Package com.unboundid.ldap.sdk.unboundidds

Class PasswordPolicyStateJSON

java.lang.Object
com.unboundid.ldap.sdk.unboundidds.PasswordPolicyStateJSON
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PasswordPolicyStateJSON extends Object implements Serializable
This class provides support for reading and decoding the value of the ds-pwp-state-json virtual attribute, which holds information about a user's password policy state.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
See Also:

  • Field Details

  • Constructor Details

    • PasswordPolicyStateJSON

      public PasswordPolicyStateJSON(@NotNull JSONObject passwordPolicyStateObject)
      Creates a new instance of this object from the provided JSON object.
      Parameters:
      passwordPolicyStateObject - The JSON object containing the encoded password policy state.

  • Method Details

    • get

      @Nullable public static PasswordPolicyStateJSON get(@NotNull LDAPInterface connection, @NotNull String userDN) throws LDAPException
      Attempts to retrieve and decode the password policy state information for the specified user.
      Parameters:
      connection - The connection to use to communicate with the server. It must not be null, and it must be established and authenticated as an account with permission to access the target user's password policy state information.
      userDN - The DN of the user for whom to retrieve the password policy state. It must not be null.
      Returns:
      The password policy state information for the specified user, or null because no password policy state information is available for the user.
      Throws:
      LDAPException - If a problem is encountered while trying to retrieve the user's entry or decode the password policy state JSON object.

    • get

      @Nullable public static PasswordPolicyStateJSON get(@NotNull Entry userEntry) throws LDAPException
      Attempts to retrieve and decode the password policy state information from the provided user entry.
      Parameters:
      userEntry - The entry for the user for whom to obtain the password policy state information. It must not be null.
      Returns:
      The password policy state information from the provided user entry, or null if no password policy state information is available for the user.
      Throws:
      LDAPException - If a problem is encountered while trying to decode the password policy state JSON object.

    • getPasswordPolicyStateJSONObject

      @NotNull public JSONObject getPasswordPolicyStateJSONObject()
      Retrieves the JSON object that contains the encoded password policy state information.
      Returns:
      The JSON object that contains the encoded password policy state information.

    • getPasswordPolicyDN

      @Nullable public String getPasswordPolicyDN()
      Retrieves the DN of the entry that defines the password policy that governs the associated user.
      Returns:
      The DN of the entry that defines hte password policy that governs the associated user, or null if this was not included in the password policy state JSON object.

    • getAccountIsUsable

      @Nullable public Boolean getAccountIsUsable()
      Retrieves the value of a flag that indicates whether the user's account is in a state that the server considers usable.
      Returns:
      Boolean.TRUE if the account is in a usable state, Boolean.FALSE if the account is not in a usable state, or null if this flag was not included in the password policy state JSON object.

    • getAccountUsabilityErrors

      @NotNull public List<PasswordPolicyStateAccountUsabilityError> getAccountUsabilityErrors()
      Retrieves a list of information about any error conditions that may affect usability of the user's account.
      Returns:
      A list of information about any error conditions that may affect the usability of the user's account. The returned list may be empty if there are no account usability errors or if this was not included in the password policy state JSON object.

    • getAccountUsabilityWarnings

      @NotNull public List<PasswordPolicyStateAccountUsabilityWarning> getAccountUsabilityWarnings()
      Retrieves a list of information about any warning conditions that may soon affect usability of the user's account.
      Returns:
      A list of information about any warning conditions that may soon affect the usability of the user's account. The returned list may be empty if there are no account usability warnings or if this was not included in the password policy state JSON object.

    • getAccountUsabilityNotices

      @NotNull public List<PasswordPolicyStateAccountUsabilityNotice> getAccountUsabilityNotices()
      Retrieves a list of information about any notices related to the usability of the user's account.
      Returns:
      A list of information about any notices related to the usability of the user's account. The returned list may be empty if there are no account usability notices or if this was not included in the password policy state JSON object.

    • getHasStaticPassword

      @Nullable public Boolean getHasStaticPassword()
      Retrieves the value of a flag that indicates whether the user's account contains at least one static password.
      Returns:
      Boolean.TRUE if the account has at least one static password, Boolean.FALSE if the account does not have any static password, or null if this flag was not included in the password policy state JSON object.

