Package com.unboundid.ldap.sdk.unboundidds.controls

Class RetirePasswordRequestControl

java.lang.Object
com.unboundid.ldap.sdk.Control
com.unboundid.ldap.sdk.unboundidds.controls.RetirePasswordRequestControl
All Implemented Interfaces:
Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class RetirePasswordRequestControl extends Control
This class provides a request control that can be included in a modify request or a password modify extended request in order to indicate that if the operation results in changing the password for a user, the user's former password should be marked as "retired", which may allow it to remain in use for a brief period of time (as configured in the password policy governing that user) to allow for applications which may have been configured with that password can be updated to use the new password.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This control has an OID of "1.3.6.1.4.1.30221.2.5.31" and does not have a value. The criticality may be either true (in which case the operation will succeed only if the user's password policy allows passwords to be retired by a request control) or false (in which case if the password policy does not allow the use of this control, the operation will be processed as if the control had not been included in the request).

Example

The following example demonstrates the use of the retire password request control to request that a user's current password be retired in the course of a password change. 
 Control[] requestControls =
 {
   new RetirePasswordRequestControl(true)
 };

 PasswordModifyExtendedRequest passwordModifyRequest =
      new PasswordModifyExtendedRequest(
           "uid=test.user,ou=People,dc=example,dc=com", // The user to update
           null, // The current password -- we don't know it.
           "newPassword", // The new password to assign to the user.
           requestControls); // The controls to include in the request.
 PasswordModifyExtendedResult passwordModifyResult =
      (PasswordModifyExtendedResult)
      connection.processExtendedOperation(passwordModifyRequest);
See Also:

  • Field Details

  • Constructor Details

    • RetirePasswordRequestControl

      public RetirePasswordRequestControl(boolean isCritical)
      Creates a new retire password request control with the specified criticality.
      Parameters:
      isCritical - Indicates whether the control should be considered critical.

    • RetirePasswordRequestControl

      public RetirePasswordRequestControl(@NotNull Control control) throws LDAPException
      Creates a new retire password request control which is decoded from the provided generic control.
      Parameters:
      control - The generic control to be decoded as a retire password request control.
      Throws:
      LDAPException - If the provided control cannot be decoded as a retire password request control.

  • Method Details

    • getControlName

      @NotNull public String getControlName()
      Retrieves the user-friendly name for this control, if available. If no user-friendly name has been defined, then the OID will be returned.
      Overrides:
      getControlName in class Control
      Returns:
      The user-friendly name for this control, or the OID if no user-friendly name is available.

    • toJSONControl

      @NotNull public JSONObject toJSONControl()
      Retrieves a representation of this retire password request control as a JSON object. The JSON object uses the following fields (note that since this control does not have a value, neither the value-base64 nor value-json fields may be present):
      • oid -- A mandatory string field whose value is the object identifier for this control. For the retire password request control, the OID is "1.3.6.1.4.1.30221.2.5.31".
      • control-name -- An optional string field whose value is a human-readable name for this control. This field is only intended for descriptive purposes, and when decoding a control, the oid field should be used to identify the type of control.
      • criticality -- A mandatory Boolean field used to indicate whether this control is considered critical.
      Overrides:
      toJSONControl in class Control
      Returns:
      A JSON object that contains a representation of this control.

    • decodeJSONControl

      @NotNull public static RetirePasswordRequestControl decodeJSONControl(@NotNull JSONObject controlObject, boolean strict) throws LDAPException
      Attempts to decode the provided object as a JSON representation of a retire password request control.
      Parameters:
      controlObject - The JSON object to be decoded. It must not be null.
      strict - Indicates whether to use strict mode when decoding the provided JSON object. If this is true, then this method will throw an exception if the provided JSON object contains any unrecognized fields. If this is false, then unrecognized fields will be ignored.
      Returns:
      The retire password request control that was decoded from the provided JSON object.
      Throws:
      LDAPException - If the provided JSON object cannot be parsed as a valid retire password request control.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this LDAP control to the provided buffer.
      Overrides:
      toString in class Control
      Parameters:
      buffer - The buffer to which to append the string representation of this buffer.