure-policy" property definition. 773 static { 774 EnumPropertyDefinition.Builder<StateUpdateFailurePolicy> builder = EnumPropertyDefinition.createBuilder(INSTANCE, "state-update-failure-policy"); 775 builder.setOption(PropertyOption.ADVANCED); 776 builder.setAdministratorAction(new AdministratorAction(AdministratorAction.Type.NONE, INSTANCE, "state-update-failure-policy")); 777 DefaultBehaviorProvider<StateUpdateFailurePolicy> provider = new DefinedDefaultBehaviorProvider<StateUpdateFailurePolicy>("reactive"); 778 builder.setDefaultBehaviorProvider(provider); 779 builder.setEnumClass(StateUpdateFailurePolicy.class); 780 PD_STATE_UPDATE_FAILURE_POLICY = builder.getInstance(); 781 INSTANCE.registerPropertyDefinition(PD_STATE_UPDATE_FAILURE_POLICY); 782 } 783 784 785 786 // Register the tags associated with this managed object definition. 787 static { 788 INSTANCE.registerTag(Tag.valueOf("user-management")); 789 } 790 791 792 793 /** 794 * Get the Password Policy configuration definition singleton. 795 * 796 * @return Returns the Password Policy configuration definition 797 * singleton. 798 */ 799 public static PasswordPolicyCfgDefn getInstance() { 800 return INSTANCE; 801 } 802 803 804 805 /** 806 * Private constructor. 807 */ 808 private PasswordPolicyCfgDefn() { 809 super("password-policy", AuthenticationPolicyCfgDefn.getInstance()); 810 } 811 812 813 814 /** 815 * {@inheritDoc} 816 */ 817 public PasswordPolicyCfgClient createClientConfiguration( 818 ManagedObject<? extends PasswordPolicyCfgClient> impl) { 819 return new PasswordPolicyCfgClientImpl(impl); 820 } 821 822 823 824 /** 825 * {@inheritDoc} 826 */ 827 public PasswordPolicyCfg createServerConfiguration( 828 ServerManagedObject<? extends PasswordPolicyCfg> impl) { 829 return new PasswordPolicyCfgServerImpl(impl); 830 } 831 832 833 834 /** 835 * {@inheritDoc} 836 */ 837 public Class<PasswordPolicyCfg> getServerConfigurationClass() { 838 return PasswordPolicyCfg.class; 839 } 840 841 842 843 /** 844 * Get the "account-status-notification-handler" property definition. 845 * <p> 846 * Specifies the names of the account status notification handlers 847 * that are used with the associated password storage scheme. 848 * 849 * @return Returns the "account-status-notification-handler" property definition. 850 */ 851 public AggregationPropertyDefinition<AccountStatusNotificationHandlerCfgClient, AccountStatusNotificationHandlerCfg> getAccountStatusNotificationHandlerPropertyDefinition() { 852 return PD_ACCOUNT_STATUS_NOTIFICATION_HANDLER; 853 } 854 855 856 857 /** 858 * Get the "allow-expired-password-changes" property definition. 859 * <p> 860 * Indicates whether a user whose password is expired is still 861 * allowed to change that password using the password modify extended 862 * operation. 863 * 864 * @return Returns the "allow-expired-password-changes" property definition. 865 */ 866 public BooleanPropertyDefinition getAllowExpiredPasswordChangesPropertyDefinition() { 867 return PD_ALLOW_EXPIRED_PASSWORD_CHANGES; 868 } 869 870 871 872 /** 873 * Get the "allow-multiple-password-values" property definition. 874 * <p> 875 * Indicates whether user entries can have multiple distinct values 876 * for the password attribute. 877 * <p> 878 * This is potentially dangerous because many mechanisms used to 879 * change the password do not work well with such a configuration. If 880 * multiple password values are allowed, then any of them can be used 881 * to authenticate, and they are all subject to the same policy 882 * constraints. 883 * 884 * @return Returns the "allow-multiple-password-values" property definition. 885 */ 886 public BooleanPropertyDefinition getAllowMultiplePasswordValuesPropertyDefinition() { 887 return PD_ALLOW_MULTIPLE_PASSWORD_VALUES; 888 } 889 890 891 892 /** 893 * Get the "allow-pre-encoded-passwords" property definition. 894 * <p> 895 * Indicates whether users can change their passwords by providing a 896 * pre-encoded value. 897 * <p> 898 * This can cause a security risk because the clear-text version of 899 * the password is not known and therefore validation checks cannot 900 * be applied to it. 901 * 902 * @return Returns the "allow-pre-encoded-passwords" property definition. 903 */ 904 public BooleanPropertyDefinition getAllowPreEncodedPasswordsPropertyDefinition() { 905 return PD_ALLOW_PRE_ENCODED_PASSWORDS; 906 } 907 908 909 910 /** 911 * Get the "allow-user-password-changes" property definition. 912 * <p> 913 * Indicates whether users can change their own passwords. 914 * <p> 915 * This check is made in addition to access control evaluation. Both 916 * must allow the password change for it to occur. 917 * 918 * @return Returns the "allow-user-password-changes" property definition. 919 */ 920 public BooleanPropertyDefinition getAllowUserPasswordChangesPropertyDefinition() { 921 return PD_ALLOW_USER_PASSWORD_CHANGES; 922 } 923 924 925 926 /** 927 * Get the "default-password-storage-scheme" property definition. 928 * <p> 929 * Specifies the names of the password storage schemes that are used 930 * to encode clear-text passwords for this password policy. 931 * 932 * @return Returns the "default-password-storage-scheme" property definition. 933 */ 934 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDefaultPasswordStorageSchemePropertyDefinition() { 935 return PD_DEFAULT_PASSWORD_STORAGE_SCHEME; 936 } 937 938 939 940 /** 941 * Get the "deprecated-password-storage-scheme" property definition. 942 * <p> 943 * Specifies the names of the password storage schemes that are 944 * considered deprecated for this password policy. 945 * <p> 946 * If a user with this password policy authenticates to the server 947 * and his/her password is encoded with a deprecated scheme, those 948 * values are removed and replaced with values encoded using the 949 * default password storage scheme(s). 950 * 951 * @return Returns the "deprecated-password-storage-scheme" property definition. 952 */ 953 public AggregationPropertyDefinition<PasswordStorageSchemeCfgClient, PasswordStorageSchemeCfg> getDeprecatedPasswordStorageSchemePropertyDefinition() { 954 return PD_DEPRECATED_PASSWORD_STORAGE_SCHEME; 955 } 956 957 958 959 /** 960 * Get the "expire-passwords-without-warning" property definition. 961 * <p> 962 * Indicates whether the directory server allows a user's password 963 * to expire even if that user has never seen an expiration warning 964 * notification. 965 * <p> 966 * If this property is true, accounts always expire when the 967 * expiration time arrives. If this property is false or disabled, 968 * the user always receives at least one warning notification, and 969 * the password expiration is set to the warning time plus the 970 * warning interval. 971 * 972 * @return Returns the "expire-passwords-without-warning" property definition. 973 */ 974 public BooleanPropertyDefinition getExpirePasswordsWithoutWarningPropertyDefinition() { 975 return PD_EXPIRE_PASSWORDS_WITHOUT_WARNING; 976 } 977 978 979 980 /** 981 * Get the "force-change-on-add" property definition. 