    • getPasswordChangedTime

      @Nullable public Date getPasswordChangedTime()
      Retrieves the time that the user's password was last changed.
      Returns:
      The time that the user's password was last changed, or null if this was not included in the password policy state JSON object.

    • getSecondsSincePasswordChange

      @Nullable public Integer getSecondsSincePasswordChange()
      Retrieves the length of time in seconds that has passed since the user's password was last changed.
      Returns:
      The length of time in seconds that has passed since the user's password was last changed, or null if this was not included in the password policy state JSON object.

    • getAccountIsDisabled

      @Nullable public Boolean getAccountIsDisabled()
      Retrieves the value of a flag that indicates whether the user's account has been administratively disabled.
      Returns:
      Boolean.TRUE if the account has been administratively disabled, Boolean.FALSE if the account has not been administratively disabled, or null if this flag was not included in the password policy state JSON object.

    • getAccountIsNotYetActive

      @Nullable public Boolean getAccountIsNotYetActive()
      Retrieves the value of a flag that indicates whether the user's account is not yet active because it has an activation time that is in the future.
      Returns:
      Boolean.TRUE if the account is not yet active, Boolean.FALSE if the account either does not have an activation time or if that time has already passed, or null if this flag was not included in the password policy state JSON object.

    • getAccountActivationTime

      @Nullable public Date getAccountActivationTime()
      Retrieves the time that the user's account became (or will become) active.
      Returns:
      The time that the user's account became (or will become) active, or null if this was not included in the password policy state JSON object.

    • getSecondsUntilAccountActivation

      @Nullable public Integer getSecondsUntilAccountActivation()
      Retrieves the length of time in seconds until the user's account will become active.
      Returns:
      The length of time in seconds until the user's account will become active, or null if this was not included in the password policy state JSON object (e.g., because the user does not have an activation time in the future).

    • getSecondsSinceAccountActivation

      @Nullable public Integer getSecondsSinceAccountActivation()
      Retrieves the length of time in seconds since the user's account became active.
      Returns:
      The length of time in seconds since the user's account became active, or null if this was not included in the password policy state JSON object (e.g., because the user does not have an activation time in the past).

    • getAccountIsExpired

      @Nullable public Boolean getAccountIsExpired()
      Retrieves the value of a flag that indicates whether the user's account is expired.
      Returns:
      Boolean.TRUE if the account is expired, Boolean.FALSE if the account is not expired, or null if this flag was not included in the password policy state JSON object.

    • getAccountExpirationTime

      @Nullable public Date getAccountExpirationTime()
      Retrieves the time that the user's account will (or did) expire.
      Returns:
      The time that the user's account will (or did) expire, or null if this was not included in the password policy state JSON object.

    • getSecondsUntilAccountExpiration

      @Nullable public Integer getSecondsUntilAccountExpiration()
      Retrieves the length of time in seconds until the user's account will expire.
      Returns:
      The length of time in seconds until the user's account will expire, or null if this was not included in the password policy state JSON object (e.g., because the user does not have an expiration time in the future).

    • getSecondsSinceAccountExpiration

      @Nullable public Integer getSecondsSinceAccountExpiration()
      Retrieves the length of time in seconds since the user's account expired.
      Returns:
      The length of time in seconds since the user's account expired, or null if this was not included in the password policy state JSON object (e.g., because the user does not have an expiration time in the past).

    • getPasswordIsExpired

      @Nullable public Boolean getPasswordIsExpired()
      Retrieves the value of a flag that indicates whether the user's password is expired.
      Returns:
      Boolean.TRUE if the password is expired, Boolean.FALSE if the password is not expired, or null if this flag was not included in the password policy state JSON object.

