public class PwPolicyMgrRestImpl extends Manageable implements PwPolicyMgr
Password enforcement options include:
This class is NOT thread safe.
adminSess, contextId
Constructor and Description |
---|
PwPolicyMgrRestImpl() |
Modifier and Type | Method and Description |
---|---|
void |
add(PwPolicy policy)
This method will add a new policy entry to the POLICIES data set.
|
void |
delete(PwPolicy policy)
This method will delete exiting policy entry from the POLICIES data set.
|
void |
deletePasswordPolicy(String userId)
This method will remove the pw policy assignment from a user entity.
|
PwPolicy |
read(String name)
This method will return the password policy entity to the caller.
|
List<PwPolicy> |
search(String searchVal)
This method will return a list of all password policy entities that match a particular search string.
|
void |
update(PwPolicy policy)
This method will update an exiting policy entry to the POLICIES data set.
|
void |
updateUserPolicy(String userId,
String name)
This method will associate a user entity with a password policy entity.
|
assertContext, assertContext, checkAccess, getFullMethodName, setAdmin, setAdminData, setContextId, setEntitySession
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
setAdmin, setContextId
public void add(PwPolicy policy) throws SecurityException
PwPolicy.name
- Maps to name attribute of pwdPolicy object class
being added.
PwPolicy.minAge
- This attribute holds the number of seconds that
must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.
PwPolicy.maxAge
- This attribute holds the number of seconds
after which a modified password will expire. If this attribute is not present, or if the value is 0 the password
does not expire. If not 0, the value must be greater than or equal to the value of the pwdMinAge.
PwPolicy.inHistory
- This attribute specifies the maximum number
of used passwords stored in the pwdHistory attribute. If this attribute is not present, or if the value is 0,
used passwords are not stored in the pwdHistory attribute and thus may be reused.
PwPolicy.minLength
- When quality checking is enabled, this
attribute holds the minimum number of characters that must be used in a password. If this attribute is not
present, no minimum password length will be enforced. If the server is unable to check the length (due to a
hashed password or otherwise), the server will, depending on the value of the pwdCheckQuality attribute, either
accept the password without checking it ('0' or '1') or refuse it ('2').
PwPolicy.expireWarning
- This attribute specifies the maximum
number of seconds before a password is due to expire that expiration warning messages will be returned to an
authenticating user. If this attribute is not present, or if the value is 0 no warnings will be returned. If
not 0, the value must be smaller than the value of the pwdMaxAge attribute.
PwPolicy.graceLoginLimit
- This attribute specifies the number
of times an expired password can be used to authenticate. If this attribute is not present or if the value is 0,
authentication will fail.
PwPolicy.lockout
- This attribute indicates, when its value is
"TRUE", that the password may not be used to authenticate after a specified number of consecutive failed bind
attempts. The maximum number of consecutive failed bind attempts is specified in pwdMaxFailure. If this
attribute is not present, or if the value is "FALSE", the password may be used to authenticate when the number of
failed bind attempts has been reached.
PwPolicy.lockoutDuration
- This attribute holds the number of
seconds that the password cannot be used to authenticate due to too many failed bind attempts. If this attribute
is not present, or if the value is 0 the password cannot be used to authenticate until reset by a password
administrator.
PwPolicy.maxFailure
- This attribute specifies the number of
consecutive failed bind attempts after which the password may not be used to authenticate.
If this attribute is not present, or if the value is 0, this policy is not checked, and the value of pwdLockout
will be ignored.
PwPolicy.failureCountInterval
- This attribute holds the number
of seconds after which the password failures are purged from the failure counter, even though no successful
authentication occurred. If this attribute is not present, or if its value is 0, the failure counter is only
reset by a successful authentication.
PwPolicy.mustChange
- This attribute specifies with a value of
"TRUE" that users must change their passwords when they first bind to the directory after a password is set or
reset by a password administrator. If this attribute is not present, or if the value is "FALSE", users are not
required to change their password upon binding after the password administrator sets or resets the password.
This attribute is not set due to any actions specified by this document, it is typically set by a password
administrator after resetting a user's password.
PwPolicy.allowUserChange
- This attribute indicates whether users
can change their own passwords, although the change operation is still subject to access control. If this
attribute is not present, a value of "TRUE" is assumed. This attribute is intended to be used in the absence of
an access control mechanism.
PwPolicy.safeModify
- This attribute specifies whether or not the
existing password must be sent along with the new password when being changed. If this attribute is not present,
a "FALSE" value is assumed.
PwPolicy.checkQuality
- This attribute indicates how the password
quality will be verified while being modified or added. If this attribute is not present, or if the value is '0',
quality checking will not be enforced. A value of '1' indicates that the server will check the quality, and if
the server is unable to check it (due to a hashed password or other reasons) it will be accepted. A value of '2'
indicates that the server will check the quality, and if the server is unable to verify it, it will return an
error refusing the password.
PwPolicy.attribute
- This holds the name of the attribute to
which the password policy is applied. For example, the password policy may be applied to the userPassword
attribute
add
in interface PwPolicyMgr
policy
- Object must contain PwPolicy.name
and optionally other
attributes.SecurityException
- In the event of data validation or system error.public void update(PwPolicy policy) throws SecurityException
PwPolicy.name
- Maps to name attribute of pwdPolicy object class
being updated.
PwPolicy.minAge
- This attribute holds the number of seconds that
must elapse between modifications to the password. If this attribute is not present, 0 seconds is assumed.