982 * <p> 983 * Indicates whether users are forced to change their passwords upon 984 * first authenticating to the directory server after their account 985 * has been created. 986 * 987 * @return Returns the "force-change-on-add" property definition. 988 */ 989 public BooleanPropertyDefinition getForceChangeOnAddPropertyDefinition() { 990 return PD_FORCE_CHANGE_ON_ADD; 991 } 992 993 994 995 /** 996 * Get the "force-change-on-reset" property definition. 997 * <p> 998 * Indicates whether users are forced to change their passwords if 999 * they are reset by an administrator. 1000 * <p> 1001 * For this purpose, anyone with permission to change a given user's 1002 * password other than that user is considered an administrator. 1003 * 1004 * @return Returns the "force-change-on-reset" property definition. 1005 */ 1006 public BooleanPropertyDefinition getForceChangeOnResetPropertyDefinition() { 1007 return PD_FORCE_CHANGE_ON_RESET; 1008 } 1009 1010 1011 1012 /** 1013 * Get the "grace-login-count" property definition. 1014 * <p> 1015 * Specifies the number of grace logins that a user is allowed after 1016 * the account has expired to allow that user to choose a new 1017 * password. 1018 * <p> 1019 * A value of 0 indicates that no grace logins are allowed. 1020 * 1021 * @return Returns the "grace-login-count" property definition. 1022 */ 1023 public IntegerPropertyDefinition getGraceLoginCountPropertyDefinition() { 1024 return PD_GRACE_LOGIN_COUNT; 1025 } 1026 1027 1028 1029 /** 1030 * Get the "idle-lockout-interval" property definition. 1031 * <p> 1032 * Specifies the maximum length of time that an account may remain 1033 * idle (that is, the associated user does not authenticate to the 1034 * server) before that user is locked out. 1035 * <p> 1036 * The value of this attribute is an integer followed by a unit of 1037 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1038 * indicates that idle accounts are not automatically locked out. 1039 * This feature is available only if the last login time is 1040 * maintained. 1041 * 1042 * @return Returns the "idle-lockout-interval" property definition. 1043 */ 1044 public DurationPropertyDefinition getIdleLockoutIntervalPropertyDefinition() { 1045 return PD_IDLE_LOCKOUT_INTERVAL; 1046 } 1047 1048 1049 1050 /** 1051 * Get the "java-class" property definition. 1052 * <p> 1053 * Specifies the fully-qualified name of the Java class which 1054 * provides the Password Policy implementation. 1055 * 1056 * @return Returns the "java-class" property definition. 1057 */ 1058 public ClassPropertyDefinition getJavaClassPropertyDefinition() { 1059 return PD_JAVA_CLASS; 1060 } 1061 1062 1063 1064 /** 1065 * Get the "last-login-time-attribute" property definition. 1066 * <p> 1067 * Specifies the name or OID of the attribute type that is used to 1068 * hold the last login time for users with the associated password 1069 * policy. 1070 * <p> 1071 * This attribute type must be defined in the directory server 1072 * schema and must either be defined as an operational attribute or 1073 * must be allowed by the set of objectClasses for all users with the 1074 * associated password policy. 1075 * 1076 * @return Returns the "last-login-time-attribute" property definition. 1077 */ 1078 public AttributeTypePropertyDefinition getLastLoginTimeAttributePropertyDefinition() { 1079 return PD_LAST_LOGIN_TIME_ATTRIBUTE; 1080 } 1081 1082 1083 1084 /** 1085 * Get the "last-login-time-format" property definition. 1086 * <p> 1087 * Specifies the format string that is used to generate the last 1088 * login time value for users with the associated password policy. 1089 * <p> 1090 * This format string conforms to the syntax described in the API 1091 * documentation for the java.text.SimpleDateFormat class. 1092 * 1093 * @return Returns the "last-login-time-format" property definition. 1094 */ 1095 public StringPropertyDefinition getLastLoginTimeFormatPropertyDefinition() { 1096 return PD_LAST_LOGIN_TIME_FORMAT; 1097 } 1098 1099 1100 1101 /** 1102 * Get the "lockout-duration" property definition. 1103 * <p> 1104 * Specifies the length of time that an account is locked after too 1105 * many authentication failures. 1106 * <p> 1107 * The value of this attribute is an integer followed by a unit of 1108 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1109 * indicates that the account must remain locked until an 1110 * administrator resets the password. 1111 * 1112 * @return Returns the "lockout-duration" property definition. 1113 */ 1114 public DurationPropertyDefinition getLockoutDurationPropertyDefinition() { 1115 return PD_LOCKOUT_DURATION; 1116 } 1117 1118 1119 1120 /** 1121 * Get the "lockout-failure-count" property definition. 1122 * <p> 1123 * Specifies the maximum number of authentication failures that a 1124 * user is allowed before the account is locked out. 1125 * <p> 1126 * A value of 0 indicates that accounts are never locked out due to 1127 * failed attempts. 1128 * 1129 * @return Returns the "lockout-failure-count" property definition. 1130 */ 1131 public IntegerPropertyDefinition getLockoutFailureCountPropertyDefinition() { 1132 return PD_LOCKOUT_FAILURE_COUNT; 1133 } 1134 1135 1136 1137 /** 1138 * Get the "lockout-failure-expiration-interval" property definition. 1139 * <p> 1140 * Specifies the length of time before an authentication failure is 1141 * no longer counted against a user for the purposes of account 1142 * lockout. 1143 * <p> 1144 * The value of this attribute is an integer followed by a unit of 1145 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1146 * indicates that the authentication failures must never expire. The 1147 * failure count is always cleared upon a successful authentication. 1148 * 1149 * @return Returns the "lockout-failure-expiration-interval" property definition. 1150 */ 1151 public DurationPropertyDefinition getLockoutFailureExpirationIntervalPropertyDefinition() { 1152 return PD_LOCKOUT_FAILURE_EXPIRATION_INTERVAL; 1153 } 1154 1155 1156 1157 /** 1158 * Get the "max-password-age" property definition. 1159 * <p> 1160 * Specifies the maximum length of time that a user can continue 1161 * using the same password before it must be changed (that is, the 1162 * password expiration interval). 1163 * <p> 1164 * The value of this attribute is an integer followed by a unit of 1165 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1166 * disables password expiration. 1167 * 1168 * @return Returns the "max-password-age" property definition. 1169 */ 1170 public DurationPropertyDefinition getMaxPasswordAgePropertyDefinition() { 1171 return PD_MAX_PASSWORD_AGE; 1172 } 1173 1174 1175 1176 /** 1177 * Get the "max-password-reset-age" property definition. 1178 * <p> 1179 * Specifies the maximum length of time that users have to change 1180 * passwords after they have been reset by an administrator before 1181 * they become locked. 