    • getMaximumPasswordAgeSeconds

      @Nullable public Integer getMaximumPasswordAgeSeconds()
      Retrieves the maximum length of time in seconds after a password change that the user is allowed to keep using that password.
      Returns:
      The maximum length of time in seconds after a password change that the user is allowed to keep using that password, or null if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getPasswordExpirationTime

      @Nullable public Date getPasswordExpirationTime()
      Retrieves the time that the user's password will (or did) expire.
      Returns:
      The time that the user's password will (or did) expire, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getSecondsUntilPasswordExpiration

      @Nullable public Integer getSecondsUntilPasswordExpiration()
      Retrieves the length of time in seconds until the user's password will expire.
      Returns:
      The length of time in seconds until the user's password will expire, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user's password is already expired).

    • getSecondsSincePasswordExpiration

      @Nullable public Integer getSecondsSincePasswordExpiration()
      Retrieves the length of time in seconds since the user's password expired.
      Returns:
      The length of time in seconds since the user's password expired, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user's password is not expired).

    • getPasswordExpirationWarningIntervalSeconds

      @Nullable public Integer getPasswordExpirationWarningIntervalSeconds()
      Retrieves the length of time in seconds before an upcoming password expiration that the user will be eligible to start receving warnings about that expiration.
      Returns:
      The length of time in seconds before an upcoming password expiration that the user will be eligible to start receiving messages about that expiration, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getExpirePasswordsWithoutWarning

      @Nullable public Boolean getExpirePasswordsWithoutWarning()
      Retrieves the value of a flag that indicates whether the server will allow a user's password to expire even if they have not yet received any warnings about an upcoming expiration.
      Returns:
      Boolean.TRUE if the server will allow a user's password to expire even if they have not been warned about an upcoming expiration, Boolean.FALSE if the server will ensure that the user receives at least one warning before expiring the password, or null if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getPasswordExpirationWarningIssued

      @Nullable public Boolean getPasswordExpirationWarningIssued()
      Retrieves the value of a flag that indicates whether the user has received at least one warning about an upcoming password expiration.
      Returns:
      Boolean.TRUE if the user has received at least one warning about an upcoming password expiration, Boolean.FALSE if the user has not been warned about an upcoming password expiration, or null if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getPasswordExpirationWarningTime

      @Nullable public Date getPasswordExpirationWarningTime()
      Retrieves the time that the user will be eligible to receive (or the time that the user first received) a warning about an upcoming password expiration.
      Returns:
      The time that the user will be eligible to receive (or the time that the user first received) a warning about an upcoming password expiration, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).

    • getSecondsUntilPasswordExpirationWarning

      @Nullable public Integer getSecondsUntilPasswordExpirationWarning()
      Retrieves the length of time in seconds until the user will be eligible to receive a warning about an upcoming password expiration.
      Returns:
      The length of time in seconds until the user will be eligible to receive a warning about an upcoming password expiration, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user has already been warned about an upcoming expiration).

    • getSecondsSincePasswordExpirationWarning

      @Nullable public Integer getSecondsSincePasswordExpirationWarning()
      Retrieves the length of time in seconds since the user received the first warning about an upcoming password expiration.
      Returns:
      The length of time in seconds since the user received the first warning about an upcoming password expiration, or null if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user has not yet been warned about an upcoming expiration).

    • getAccountIsFailureLocked

      @Nullable public Boolean getAccountIsFailureLocked()
      Retrieves the value of a flag that indicates whether the user account is currently locked as a result of too many failed authentication attempts.
      Returns:
      Boolean.TRUE if the user account is locked as a result of too many failed authentication attempts, Boolean.FALSE if the user account is not locked because of too many failed authentication attempts, or null if this flag was not included in the password policy state JSON object.

    • getFailureLockoutCount

      @Nullable public Integer getFailureLockoutCount()
      Retrieves the number of consecutive failed authentication attempts that are required to lock the user's account.
      Returns:
      The number of consecutive failed authentication attempts that are required to lock the user's account, or null if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).

    • getCurrentAuthenticationFailureCount

      @Nullable public Integer getCurrentAuthenticationFailureCount()
      Retrieves the current number of failed authentication attempts for the user account.
      Returns:
      The current number of failed authentication attempts for the user account, or null if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).

    • getRemainingAuthenticationFailureCount

      @Nullable public Integer getRemainingAuthenticationFailureCount()
      Retrieves the remaining number of failed authentication attempts required to lock the user account.
      Returns:
      The remaining number of failed authentication attempts required to lock the user account, or null if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).