PwPolicy.maxAge
- This attribute holds the number of seconds
after which a modified password will expire. If this attribute is not present, or if the value is 0 the password
does not expire. If not 0, the value must be greater than or equal to the value of the pwdMinAge.
PwPolicy.inHistory
- This attribute specifies the maximum number
of used passwords stored in the pwdHistory attribute. If this attribute is not present, or if the value is 0,
used passwords are not stored in the pwdHistory attribute and thus may be reused.
PwPolicy.minLength
- When quality checking is enabled, this
attribute holds the minimum number of characters that must be used in a password. If this attribute is not
present, no minimum password length will be enforced. If the server is unable to check the length (due to a
hashed password or otherwise), the server will, depending on the value of the pwdCheckQuality attribute, either
accept the password without checking it ('0' or '1') or refuse it ('2').
PwPolicy.expireWarning
- This attribute specifies the maximum
number of seconds before a password is due to expire that expiration warning messages will be returned to an
authenticating user. If this attribute is not present, or if the value is 0 no warnings will be returned.
If not 0, the value must be smaller than the value of the pwdMaxAge attribute.
PwPolicy.graceLoginLimit
- This attribute specifies the number
of times an expired password can be used to authenticate. If this attribute is not present or if the value is 0,
authentication will fail.
PwPolicy.lockout
- This attribute indicates, when its value is
"TRUE", that the password may not be used to authenticate after a specified number of consecutive failed bind
attempts. The maximum number of consecutive failed bind attempts is specified in pwdMaxFailure. If this
attribute is not present, or if the value is "FALSE", the password may be used to authenticate when the number of
failed bind attempts has been reached.
PwPolicy.lockoutDuration
- This attribute holds the number of
seconds that the password cannot be used to authenticate due to too many failed bind attempts. If this attribute
is not present, or if the value is 0 the password cannot be used to authenticate until reset by a password
administrator.
PwPolicy.maxFailure
- This attribute specifies the number of
consecutive failed bind attempts after which the password may not be used to authenticate. If this attribute is
not present, or if the value is 0, this policy is not checked, and the value of pwdLockout will be ignored.
PwPolicy.failureCountInterval
- This attribute holds the number
of seconds after which the password failures are purged from the failure counter, even though no successful
authentication occurred. If this attribute is not present, or if its value is 0, the failure counter is only
reset by a successful authentication.
PwPolicy.mustChange
- This attribute specifies with a value of
"TRUE" that users must change their passwords when they first bind to the directory after a password is set or
reset by a password administrator. If this attribute is not present, or if the value is "FALSE", users are not
required to change their password upon binding after the password administrator sets or resets the password.
This attribute is not set due to any actions specified by this document, it is typically set by a password
administrator after resetting a user's password.
PwPolicy.allowUserChange
- This attribute indicates whether
users can change their own passwords, although the change operation is still subject to access control. If this
attribute is not present, a value of "TRUE" is assumed. This attribute is intended to be used in the absence of
an access control mechanism.
PwPolicy.safeModify
- This attribute specifies whether or not
the existing password must be sent along with the new password when being changed. If this attribute is not
present, a "FALSE" value is assumed.
PwPolicy.checkQuality
- This attribute indicates how the password
quality will be verified while being modified or added. If this attribute is not present, or if the value is '0',
quality checking will not be enforced. A value of '1' indicates that the server will check the quality, and if
the server is unable to check it (due to a hashed password or other reasons) it will be accepted. A value of '2'
indicates that the server will check the quality, and if the server is unable to verify it, it will return an
error refusing the password.
PwPolicy.attribute
- This holds the name of the attribute to
which the password policy is applied. For example, the password policy may be applied to the userPassword
attribute
update
in interface PwPolicyMgr
policy
- Object must contain PwPolicy.name
and optionally all
non-null attributes will be updated. null attributes will be ignored.SecurityException
- In the event policy not found , data validation or system error.public void delete(PwPolicy policy) throws SecurityException
PwPolicy.name
- Maps to name attribute of pwdPolicy object
class being removed.
delete
in interface PwPolicyMgr
policy
- Object must contain PwPolicy.name
of the policy entity
to remove.SecurityException
- In the event policy entity not found or system error.public PwPolicy read(String name) throws SecurityException
PwPolicy.name
- Maps to name attribute of pwdPolicy object class
being read.
read
in interface PwPolicyMgr
name
- String contains the PwPolicy.name
of the policy entity to
read.SecurityException
- In the event policy entry not found, data validation or system error.public List<PwPolicy> search(String searchVal) throws SecurityException
search
in interface PwPolicyMgr
searchVal
- String contains the leading chars of a policy entity. This search is not case sensitive.SecurityException
- In the event of data validation or system error.public void updateUserPolicy(String userId, String name) throws SecurityException
updateUserPolicy
in interface PwPolicyMgr
userId
- Contains User.userId
of a User entity in USERS
data set.name
- String contains the PwPolicy.name
of a pw policy
entity contained within the PWPOLICIES data set.SecurityException
- thrown in the event either user or policy not valid or system error.public void deletePasswordPolicy(String userId) throws SecurityException
deletePasswordPolicy
in interface PwPolicyMgr
userId
- Contains User.userId
of a User entity in USERS data
set.SecurityException
- Thrown in the event either user not valid or system error.Copyright © 2003-2016, The Apache Software Foundation. All Rights Reserved. Generated 20160718-1621