1182 * <p> 1183 * The value of this attribute is an integer followed by a unit of 1184 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1185 * disables this feature. 1186 * 1187 * @return Returns the "max-password-reset-age" property definition. 1188 */ 1189 public DurationPropertyDefinition getMaxPasswordResetAgePropertyDefinition() { 1190 return PD_MAX_PASSWORD_RESET_AGE; 1191 } 1192 1193 1194 1195 /** 1196 * Get the "min-password-age" property definition. 1197 * <p> 1198 * Specifies the minimum length of time after a password change 1199 * before the user is allowed to change the password again. 1200 * <p> 1201 * The value of this attribute is an integer followed by a unit of 1202 * seconds, minutes, hours, days, or weeks. This setting can be used 1203 * to prevent users from changing their passwords repeatedly over a 1204 * short period of time to flush an old password from the history so 1205 * that it can be re-used. 1206 * 1207 * @return Returns the "min-password-age" property definition. 1208 */ 1209 public DurationPropertyDefinition getMinPasswordAgePropertyDefinition() { 1210 return PD_MIN_PASSWORD_AGE; 1211 } 1212 1213 1214 1215 /** 1216 * Get the "password-attribute" property definition. 1217 * <p> 1218 * Specifies the attribute type used to hold user passwords. 1219 * <p> 1220 * This attribute type must be defined in the server schema, and it 1221 * must have either the user password or auth password syntax. 1222 * 1223 * @return Returns the "password-attribute" property definition. 1224 */ 1225 public AttributeTypePropertyDefinition getPasswordAttributePropertyDefinition() { 1226 return PD_PASSWORD_ATTRIBUTE; 1227 } 1228 1229 1230 1231 /** 1232 * Get the "password-change-requires-current-password" property definition. 1233 * <p> 1234 * Indicates whether user password changes must use the password 1235 * modify extended operation and must include the user's current 1236 * password before the change is allowed. 1237 * 1238 * @return Returns the "password-change-requires-current-password" property definition. 1239 */ 1240 public BooleanPropertyDefinition getPasswordChangeRequiresCurrentPasswordPropertyDefinition() { 1241 return PD_PASSWORD_CHANGE_REQUIRES_CURRENT_PASSWORD; 1242 } 1243 1244 1245 1246 /** 1247 * Get the "password-expiration-warning-interval" property definition. 1248 * <p> 1249 * Specifies the maximum length of time before a user's password 1250 * actually expires that the server begins to include warning 1251 * notifications in bind responses for that user. 1252 * <p> 1253 * The value of this attribute is an integer followed by a unit of 1254 * seconds, minutes, hours, days, or weeks. A value of 0 seconds 1255 * disables the warning interval. 1256 * 1257 * @return Returns the "password-expiration-warning-interval" property definition. 1258 */ 1259 public DurationPropertyDefinition getPasswordExpirationWarningIntervalPropertyDefinition() { 1260 return PD_PASSWORD_EXPIRATION_WARNING_INTERVAL; 1261 } 1262 1263 1264 1265 /** 1266 * Get the "password-generator" property definition. 1267 * <p> 1268 * Specifies the name of the password generator that is used with 1269 * the associated password policy. 1270 * <p> 1271 * This is used in conjunction with the password modify extended 1272 * operation to generate a new password for a user when none was 1273 * provided in the request. 1274 * 1275 * @return Returns the "password-generator" property definition. 1276 */ 1277 public AggregationPropertyDefinition<PasswordGeneratorCfgClient, PasswordGeneratorCfg> getPasswordGeneratorPropertyDefinition() { 1278 return PD_PASSWORD_GENERATOR; 1279 } 1280 1281 1282 1283 /** 1284 * Get the "password-history-count" property definition. 1285 * <p> 1286 * Specifies the maximum number of former passwords to maintain in 1287 * the password history. 1288 * <p> 1289 * When choosing a new password, the proposed password is checked to 1290 * ensure that it does not match the current password, nor any other 1291 * password in the history list. A value of zero indicates that 1292 * either no password history is to be maintained (if the password 1293 * history duration has a value of zero seconds), or that there is no 1294 * maximum number of passwords to maintain in the history (if the 1295 * password history duration has a value greater than zero seconds). 1296 * 1297 * @return Returns the "password-history-count" property definition. 1298 */ 1299 public IntegerPropertyDefinition getPasswordHistoryCountPropertyDefinition() { 1300 return PD_PASSWORD_HISTORY_COUNT; 1301 } 1302 1303 1304 1305 /** 1306 * Get the "password-history-duration" property definition. 1307 * <p> 1308 * Specifies the maximum length of time that passwords remain in the 1309 * password history. 1310 * <p> 1311 * When choosing a new password, the proposed password is checked to 1312 * ensure that it does not match the current password, nor any other 1313 * password in the history list. A value of zero seconds indicates 1314 * that either no password history is to be maintained (if the 1315 * password history count has a value of zero), or that there is no 1316 * maximum duration for passwords in the history (if the password 1317 * history count has a value greater than zero). 1318 * 1319 * @return Returns the "password-history-duration" property definition. 1320 */ 1321 public DurationPropertyDefinition getPasswordHistoryDurationPropertyDefinition() { 1322 return PD_PASSWORD_HISTORY_DURATION; 1323 } 1324 1325 1326 1327 /** 1328 * Get the "password-validator" property definition. 1329 * <p> 1330 * Specifies the names of the password validators that are used with 1331 * the associated password storage scheme. 1332 * <p> 1333 * The password validators are invoked when a user attempts to 1334 * provide a new password, to determine whether the new password is 1335 * acceptable. 1336 * 1337 * @return Returns the "password-validator" property definition. 1338 */ 1339 public AggregationPropertyDefinition<PasswordValidatorCfgClient, PasswordValidatorCfg> getPasswordValidatorPropertyDefinition() { 1340 return PD_PASSWORD_VALIDATOR; 1341 } 1342 1343 1344 1345 /** 1346 * Get the "previous-last-login-time-format" property definition. 1347 * <p> 1348 * Specifies the format string(s) that might have been used with the 1349 * last login time at any point in the past for users associated with 1350 * the password policy. 1351 * <p> 1352 * These values are used to make it possible to parse previous 1353 * values, but are not used to set new values. The format strings 1354 * conform to the syntax described in the API documentation for the 1355 * java.text.SimpleDateFormat class. 1356 * 1357 * @return Returns the "previous-last-login-time-format" property definition. 1358 */ 1359 public StringPropertyDefinition getPreviousLastLoginTimeFormatPropertyDefinition() { 1360 return PD_PREVIOUS_LAST_LOGIN_TIME_FORMAT; 1361 } 1362 1363 1364 1365 /** 1366 * Get the "require-change-by-time" property definition. 