    • getAuthenticationFailureTimes

      @NotNull public List<Date> getAuthenticationFailureTimes()
      Retrieves a list of the outstanding authentication failure times for the user account.
      Returns:
      A list of the outstanding authentication failure times for the user account, or an empty list if there are no outstanding authentication failures or if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).

    • getFailureLockoutTime

      @Nullable public Date getFailureLockoutTime()
      Retrieves the time that the user's account was locked as a result of too many failed authentication attempts.
      Returns:
      The time that the user's account was locked as a result of too many failed authentication attempts, or null if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked).

    • getFailureLockoutDurationSeconds

      @Nullable public Integer getFailureLockoutDurationSeconds()
      Retrieves the length of time in seconds that a user's account will be locked after too many failed authentication attempts.
      Returns:
      The length of time in seconds that a user's account will be locked after too many failed authentication attempts, or null if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user, or because account lockout is not temporary).

    • getFailureLockoutExpirationTime

      @Nullable public Date getFailureLockoutExpirationTime()
      Retrieves the time that the user's failure-locked account will be automatically unlocked.
      Returns:
      The time that the user's failure-locked account will be automatically unlocked, or null if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked, or because the lockout is not temporary).

    • getSecondsRemainingInFailureLockout

      @Nullable public Integer getSecondsRemainingInFailureLockout()
      Retrieves the length of time in seconds remaining until the user's failure-locked account will be automatically unlocked.
      Returns:
      The length of time in seconds remaining until the user's failure-locked account will be automatically unlocked, or null if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked, or because the lockout is not temporary).

    • getLastLoginTime

      @Nullable public Date getLastLoginTime()
      Retrieves the time that the user last successfully authenticated to the server.
      Returns:
      The time that the user last successfully authenticated to the server, or null if this was not included in the password policy state JSON object (e.g., because last login time tracking is not configured in the password policy that governs the user).

    • getSecondsSinceLastLogin

      @Nullable public Integer getSecondsSinceLastLogin()
      Retrieves the length of time in seconds since the user last successfully authenticated to the server.
      Returns:
      The length of time in seconds since the user last successfully authenticated to the server, or null if this was not included in the password policy state JSON object (e.g., because last login time tracking is not configured in the password policy that governs the user).

    • getLastLoginIPAddress

      @Nullable public String getLastLoginIPAddress()
      Retrieves the IP address of the client from which the user last successfully authenticated.
      Returns:
      The IP address of the client from which the user last successfully authenticated, or null if this was not included in the password policy state JSON object (e.g., because last login IP address tracking is not configured in the password policy that governs the user).

    • getAccountIsIdleLocked

      @Nullable public Boolean getAccountIsIdleLocked()
      Retrieves the value of a flag that indicates whether the user's account is currently locked because it has been too long since they last authenticated to the server.
      Returns:
      Boolean.TRUE if the user's account is currently idle-locked, Boolean.FALSE if the user's account is not currently idle-locked, or null if this flag was not included in the password policy state JSON object.

    • getIdleLockoutIntervalSeconds

      @Nullable public Integer getIdleLockoutIntervalSeconds()
      Retrieves the maximum length of time in seconds that can elapse between successful authentications before the user's account is locked.
      Returns:
      The maximum length of time in seconds that can elapse between successful authentications before the user's account is locked, or null if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user).

    • getIdleLockoutTime

      @Nullable public Date getIdleLockoutTime()
      Retrieves the time that the user's account will be (or was) locked for allowing too much time to elapse between successful authentications.
      Returns:
      The time that the user's account will be (or was) locked for allowing too much time to elapse between successful authentications, or null if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user).

    • getSecondsUntilIdleLockout

      @Nullable public Integer getSecondsUntilIdleLockout()
      Retrieves the length of time in seconds until the user's account will be locked for allowing too much time to elapse between successful authentications.
      Returns:
      The length of time in seconds until the user's account will be locked for allowing too much time to elapse between successful authentication, or null if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user, or because the user's account is already idle-locked).

    • getSecondsSinceIdleLockout

      @Nullable public Integer getSecondsSinceIdleLockout()
      Retrieves the length of time in seconds since the user's account was locked for allowing too much time to elapse between successful authentications.
      Returns:
      The length of time in seconds since the user's account was locked for allowing too much time to elapse between successful authentication, or null if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user, or because the user's account is not idle-locked).

    • getMustChangePassword

      @Nullable public Boolean getMustChangePassword()
      Retrieves the value of a flag that indicates whether the user must change their password before they will be allowed to perform any other operations in the server.
      Returns:
      Boolean.TRUE if the user must change their password before they will be allowed to perform any other operations in the server, Boolean.FALSE if the user is not required to change their password, or null if this flag was not included in the password policy state JSON object.

    • getAccountIsResetLocked

      @Nullable public Boolean getAccountIsResetLocked()
      Retrieves the value of a flag that indicates whether the user's account is locked because they failed to choose a new password in a timely manner after an administrative reset.
      Returns:
      Boolean.TRUE if the user's account is currently reset-locked, Boolean.FALSE if the user's account is not reset-locked, or null if this flag was not included in the password policy state JSON object.

    • getForceChangeOnAdd

      @Nullable public Boolean getForceChangeOnAdd()
      Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their account is created.
      Returns:
      Boolean.TRUE if users are required to choose a new password the first time they authenticate after their account is created, Boolean.FALSE if users are not required to choose a new password after their account is created, or null if this flag was not included in the password policy state JSON object.

    • getForceChangeOnReset

      @Nullable public Boolean getForceChangeOnReset()
      Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their password has been reset by an administrator.
      Returns:
      Boolean.TRUE if users are required to choose a new password the first time they authenticate after their password is reset, Boolean.FALSE if users are not required to choose a new password after their password is reset, or null if this flag was not included in the password policy state JSON object.

    • getMaximumPasswordResetAgeSeconds

      @Nullable public Integer getMaximumPasswordResetAgeSeconds()
      Retrieves the maximum length of time in seconds that a user has to change their password after an administrative reset before their account will be locked.
      Returns:
      The maximum length of time in seconds that a user has to change their password after an administrative reset before their account will be locked, or null if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user).

    • getResetLockoutTime

      @Nullable public Date getResetLockoutTime()
      Retrieves the time that the user's account will be (or was) locked after failing to choose a new password in a timely manner after an administrative reset.
      Returns:
      The time that the user's account will be (or wa) locked after failing to choose a new password in a timely manner after an administrative reset, or null if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user, or because the user's password has not been reset).

    • getSecondsUntilResetLockout

      @Nullable public Integer getSecondsUntilResetLockout()
      Retrieves the length of time in seconds until the user's account will be locked for failing to choose a new password after an administrative reset.
      Returns:
      The length of time in seconds until the user's account will be locked for failing to choose a new password after an administrative reset, or null if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user, because the user's password has not been reset, or because the user's account is already reset-locked).

    • getMaximumPasswordHistoryCount

      @Nullable public Integer getMaximumPasswordHistoryCount()
      Retrieves the maximum number of passwords that the server will maintain in the user's password history.
      Returns:
      The maximum number of passwords that the server will maintain in the user's password history, or null if this was not included in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history, or because it maintains a password history based on a duration rather than a count).

    • getMaximumPasswordHistoryDurationSeconds

      @Nullable public Integer getMaximumPasswordHistoryDurationSeconds()
      Retrieves the maximum length of time in seconds that the server will maintain passwords in the user's password history.
      Returns:
      The maximum length of time in seconds that the server will maintain passwords in the user's password history, or null if this was not included in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history, or because it maintains a password history based on a count rather than a duration).

    • getCurrentPasswordHistoryCount

      @Nullable public Integer getCurrentPasswordHistoryCount()
      Retrieves the number of passwords currently held in the user's password history.
      Returns:
      The number of passwords currently held in the user's password history, or null if this was not incldued in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history).

    • getIsWithinMinimumPasswordAge

      @Nullable public Boolean getIsWithinMinimumPasswordAge()
      Indicates whether the user is currently prohibited from changing their password because not enough time has elapsed since they last changed their password.
      Returns:
      Boolean.TRUE if the user is currently prohibited from changing their password because not enough time has elapsed since they last changed their password, Boolean.FALSE if the user is not prohibited from changing their password because of the minimum password age, or null if this flag was not included in the password policy state JSON object.