1367 * <p> 1368 * Specifies the time by which all users with the associated 1369 * password policy must change their passwords. 1370 * <p> 1371 * The value is expressed in a generalized time format. If this time 1372 * is equal to the current time or is in the past, then all users are 1373 * required to change their passwords immediately. The behavior of 1374 * the server in this mode is identical to the behavior observed when 1375 * users are forced to change their passwords after an administrative 1376 * reset. 1377 * 1378 * @return Returns the "require-change-by-time" property definition. 1379 */ 1380 public StringPropertyDefinition getRequireChangeByTimePropertyDefinition() { 1381 return PD_REQUIRE_CHANGE_BY_TIME; 1382 } 1383 1384 1385 1386 /** 1387 * Get the "require-secure-authentication" property definition. 1388 * <p> 1389 * Indicates whether users with the associated password policy are 1390 * required to authenticate in a secure manner. 1391 * <p> 1392 * This might mean either using a secure communication channel 1393 * between the client and the server, or using a SASL mechanism that 1394 * does not expose the credentials. 1395 * 1396 * @return Returns the "require-secure-authentication" property definition. 1397 */ 1398 public BooleanPropertyDefinition getRequireSecureAuthenticationPropertyDefinition() { 1399 return PD_REQUIRE_SECURE_AUTHENTICATION; 1400 } 1401 1402 1403 1404 /** 1405 * Get the "require-secure-password-changes" property definition. 1406 * <p> 1407 * Indicates whether users with the associated password policy are 1408 * required to change their password in a secure manner that does not 1409 * expose the credentials. 1410 * 1411 * @return Returns the "require-secure-password-changes" property definition. 1412 */ 1413 public BooleanPropertyDefinition getRequireSecurePasswordChangesPropertyDefinition() { 1414 return PD_REQUIRE_SECURE_PASSWORD_CHANGES; 1415 } 1416 1417 1418 1419 /** 1420 * Get the "skip-validation-for-administrators" property definition. 1421 * <p> 1422 * Indicates whether passwords set by administrators are allowed to 1423 * bypass the password validation process that is required for user 1424 * password changes. 1425 * 1426 * @return Returns the "skip-validation-for-administrators" property definition. 1427 */ 1428 public BooleanPropertyDefinition getSkipValidationForAdministratorsPropertyDefinition() { 1429 return PD_SKIP_VALIDATION_FOR_ADMINISTRATORS; 1430 } 1431 1432 1433 1434 /** 1435 * Get the "state-update-failure-policy" property definition. 1436 * <p> 1437 * Specifies how the server deals with the inability to update 1438 * password policy state information during an authentication 1439 * attempt. 1440 * <p> 1441 * In particular, this property can be used to control whether an 1442 * otherwise successful bind operation fails if a failure occurs 1443 * while attempting to update password policy state information (for 1444 * example, to clear a record of previous authentication failures or 1445 * to update the last login time). It can also be used to control 1446 * whether to reject a bind request if it is known ahead of time that 1447 * it will not be possible to update the authentication failure times 1448 * in the event of an unsuccessful bind attempt (for example, if the 1449 * backend writability mode is disabled). 1450 * 1451 * @return Returns the "state-update-failure-policy" property definition. 1452 */ 1453 public EnumPropertyDefinition<StateUpdateFailurePolicy> getStateUpdateFailurePolicyPropertyDefinition() { 1454 return PD_STATE_UPDATE_FAILURE_POLICY; 1455 } 1456 1457 1458 1459 /** 1460 * Managed object client implementation. 1461 */ 1462 private static class PasswordPolicyCfgClientImpl implements 1463 PasswordPolicyCfgClient { 1464 1465 // Private implementation. 1466 private ManagedObject<? extends PasswordPolicyCfgClient> impl; 1467 1468 1469 1470 // Private constructor. 1471 private PasswordPolicyCfgClientImpl( 1472 ManagedObject<? extends PasswordPolicyCfgClient> impl) { 1473 this.impl = impl; 1474 } 1475 1476 1477 1478 /** 1479 * {@inheritDoc} 1480 */ 1481 public SortedSet<String> getAccountStatusNotificationHandler() { 1482 return impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition()); 1483 } 1484 1485 1486 1487 /** 1488 * {@inheritDoc} 1489 */ 1490 public void setAccountStatusNotificationHandler(Collection<String> values) { 1491 impl.setPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition(), values); 1492 } 1493 1494 1495 1496 /** 1497 * {@inheritDoc} 1498 */ 1499 public boolean isAllowExpiredPasswordChanges() { 1500 return impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition()); 1501 } 1502 1503 1504 1505 /** 1506 * {@inheritDoc} 1507 */ 1508 public void setAllowExpiredPasswordChanges(Boolean value) { 1509 impl.setPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition(), value); 1510 } 1511 1512 1513 1514 /** 1515 * {@inheritDoc} 1516 */ 1517 public boolean isAllowMultiplePasswordValues() { 1518 return impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition()); 1519 } 1520 1521 1522 1523 /** 1524 * {@inheritDoc} 1525 */ 1526 public void setAllowMultiplePasswordValues(Boolean value) { 1527 impl.setPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition(), value); 1528 } 1529 1530 1531 1532 /** 1533 * {@inheritDoc} 1534 */ 1535 public boolean isAllowPreEncodedPasswords() { 1536 return impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition()); 1537 } 1538 1539 1540 1541 /** 1542 * {@inheritDoc} 1543 */ 1544 public void setAllowPreEncodedPasswords(Boolean value) { 1545 impl.setPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition(), value); 1546 } 1547 1548 1549 1550 /** 1551 * {@inheritDoc} 1552 */ 1553 public boolean isAllowUserPasswordChanges() { 1554 return impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition()); 1555 } 1556 1557 1558 1559 /** 1560 * {@inheritDoc} 1561 */ 1562 public void setAllowUserPasswordChanges(Boolean value) { 1563 impl.setPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition(), value); 1564 } 1565 1566 1567 1568 /** 1569 * {@inheritDoc} 1570 */ 1571 public SortedSet<String> getDefaultPasswordStorageScheme() { 1572 return impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition()); 1573 } 1574 1575 1576 1577 /** 1578 * {@inheritDoc} 1579 */ 1580 public void setDefaultPasswordStorageScheme(Collection<String> values) { 1581 impl.setPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition(), values); 1582 } 1583 1584 1585 1586 /** 1587 * {@inheritDoc} 1588 */ 1589 public SortedSet<String> getDeprecatedPasswordStorageScheme() { 1590 return impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition()); 1591 } 1592 1593 1594 1595 /** 1596 * {@inheritDoc} 1597 */ 1598 public void setDeprecatedPasswordStorageScheme(Collection<String> values) { 1599 impl.setPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition(), values); 