    • getMinimumPasswordAgeSeconds

      @Nullable public Integer getMinimumPasswordAgeSeconds()
      Retrieves the minimum length of time in seconds that must elapse after a user changes their password before they will be permitted to change it again.
      Returns:
      The minimum length of time in seconds that must elapse after a user changes their password before they will be permitted to change it again, or null if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user).

    • getMinimumPasswordAgeExpirationTime

      @Nullable public Date getMinimumPasswordAgeExpirationTime()
      Retrieves the earliest time that the user will be permitted to change their password as a result of the minimum password age.
      Returns:
      The earliest time that the user will be permitted to change their password as a result of the minimum password age, or null if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user, or because it has been longer than the minimum age since they last changed their password).

    • getSecondsRemainingInMinimumPasswordAge

      @Nullable public Integer getSecondsRemainingInMinimumPasswordAge()
      Retrieves the length of time in seconds remaining until the user will be permitted to change their password as a result of the minimum password age.
      Returns:
      The length of time in seconds remaining until the user will be permitted to change their password as a result of the minimum password age, or null if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user, or because it has been longer than the minimum age since they last changed their password).

    • getMaximumGraceLoginCount

      @Nullable public Integer getMaximumGraceLoginCount()
      Retrieves the maximum number of grace login attempts that the user will have to allow them to change an expired password.
      Returns:
      The maximum number of grace login attempts that the user will have to allow them to change an expired password, or null if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).

    • getUsedGraceLoginCount

      @Nullable public Integer getUsedGraceLoginCount()
      Retrieves the number of grace logins that the user has currently used.
      Returns:
      The number of grace login attempts that the user has currently used, or null if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).

    • getRemainingGraceLoginCount

      @Nullable public Integer getRemainingGraceLoginCount()
      Retrieves the remaining number of grace logins for the user.
      Returns:
      The remaining number of grace logins for the user, or null if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).

    • getGraceLoginUseTimes

      @NotNull public List<Date> getGraceLoginUseTimes()
      Retrieves a list of the times that the user has used a grace login to authenticate.
      Returns:
      A list of the times that the user has used a grace login to authenticate, or an empty list if the user has not used any grace logins, or if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).

    • getHasRetiredPassword

      @Nullable public Boolean getHasRetiredPassword()
      Retrieves the value of a flag that indicates whether the user account has a retired former password that may still be used to authenticate.
      Returns:
      Boolean.TRUE if the user account currently has a valid retired password, Boolean.FALSE if the user account does not have a valid retired password, or null if this flag was not included in the password policy state JSON object.

    • getRetiredPasswordExpirationTime

      @Nullable public Date getRetiredPasswordExpirationTime()
      Retrieves the time that the user's retired password will expire and can no longer be used to authenticate.
      Returns:
      The time that the user's retired password will expire, or null if this was not included in the password policy state JSON object (e.g., because the user does not have a retired password).

    • getSecondsUntilRetiredPasswordExpiration

      @Nullable public Integer getSecondsUntilRetiredPasswordExpiration()
      Retrieves the length of time in seconds remaining until the user's retired password expires and can no longer be used to authenticate.
      Returns:
      The length of time in seconds remaining until the user's retired password expires, or null if this was not included in the password policy state JSON object (e.g., because the user does not have a retired password).

    • getRequireSecureAuthentication

      @Nullable public Boolean getRequireSecureAuthentication()
      Retrieves the value of a flag that indicates whether the user will be required to authenticate in a secure manner that does not reveal their credentials to an observer.
      Returns:
      Boolean.TRUE if the user will be required to authenticate in a secure manner, Boolean.FALSE if the user will not be required to authenticate in a secure manner, or null if this flag was not included in the password policy state JSON object.

    • getRequireSecurePasswordChanges

      @Nullable public Boolean getRequireSecurePasswordChanges()
      Retrieves the value of a flag that indicates whether the user will be required to change their password in a secure manner that does not reveal their credentials to an observer.
      Returns:
      Boolean.TRUE if the user will be required to change their password in a secure manner, Boolean.FALSE if the user will not be required to change their password in a secure manner, or null if this flag was not included in the password policy state JSON object.

    • getAvailableSASLMechanisms

      @NotNull public List<String> getAvailableSASLMechanisms()
      Retrieves a list of the names of the SASL mechanisms that the user can use to authenticate.
      Returns:
      A list of the names of the SASL mechanisms that the user can use to authenticate, or an empty list if no SASL mechanisms are available to the user or if this was not included in the password policy state JSON object.

    • getAvailableOTPDeliveryMechanisms

      @NotNull public List<String> getAvailableOTPDeliveryMechanisms()
      Retrieves a list of the names of the OTP delivery mechanisms that the user can use to receive one-time passwords, password reset tokens, and single-use tokens.
      Returns:
      A list of the names of the OTP delivery mechanisms that the user can use, or an empty list if no OTP delivery mechanisms are available to the user or if this was not included in the password policy state JSON object.

    • getHasTOTPSharedSecret

      @Nullable public Boolean getHasTOTPSharedSecret()
      Retrieves the value of a flag that indicates whether the user account has at least one TOTP shared secret that can be used to authenticate with time-based one-time passwords via the UNBOUNDID-TOTP SASL mechanism.
      Returns:
      Boolean.TRUE if the user account has at least one TOTP shared secret, Boolean.FALSE if the user account does not have any TOTP shared secrets, or null if this flag was not included in the password policy state JSON object.

    • getHasRegisteredYubiKeyOTPDevice

      @Nullable public Boolean getHasRegisteredYubiKeyOTPDevice()
      Retrieves the value of a flag that indicates whether the user account has at least one registered YubiKey OTP device that can be used to authenticate via the UNBOUNDID-YUBIKEY-OTP SASL mechanism.
      Returns:
      Boolean.TRUE if the user account has at least one registered YubiKey OTP device, Boolean.FALSE if the user account does not have any registered YubiKey OTP devices, or null if this flag was not included in the password policy state JSON object.

    • getAccountIsValidationLocked

      @Nullable public Boolean getAccountIsValidationLocked()
      Retrieves the value of a flag that indicates whether the user account is currently locked because it contains a password that does not satisfy all of the configured password validators.
      Returns:
      Boolean.TRUE if the user account is locked because it contains a password that does not satisfy all of the configured password validators, Boolean.FALSE if the account is not validation-locked, or null if this flag was not included in the password policy state JSON object.

    • getLastBindPasswordValidationTime

      @Nullable public Date getLastBindPasswordValidationTime()
      Retrieves the time that the server last invoked password validators during a bind operation for the user.
      Returns:
      The time that the server last invoked password validators during a bind operation for the user, or null if this was not included in the password policy state JSON object.

    • getSecondsSinceLastBindPasswordValidation

      @Nullable public Integer getSecondsSinceLastBindPasswordValidation()
      Retrieves the length of time in seconds that has passed since the server last invoked password validators during a bind operation for the user.
      Returns:
      The length of time in seconds that has passed since the server last invoked password validators during a bind operation for the user, or null if this was not included in the password policy state JSON object.

    • getMinimumBindPasswordValidationFrequencySeconds

      @Nullable public Integer getMinimumBindPasswordValidationFrequencySeconds()
      Retrieves the minimum length of time in seconds that should pass between invocations of password validators during a bind operation for the user.
      Returns:
      The minimum length of time in seconds that should pass between invocations of password validators during a bind operation for each user, or null if this was not included in the password policy state JSON object.

    • getBindPasswordValidationFailureAction

      @Nullable public String getBindPasswordValidationFailureAction()
      Retrieves the name of the action that the server should take if the password provided during a bind operation fails to satisfy one or more password validators.
      Returns:
      The name of the action that the server should take if the password provided during a bind operation fails to satisfy one or more password validators, or null if this was not included in the password policy state JSON object.

    • getRecentLoginHistory

      @Nullable public RecentLoginHistory getRecentLoginHistory() throws LDAPException
      Retrieves the recent login history for the user.
      Returns:
      The recent login history for the user, or null if this was not included in the password policy state JSON object.
      Throws:
      LDAPException - If a problem occurs while trying to parse the recent login history for the user.