1600 } 1601 1602 1603 1604 /** 1605 * {@inheritDoc} 1606 */ 1607 public boolean isExpirePasswordsWithoutWarning() { 1608 return impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition()); 1609 } 1610 1611 1612 1613 /** 1614 * {@inheritDoc} 1615 */ 1616 public void setExpirePasswordsWithoutWarning(Boolean value) { 1617 impl.setPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition(), value); 1618 } 1619 1620 1621 1622 /** 1623 * {@inheritDoc} 1624 */ 1625 public boolean isForceChangeOnAdd() { 1626 return impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition()); 1627 } 1628 1629 1630 1631 /** 1632 * {@inheritDoc} 1633 */ 1634 public void setForceChangeOnAdd(Boolean value) { 1635 impl.setPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition(), value); 1636 } 1637 1638 1639 1640 /** 1641 * {@inheritDoc} 1642 */ 1643 public boolean isForceChangeOnReset() { 1644 return impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition()); 1645 } 1646 1647 1648 1649 /** 1650 * {@inheritDoc} 1651 */ 1652 public void setForceChangeOnReset(Boolean value) { 1653 impl.setPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition(), value); 1654 } 1655 1656 1657 1658 /** 1659 * {@inheritDoc} 1660 */ 1661 public int getGraceLoginCount() { 1662 return impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition()); 1663 } 1664 1665 1666 1667 /** 1668 * {@inheritDoc} 1669 */ 1670 public void setGraceLoginCount(Integer value) { 1671 impl.setPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition(), value); 1672 } 1673 1674 1675 1676 /** 1677 * {@inheritDoc} 1678 */ 1679 public long getIdleLockoutInterval() { 1680 return impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition()); 1681 } 1682 1683 1684 1685 /** 1686 * {@inheritDoc} 1687 */ 1688 public void setIdleLockoutInterval(Long value) { 1689 impl.setPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition(), value); 1690 } 1691 1692 1693 1694 /** 1695 * {@inheritDoc} 1696 */ 1697 public String getJavaClass() { 1698 return impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 1699 } 1700 1701 1702 1703 /** 1704 * {@inheritDoc} 1705 */ 1706 public void setJavaClass(String value) { 1707 impl.setPropertyValue(INSTANCE.getJavaClassPropertyDefinition(), value); 1708 } 1709 1710 1711 1712 /** 1713 * {@inheritDoc} 1714 */ 1715 public AttributeType getLastLoginTimeAttribute() { 1716 return impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition()); 1717 } 1718 1719 1720 1721 /** 1722 * {@inheritDoc} 1723 */ 1724 public void setLastLoginTimeAttribute(AttributeType value) { 1725 impl.setPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition(), value); 1726 } 1727 1728 1729 1730 /** 1731 * {@inheritDoc} 1732 */ 1733 public String getLastLoginTimeFormat() { 1734 return impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition()); 1735 } 1736 1737 1738 1739 /** 1740 * {@inheritDoc} 1741 */ 1742 public void setLastLoginTimeFormat(String value) { 1743 impl.setPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition(), value); 1744 } 1745 1746 1747 1748 /** 1749 * {@inheritDoc} 1750 */ 1751 public long getLockoutDuration() { 1752 return impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition()); 1753 } 1754 1755 1756 1757 /** 1758 * {@inheritDoc} 1759 */ 1760 public void setLockoutDuration(Long value) { 1761 impl.setPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition(), value); 1762 } 1763 1764 1765 1766 /** 1767 * {@inheritDoc} 1768 */ 1769 public int getLockoutFailureCount() { 1770 return impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition()); 1771 } 1772 1773 1774 1775 /** 1776 * {@inheritDoc} 1777 */ 1778 public void setLockoutFailureCount(Integer value) { 1779 impl.setPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition(), value); 1780 } 1781 1782 1783 1784 /** 1785 * {@inheritDoc} 1786 */ 1787 public long getLockoutFailureExpirationInterval() { 1788 return impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition()); 1789 } 1790 1791 1792 1793 /** 1794 * {@inheritDoc} 1795 */ 1796 public void setLockoutFailureExpirationInterval(Long value) { 1797 impl.setPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition(), value); 1798 } 1799 1800 1801 1802 /** 1803 * {@inheritDoc} 1804 */ 1805 public long getMaxPasswordAge() { 1806 return impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition()); 1807 } 1808 1809 1810 1811 /** 1812 * {@inheritDoc} 1813 */ 1814 public void setMaxPasswordAge(Long value) { 1815 impl.setPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition(), value); 1816 } 1817 1818 1819 1820 /** 1821 * {@inheritDoc} 1822 */ 1823 public long getMaxPasswordResetAge() { 1824 return impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition()); 1825 } 1826 1827 1828 1829 /** 1830 * {@inheritDoc} 1831 */ 1832 public void setMaxPasswordResetAge(Long value) { 1833 impl.setPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition(), value); 1834 } 1835 1836 1837 1838 /** 1839 * {@inheritDoc} 1840 */ 1841 public long getMinPasswordAge() { 1842 return impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition()); 1843 } 1844 1845 1846 1847 /** 1848 * {@inheritDoc} 1849 */ 1850 public void setMinPasswordAge(Long value) { 1851 impl.setPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition(), value); 1852 } 1853 1854 1855 1856 /** 1857 * {@inheritDoc} 1858 */ 1859 public AttributeType getPasswordAttribute() { 1860 return impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition()); 1861 } 1862 1863 1864 1865 /** 1866 * {@inheritDoc} 1867 */ 1868 public void setPasswordAttribute(AttributeType value) { 1869 impl.setPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition(), value); 1870 } 1871 1872 1873 1874 /** 1875 * {@inheritDoc} 1876 */ 1877 public boolean isPasswordChangeRequiresCurrentPassword() { 1878 return impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition()); 1879 } 1880 1881 1882 1883 /** 1884 * {@inheritDoc} 1885 */ 1886 public void setPasswordChangeRequiresCurrentPassword(Boolean value) { 1887 impl.setPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition(), value); 1888 } 1889 1890 1891 1892 /** 1893 * {@inheritDoc} 1894 */ 1895 public long getPasswordExpirationWarningInterval() { 1896 return impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition()); 1897 } 1898 1899 1900 1901 /** 1902 * {@inheritDoc} 1903 */ 1904 public void setPasswordExpirationWarningInterval(Long value) { 1905 impl.setPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition(), value); 1906 } 1907 1908 1909 1910 /** 1911 * {@inheritDoc} 1912 */ 1913 public String getPasswordGenerator() { 1914 return impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition()); 1915 } 1916 1917 1918 1919 /** 1920 * {@inheritDoc} 1921 */ 1922 public void setPasswordGenerator(String value) { 1923 impl.setPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition(), value); 1924 } 1925 1926 