    • getMaximumRecentLoginHistorySuccessfulAuthenticationCount

      @Nullable public Integer getMaximumRecentLoginHistorySuccessfulAuthenticationCount()
      Retrieves the maximum number of recent successful login attempts the server should maintain for a user.
      Returns:
      The maximum number of recent successful login attempts the server should maintain for a user, or nullif this was not included in the password policy state JSON object.

    • getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds

      @Nullable public Integer getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds()
      Retrieves the maximum age in seconds of recent successful login attempts the server should maintain for a user.
      Returns:
      The maximum age in seconds of recent successful login attempts the server should maintain for a user, or nullif this was not included in the password policy state JSON object.

    • getMaximumRecentLoginHistoryFailedAuthenticationCount

      @Nullable public Integer getMaximumRecentLoginHistoryFailedAuthenticationCount()
      Retrieves the maximum number of recent failed login attempts the server should maintain for a user.
      Returns:
      The maximum number of recent failed login attempts the server should maintain for a user, or nullif this was not included in the password policy state JSON object.

    • getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds

      @Nullable public Integer getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds()
      Retrieves the maximum age in seconds of recent failed login attempts the server should maintain for a user.
      Returns:
      The maximum age in seconds of recent failed login attempts the server should maintain for a user, or nullif this was not included in the password policy state JSON object.

    • getAddPasswordQualityRequirements

      @NotNull public List<PasswordQualityRequirement> getAddPasswordQualityRequirements()
      Retrieves the list of quality requirements that must be satisfied for passwords included in new entries that are added using the same password policy as the associated entry.
      Returns:
      The list of password quality requirements that will be enforced for adds using the same password policy as the associated entry, or an empty list if no requirements will be imposed.

    • getSelfChangePasswordQualityRequirements

      @NotNull public List<PasswordQualityRequirement> getSelfChangePasswordQualityRequirements()
      Retrieves the list of quality requirements that must be satisfied when the associated user attempts to change their own password.
      Returns:
      The list of password quality requirements that will be enforced for self password changes, or an empty list if no requirements will be imposed.

    • getAdministrativeResetPasswordQualityRequirements

      @NotNull public List<PasswordQualityRequirement> getAdministrativeResetPasswordQualityRequirements()
      Retrieves the list of quality requirements that must be satisfied when an administrator attempts to change the user's password.
      Returns:
      The list of password quality requirements that will be enforced for administrative password resets, or an empty list if no requirements will be imposed.

    • getBindPasswordQualityRequirements

      @NotNull public List<PasswordQualityRequirement> getBindPasswordQualityRequirements()
      Retrieves the list of quality requirements that must be satisfied when the associated user authenticates in a manner that makes the clear-text password available to the server.
      Returns:
      The list of password quality requirements that will be enforced for binds, or an empty list if no requirements will be imposed.

    • hasPasswordEncodedWithNonCurrentSettings

      @Nullable public Boolean hasPasswordEncodedWithNonCurrentSettings()
      Indicates whether the user has a static password that is encoded with settings that don't match the current configuration for the associated password storage scheme.
      Returns:
      Boolean.TRUE if the account has a static password that is encoded with non-current settings, Boolean.FALSE if the account does not have a static password that is encoded with non-current settings, or null if this flag was not included in the password policy state JSON object.

    • getNonCurrentPasswordStorageSchemeSettingsExplanations

      @NotNull public Map<String,List<String>> getNonCurrentPasswordStorageSchemeSettingsExplanations()
      Retrieves a map with information about the reasons that a password may not be encoded with the current settings for the associated password storage scheme. The keys of the map will the name of the storage scheme, and the values will be a possibly-empty list of explanations that describe why a password encoded with that scheme is encoded with non-current settings.
      Returns:
      A map with information about the reasons that a password may not be encoded with the current settings for the associated password storage scheme, or an empty map if this was not included in the password policy state JSON object.

    • toString

      @NotNull public String toString()
      Retrieves a string representation of the password policy state information.
      Overrides:
      toString in class Object
      Returns:
      A string representation of the password policy state information.