1927 1928 /** 1929 * {@inheritDoc} 1930 */ 1931 public int getPasswordHistoryCount() { 1932 return impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition()); 1933 } 1934 1935 1936 1937 /** 1938 * {@inheritDoc} 1939 */ 1940 public void setPasswordHistoryCount(Integer value) { 1941 impl.setPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition(), value); 1942 } 1943 1944 1945 1946 /** 1947 * {@inheritDoc} 1948 */ 1949 public long getPasswordHistoryDuration() { 1950 return impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition()); 1951 } 1952 1953 1954 1955 /** 1956 * {@inheritDoc} 1957 */ 1958 public void setPasswordHistoryDuration(Long value) { 1959 impl.setPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition(), value); 1960 } 1961 1962 1963 1964 /** 1965 * {@inheritDoc} 1966 */ 1967 public SortedSet<String> getPasswordValidator() { 1968 return impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition()); 1969 } 1970 1971 1972 1973 /** 1974 * {@inheritDoc} 1975 */ 1976 public void setPasswordValidator(Collection<String> values) { 1977 impl.setPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition(), values); 1978 } 1979 1980 1981 1982 /** 1983 * {@inheritDoc} 1984 */ 1985 public SortedSet<String> getPreviousLastLoginTimeFormat() { 1986 return impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition()); 1987 } 1988 1989 1990 1991 /** 1992 * {@inheritDoc} 1993 */ 1994 public void setPreviousLastLoginTimeFormat(Collection<String> values) { 1995 impl.setPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition(), values); 1996 } 1997 1998 1999 2000 /** 2001 * {@inheritDoc} 2002 */ 2003 public String getRequireChangeByTime() { 2004 return impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition()); 2005 } 2006 2007 2008 2009 /** 2010 * {@inheritDoc} 2011 */ 2012 public void setRequireChangeByTime(String value) { 2013 impl.setPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition(), value); 2014 } 2015 2016 2017 2018 /** 2019 * {@inheritDoc} 2020 */ 2021 public boolean isRequireSecureAuthentication() { 2022 return impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition()); 2023 } 2024 2025 2026 2027 /** 2028 * {@inheritDoc} 2029 */ 2030 public void setRequireSecureAuthentication(Boolean value) { 2031 impl.setPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition(), value); 2032 } 2033 2034 2035 2036 /** 2037 * {@inheritDoc} 2038 */ 2039 public boolean isRequireSecurePasswordChanges() { 2040 return impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition()); 2041 } 2042 2043 2044 2045 /** 2046 * {@inheritDoc} 2047 */ 2048 public void setRequireSecurePasswordChanges(Boolean value) { 2049 impl.setPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition(), value); 2050 } 2051 2052 2053 2054 /** 2055 * {@inheritDoc} 2056 */ 2057 public boolean isSkipValidationForAdministrators() { 2058 return impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition()); 2059 } 2060 2061 2062 2063 /** 2064 * {@inheritDoc} 2065 */ 2066 public void setSkipValidationForAdministrators(Boolean value) { 2067 impl.setPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition(), value); 2068 } 2069 2070 2071 2072 /** 2073 * {@inheritDoc} 2074 */ 2075 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() { 2076 return impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition()); 2077 } 2078 2079 2080 2081 /** 2082 * {@inheritDoc} 2083 */ 2084 public void setStateUpdateFailurePolicy(StateUpdateFailurePolicy value) { 2085 impl.setPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition(), value); 2086 } 2087 2088 2089 2090 /** 2091 * {@inheritDoc} 2092 */ 2093 public ManagedObjectDefinition<? extends PasswordPolicyCfgClient, ? extends PasswordPolicyCfg> definition() { 2094 return INSTANCE; 2095 } 2096 2097 2098 2099 /** 2100 * {@inheritDoc} 2101 */ 2102 public PropertyProvider properties() { 2103 return impl; 2104 } 2105 2106 2107 2108 /** 2109 * {@inheritDoc} 2110 */ 2111 public void commit() throws ManagedObjectAlreadyExistsException, 2112 MissingMandatoryPropertiesException, ConcurrentModificationException, 2113 OperationRejectedException, LdapException { 2114 impl.commit(); 2115 } 2116 2117 } 2118 2119 2120 2121 /** 2122 * Managed object server implementation. 2123 */ 2124 private static class PasswordPolicyCfgServerImpl implements 2125 PasswordPolicyCfg { 2126 2127 // Private implementation. 2128 private ServerManagedObject<? extends PasswordPolicyCfg> impl; 2129 2130 // The value of the "account-status-notification-handler" property. 2131 private final SortedSet<String> pAccountStatusNotificationHandler; 2132 2133 // The value of the "allow-expired-password-changes" property. 2134 private final boolean pAllowExpiredPasswordChanges; 2135 2136 // The value of the "allow-multiple-password-values" property. 2137 private final boolean pAllowMultiplePasswordValues; 2138 2139 // The value of the "allow-pre-encoded-passwords" property. 2140 private final boolean pAllowPreEncodedPasswords; 2141 2142 // The value of the "allow-user-password-changes" property. 2143 private final boolean pAllowUserPasswordChanges; 2144 2145 // The value of the "default-password-storage-scheme" property. 2146 private final SortedSet<String> pDefaultPasswordStorageScheme; 2147 2148 // The value of the "deprecated-password-storage-scheme" property. 2149 private final SortedSet<String> pDeprecatedPasswordStorageScheme; 2150 2151 // The value of the "expire-passwords-without-warning" property. 2152 private final boolean pExpirePasswordsWithoutWarning; 2153 2154 // The value of the "force-change-on-add" property. 2155 private final boolean pForceChangeOnAdd; 2156 2157 // The value of the "force-change-on-reset" property. 2158 private final boolean pForceChangeOnReset; 2159 2160 // The value of the "grace-login-count" property. 2161 private final int pGraceLoginCount; 2162 2163 // The value of the "idle-lockout-interval" property. 2164 private final long pIdleLockoutInterval; 2165 2166 // The value of the "java-class" property. 2167 private final String pJavaClass; 2168 2169 // The value of the "last-login-time-attribute" property. 2170 private final AttributeType pLastLoginTimeAttribute; 2171 2172 // The value of the "last-login-time-format" property. 2173 private final String pLastLoginTimeFormat; 2174 2175 // The value of the "lockout-duration" property. 2176 private final long pLockoutDuration; 2177 2178 // The value of the "lockout-failure-count" property. 2179 private final int pLockoutFailureCount; 2180 2181 // The value of the "lockout-failure-expiration-interval" property. 2182 private final long pLockoutFailureExpirationInterval; 2183 2184 // The value of the "max-password-age" property. 2185 private final long pMaxPasswordAge; 2186 2187 // The value of the "max-password-reset-age" property. 2188 private final long pMaxPasswordResetAge; 2189 2190 // The value of the "min-password-age" property. 2191 private final long pMinPasswordAge; 2192 2193 // The value of the "password-attribute" property. 2194 private final AttributeType pPasswordAttribute; 2195 2196 // The value of the "password-change-requires-current-password" property. 2197 private final boolean pPasswordChangeRequiresCurrentPassword; 2198 2199 // The value of the "password-expiration-warning-interval" property. 2200 private final long pPasswordExpirationWarningInterval; 2201 2202 // The value of the "password-generator" property. 2203 private final String pPasswordGenerator; 2204 2205 // The value of the "password-history-count" property. 2206 private final int pPasswordHistoryCount; 2207 2208 // The value of the "password-history-duration" property. 2209 private final long pPasswordHistoryDuration; 2210 2211 // The value of the "password-validator" property. 2212 private final SortedSet<String> pPasswordValidator; 2213 2214 // The value of the "previous-last-login-time-format" property. 2215 private final SortedSet<String> pPreviousLastLoginTimeFormat; 2216 2217 // The value of the "require-change-by-time" property. 2218 private final String pRequireChangeByTime; 2219 2220 // The value of the "require-secure-authentication" property. 2221 private final boolean pRequireSecureAuthentication; 2222 2223 // The value of the "require-secure-password-changes" property. 2224 private final boolean pRequireSecurePasswordChanges; 2225 2226 // The value of the "skip-validation-for-administrators" property. 2227 private final boolean pSkipValidationForAdministrators; 2228 2229 // The value of the "state-update-failure-policy" property. 2230 private final StateUpdateFailurePolicy pStateUpdateFailurePolicy; 2231 2232 2233 2234 // Private constructor. 2235 private PasswordPolicyCfgServerImpl(ServerManagedObject<? extends PasswordPolicyCfg> impl) { 2236 this.impl = impl; 2237 this.pAccountStatusNotificationHandler = impl.getPropertyValues(INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition()); 2238 this.pAllowExpiredPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowExpiredPasswordChangesPropertyDefinition()); 2239 this.pAllowMultiplePasswordValues = impl.getPropertyValue(INSTANCE.getAllowMultiplePasswordValuesPropertyDefinition()); 2240 this.pAllowPreEncodedPasswords = impl.getPropertyValue(INSTANCE.getAllowPreEncodedPasswordsPropertyDefinition()); 2241 this.pAllowUserPasswordChanges = impl.getPropertyValue(INSTANCE.getAllowUserPasswordChangesPropertyDefinition()); 2242 this.pDefaultPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition()); 2243 this.pDeprecatedPasswordStorageScheme = impl.getPropertyValues(INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition()); 2244 this.pExpirePasswordsWithoutWarning = impl.getPropertyValue(INSTANCE.getExpirePasswordsWithoutWarningPropertyDefinition()); 2245 this.pForceChangeOnAdd = impl.getPropertyValue(INSTANCE.getForceChangeOnAddPropertyDefinition()); 2246 this.pForceChangeOnReset = impl.getPropertyValue(INSTANCE.getForceChangeOnResetPropertyDefinition()); 2247 this.pGraceLoginCount = impl.getPropertyValue(INSTANCE.getGraceLoginCountPropertyDefinition()); 2248 this.pIdleLockoutInterval = impl.getPropertyValue(INSTANCE.getIdleLockoutIntervalPropertyDefinition()); 2249 this.pJavaClass = impl.getPropertyValue(INSTANCE.getJavaClassPropertyDefinition()); 2250 this.pLastLoginTimeAttribute = impl.getPropertyValue(INSTANCE.getLastLoginTimeAttributePropertyDefinition()); 2251 this.pLastLoginTimeFormat = impl.getPropertyValue(INSTANCE.getLastLoginTimeFormatPropertyDefinition()); 2252 this.pLockoutDuration = impl.getPropertyValue(INSTANCE.getLockoutDurationPropertyDefinition()); 2253 this.pLockoutFailureCount = impl.getPropertyValue(INSTANCE.getLockoutFailureCountPropertyDefinition()); 2254 this.pLockoutFailureExpirationInterval = impl.getPropertyValue(INSTANCE.getLockoutFailureExpirationIntervalPropertyDefinition()); 2255 this.pMaxPasswordAge = impl.getPropertyValue(INSTANCE.getMaxPasswordAgePropertyDefinition()); 2256 this.pMaxPasswordResetAge = impl.getPropertyValue(INSTANCE.getMaxPasswordResetAgePropertyDefinition()); 2257 this.pMinPasswordAge = impl.getPropertyValue(INSTANCE.getMinPasswordAgePropertyDefinition()); 2258 this.pPasswordAttribute = impl.getPropertyValue(INSTANCE.getPasswordAttributePropertyDefinition()); 2259 this.pPasswordChangeRequiresCurrentPassword = impl.getPropertyValue(INSTANCE.getPasswordChangeRequiresCurrentPasswordPropertyDefinition()); 2260 this.pPasswordExpirationWarningInterval = impl.getPropertyValue(INSTANCE.getPasswordExpirationWarningIntervalPropertyDefinition()); 2261 this.pPasswordGenerator = impl.getPropertyValue(INSTANCE.getPasswordGeneratorPropertyDefinition()); 2262 this.pPasswordHistoryCount = impl.getPropertyValue(INSTANCE.getPasswordHistoryCountPropertyDefinition()); 2263 this.pPasswordHistoryDuration = impl.getPropertyValue(INSTANCE.getPasswordHistoryDurationPropertyDefinition()); 2264 this.pPasswordValidator = impl.getPropertyValues(INSTANCE.getPasswordValidatorPropertyDefinition()); 2265 this.pPreviousLastLoginTimeFormat = impl.getPropertyValues(INSTANCE.getPreviousLastLoginTimeFormatPropertyDefinition()); 2266 this.pRequireChangeByTime = impl.getPropertyValue(INSTANCE.getRequireChangeByTimePropertyDefinition()); 2267 this.pRequireSecureAuthentication = impl.getPropertyValue(INSTANCE.getRequireSecureAuthenticationPropertyDefinition()); 2268 this.pRequireSecurePasswordChanges = impl.getPropertyValue(INSTANCE.getRequireSecurePasswordChangesPropertyDefinition()); 2269 this.pSkipValidationForAdministrators = impl.getPropertyValue(INSTANCE.getSkipValidationForAdministratorsPropertyDefinition()); 2270 this.pStateUpdateFailurePolicy = impl.getPropertyValue(INSTANCE.getStateUpdateFailurePolicyPropertyDefinition()); 2271 } 2272 2273 2274 2275 /** 2276 * {@inheritDoc} 2277 */ 2278 public void addPasswordPolicyChangeListener( 2279 ConfigurationChangeListener<PasswordPolicyCfg> listener) { 2280 impl.registerChangeListener(listener); 2281 } 2282 2283 2284 2285 /** 2286 * {@inheritDoc} 2287 */ 2288 public void removePasswordPolicyChangeListener( 2289 ConfigurationChangeListener<PasswordPolicyCfg> listener) { 2290 impl.deregisterChangeListener(listener); 2291 } 2292 /** 2293 * {@inheritDoc} 2294 */ 2295 public void addChangeListener( 2296 ConfigurationChangeListener<AuthenticationPolicyCfg> listener) { 2297 impl.registerChangeListener(listener); 2298 } 2299 2300 2301 2302 /** 2303 * {@inheritDoc} 2304 */ 2305 public void removeChangeListener( 2306 ConfigurationChangeListener<AuthenticationPolicyCfg> listener) { 2307 impl.deregisterChangeListener(listener); 2308 } 2309 2310 2311 2312 /** 2313 * {@inheritDoc} 2314 */ 2315 public SortedSet<String> getAccountStatusNotificationHandler() { 2316 return pAccountStatusNotificationHandler; 2317 } 2318 2319 2320 2321 /** 2322 * {@inheritDoc} 2323 */ 2324 public SortedSet<DN> getAccountStatusNotificationHandlerDNs() { 2325 SortedSet<String> values = getAccountStatusNotificationHandler(); 2326 SortedSet<DN> dnValues = new TreeSet<DN>(); 2327 for (String value : values) { 2328 DN dn = INSTANCE.getAccountStatusNotificationHandlerPropertyDefinition().getChildDN(value); 2329 dnValues.add(dn); 2330 } 2331 return dnValues; 2332 } 2333 2334 2335 2336 /** 2337 * {@inheritDoc} 2338 */ 2339 public boolean isAllowExpiredPasswordChanges() { 2340 return pAllowExpiredPasswordChanges; 2341 } 2342 2343 2344 2345 /** 2346 * {@inheritDoc} 2347 */ 2348 public boolean isAllowMultiplePasswordValues() { 2349 return pAllowMultiplePasswordValues; 2350 } 2351 2352 2353 2354 /** 2355 * {@inheritDoc} 2356 */ 2357 public boolean isAllowPreEncodedPasswords() { 2358 return pAllowPreEncodedPasswords; 2359 } 2360 2361 2362 2363 /** 2364 * {@inheritDoc} 2365 */ 2366 public boolean isAllowUserPasswordChanges() { 2367 return pAllowUserPasswordChanges; 2368 } 2369 2370 2371 2372 /** 2373 * {@inheritDoc} 2374 */ 2375 public SortedSet<String> getDefaultPasswordStorageScheme() { 2376 return pDefaultPasswordStorageScheme; 2377 } 2378 2379 2380 2381 /** 2382 * {@inheritDoc} 2383 */ 2384 public SortedSet<DN> getDefaultPasswordStorageSchemeDNs() { 2385 SortedSet<String> values = getDefaultPasswordStorageScheme(); 2386 SortedSet<DN> dnValues = new TreeSet<DN>(); 2387 for (String value : values) { 2388 DN dn = INSTANCE.getDefaultPasswordStorageSchemePropertyDefinition().getChildDN(value); 2389 dnValues.add(dn); 2390 } 2391 return dnValues; 2392 } 2393 2394 2395 2396 /** 2397 * {@inheritDoc} 2398 */ 2399 public SortedSet<String> getDeprecatedPasswordStorageScheme() { 2400 return pDeprecatedPasswordStorageScheme; 2401 } 2402 2403 2404 2405 /** 2406 * {@inheritDoc} 2407 */ 2408 public SortedSet<DN> getDeprecatedPasswordStorageSchemeDNs() { 2409 SortedSet<String> values = getDeprecatedPasswordStorageScheme(); 2410 SortedSet<DN> dnValues = new TreeSet<DN>(); 2411 for (String value : values) { 2412 DN dn = INSTANCE.getDeprecatedPasswordStorageSchemePropertyDefinition().getChildDN(value); 2413 dnValues.add(dn); 2414 } 2415 return dnValues; 2416 } 2417 2418 2419 2420 /** 2421 * {@inheritDoc} 2422 */ 2423 public boolean isExpirePasswordsWithoutWarning() { 2424 return pExpirePasswordsWithoutWarning; 2425 } 2426 2427 2428 2429 /** 2430 * {@inheritDoc} 2431 */ 2432 public boolean isForceChangeOnAdd() { 2433 return pForceChangeOnAdd; 2434 } 2435 2436 2437 2438 /** 2439 * {@inheritDoc} 2440 */ 2441 public boolean isForceChangeOnReset() { 2442 return pForceChangeOnReset; 2443 } 2444 2445 2446 2447 /** 2448 * {@inheritDoc} 2449 */ 2450 public int getGraceLoginCount() { 2451 return pGraceLoginCount; 2452 } 2453 2454 2455 2456 /** 2457 * {@inheritDoc} 2458 */ 2459 public long getIdleLockoutInterval() { 2460 return pIdleLockoutInterval; 2461 } 2462 2463 2464 2465 /** 2466 * {@inheritDoc} 2467 */ 2468 public String getJavaClass() { 2469 return pJavaClass; 2470 } 2471 2472 2473 2474 /** 2475 * {@inheritDoc} 2476 */ 2477 public AttributeType getLastLoginTimeAttribute() { 2478 return pLastLoginTimeAttribute; 2479 } 2480 2481 2482 2483 /** 2484 * {@inheritDoc} 2485 */ 2486 public String getLastLoginTimeFormat() { 2487 return pLastLoginTimeFormat; 2488 } 2489 2490 2491 2492 /** 2493 * {@inheritDoc} 2494 */ 2495 public long getLockoutDuration() { 2496 return pLockoutDuration; 2497 } 2498 2499 2500 2501 /** 2502 * {@inheritDoc} 2503 */ 2504 public int getLockoutFailureCount() { 2505 return pLockoutFailureCount; 2506 } 2507 2508 2509 2510 /** 2511 * {@inheritDoc} 2512 */ 2513 public long getLockoutFailureExpirationInterval() { 2514 return pLockoutFailureExpirationInterval; 2515 } 2516 2517 2518 2519 /** 2520 * {@inheritDoc} 2521 */ 2522 public long getMaxPasswordAge() { 2523 return pMaxPasswordAge; 2524 } 2525 2526 2527 2528 /** 2529 * {@inheritDoc} 2530 */ 2531 public long getMaxPasswordResetAge() { 2532 return pMaxPasswordResetAge; 2533 } 2534 2535 2536 2537 /** 2538 * {@inheritDoc} 2539 */ 2540 public long getMinPasswordAge() { 2541 return pMinPasswordAge; 2542 } 2543 2544 2545 2546 /** 2547 * {@inheritDoc} 2548 */ 2549 public AttributeType getPasswordAttribute() { 2550 return pPasswordAttribute; 2551 } 2552 2553 2554 2555 /** 2556 * {@inheritDoc} 2557 */ 2558 public boolean isPasswordChangeRequiresCurrentPassword() { 2559 return pPasswordChangeRequiresCurrentPassword; 2560 } 2561 2562 2563 2564 /** 2565 * {@inheritDoc} 2566 */ 2567 public long getPasswordExpirationWarningInterval() { 2568 return pPasswordExpirationWarningInterval; 2569 } 2570 2571 2572 2573 /** 2574 * {@inheritDoc} 2575 */ 2576 public String getPasswordGenerator() { 2577 return pPasswordGenerator; 2578 } 2579 2580 2581 2582 /** 2583 * {@inheritDoc} 2584 */ 2585 public DN getPasswordGeneratorDN() { 2586 String value = getPasswordGenerator(); 2587 if (value == null) return null; 2588 return INSTANCE.getPasswordGeneratorPropertyDefinition().getChildDN(value); 2589 } 2590 2591 2592 2593 /** 2594 * {@inheritDoc} 2595 */ 2596 public int getPasswordHistoryCount() { 2597 return pPasswordHistoryCount; 2598 } 2599 2600 2601 2602 /** 2603 * {@inheritDoc} 2604 */ 2605 public long getPasswordHistoryDuration() { 2606 return pPasswordHistoryDuration; 2607 } 2608 2609 2610 2611 /** 2612 * {@inheritDoc} 2613 */ 2614 public SortedSet<String> getPasswordValidator() { 2615 return pPasswordValidator; 2616 } 2617 2618 2619 2620 /** 2621 * {@inheritDoc} 2622 */ 2623 public SortedSet<DN> getPasswordValidatorDNs() { 2624 SortedSet<String> values = getPasswordValidator(); 2625 SortedSet<DN> dnValues = new TreeSet<DN>(); 2626 for (String value : values) { 2627 DN dn = INSTANCE.getPasswordValidatorPropertyDefinition().getChildDN(value); 2628 dnValues.add(dn); 2629 } 2630 return dnValues; 2631 } 2632 2633 2634 2635 /** 2636 * {@inheritDoc} 2637 */ 2638 public SortedSet<String> getPreviousLastLoginTimeFormat() { 2639 return pPreviousLastLoginTimeFormat; 2640 } 2641 2642 2643 2644 /** 2645 * {@inheritDoc} 2646 */ 2647 public String getRequireChangeByTime() { 2648 return pRequireChangeByTime; 2649 } 2650 2651 2652 2653 /** 2654 * {@inheritDoc} 2655 */ 2656 public boolean isRequireSecureAuthentication() { 2657 return pRequireSecureAuthentication; 2658 } 2659 2660 2661 2662 /** 2663 * {@inheritDoc} 2664 */ 2665 public boolean isRequireSecurePasswordChanges() { 2666 return pRequireSecurePasswordChanges; 2667 } 2668 2669 2670 2671 /** 2672 * {@inheritDoc} 2673 */ 2674 public boolean isSkipValidationForAdministrators() { 2675 return pSkipValidationForAdministrators; 2676 } 2677 2678 2679 2680 /** 2681 * {@inheritDoc} 2682 */ 2683 public StateUpdateFailurePolicy getStateUpdateFailurePolicy() { 2684 return pStateUpdateFailurePolicy; 2685 } 2686 2687 2688 2689 /** 2690 * {@inheritDoc} 2691 */ 2692 public Class<? extends PasswordPolicyCfg> configurationClass() { 2693 return PasswordPolicyCfg.class; 2694 } 2695 2696 2697 2698 /** 2699 * {@inheritDoc} 2700 */ 2701 public DN dn() { 2702 return impl.getDN(); 2703 } 2704 2705 } 2706}