Package com.unboundid.ldap.sdk.unboundidds.extensions

Class GeneratePasswordExtendedRequest

java.lang.Object
com.unboundid.ldap.sdk.LDAPRequest
com.unboundid.ldap.sdk.ExtendedRequest
com.unboundid.ldap.sdk.unboundidds.extensions.GeneratePasswordExtendedRequest
All Implemented Interfaces:
ProtocolOp, ReadOnlyLDAPRequest, Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class GeneratePasswordExtendedRequest extends ExtendedRequest
This class provides an implementation of an extended request that may be used to request that the server suggest one or more passwords that the client may use in new entries, password changes, or administrative password resets.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This extended request has an OID of "1.3.6.1.4.1.30221.2.6.62" and a value\ with the following encoding: 

   GeneratePasswordRequest ::= SEQUENCE {
        passwordPolicySelection     CHOICE {
             defaultPolicy        [0] NULL,
             passwordPolicyDN     [1] LDAPDN,
             targetEntryDN        [2] LDAPDN,
             ... },
        numberOfPasswords      [3] INTEGER DEFAULT 1,
        validationAttempts     [4] INTEGER DEFAULT 5,
        ... }


The "passwordPolicySelection" element allows the client to indicate which password policy (along with its associated password generator and password validators) should be used in the course of generating the passwords, and available options include:
  • defaultPolicy -- Indicates that the server should use the default password policy as defined in the configuration.
  • passwordPolicyDN -- Specifies the DN of the password policy that should be used.
  • targetEntryDN -- Specifies the DN of the target entry for which the passwords are to be generated. If this entry exists, then the password policy that governs it will be used. If the entry does not exist, then the server will generate a stub of an entry with the provided DN and compute virtual attributes for that entry to account for the possibility that a password policy may be assigned by a virtual attribute, but will fall back to using the default password policy as defined in the configuration.


The "numberOfPasswords" element indicates the number of passwords that the server should generate, since it may be beneficial for the server to suggest multiple passwords and allow the user to choose one. If specified, then the value must be greater than or equal to one.

The "validationAttempts" element indicates the number of attempts that the server should make to generate each password in a way that will satisfy the set of validators associated with the selected password policy. A value of zero indicates that no validation should be performed. A value of one will cause the server to invoke password validators on each generated password, still returning that password but also including information about potential reasons that generated password may not pass validation. A value that is greater than one will cause the server to re-generate each password up to the specified number of times if the previous attempt resulted in a password that did not satisfy all of the associated password validators. In the event that no acceptable password could be generated after exhausting all attempts, the server will select the last one generated, but will provide a list of reasons that the password was not considered acceptable so that they may be provided to the end user as additional guidance when choosing a password.

If the generate password operation is processed successfully, then the server will return a GeneratePasswordExtendedResult response with the passwords that it generated and other relevant information.
See Also:

  • Field Details

  • Constructor Details

    • GeneratePasswordExtendedRequest

      public GeneratePasswordExtendedRequest(@Nullable Control... controls)
      Creates a new generate password extended request with all the default settings.
      Parameters:
      controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.

    • GeneratePasswordExtendedRequest

      public GeneratePasswordExtendedRequest(@NotNull ExtendedRequest request) throws LDAPException
      Creates a new generate password extended request that is decoded from the provided generic request.
      Parameters:
      request - The extended request to be decoded as a generate password extended request. It must not be null.
      Throws:
      LDAPException - If the provided extended request cannot be decoded as a generate password request.

  • Method Details

    • createDefaultPolicyRequest

      @NotNull public static GeneratePasswordExtendedRequest createDefaultPolicyRequest(int numberOfPasswords, int numberOfValidationAttempts, @Nullable Control... controls)
      Creates a generate password extended request that will use the default password policy (as defined in the server configuration) to determine which password generator and validators should be used.
      Parameters:
      numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
      numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
      controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
      Returns:
      The generate password extended request that was created.

    • createPasswordPolicyDNRequest

      @NotNull public static GeneratePasswordExtendedRequest createPasswordPolicyDNRequest(@NotNull String passwordPolicyDN, int numberOfPasswords, int numberOfValidationAttempts, @Nullable Control... controls)
      Creates a generate password extended request that will use the password policy defined in the entry with the specified DN to determine which password generator and validators should be used.
      Parameters:
      passwordPolicyDN - The DN of the entry that defines the password policy to use to determine which password generator and validators should be used. It must not be null.
      numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
      numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
      controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
      Returns:
      The generate password extended request that was created.

    • createTargetEntryDNRequest

      @NotNull public static GeneratePasswordExtendedRequest createTargetEntryDNRequest(@NotNull String targetEntryDN, int numberOfPasswords, int numberOfValidationAttempts, @Nullable Control... controls)
      Creates a generate password extended request that will use the password policy that governs the specified entry to determine which password generator and validators should be used. If the target entry does not exist, then the server will generate a stub of an entry and compute virtual attributes for that entry to account for the possibility that the password policy may be specified using a virtual attribute.
      Parameters:
      targetEntryDN - The DN of the entry whose governing password policy should be used. It must not be null.
      numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
      numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
      controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
      Returns:
      The generate password extended request that was created.

    • getPasswordPolicySelectionType

      @NotNull public GeneratePasswordPolicySelectionType getPasswordPolicySelectionType()
      Retrieves the password policy selection type for this request.
      Returns:
      The password policy selection type for this request.

    • getPasswordPolicyDN

      @Nullable public String getPasswordPolicyDN()
      Retrieves the DN of the entry that defines the password policy that should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.PASSWORD_POLICY_DN password policy selection type.
      Returns:
      The DN of the entry that defines the password policy that should be used when generating and validating the passwords, or null if the password policy selection type is anything other than PASSWORD_POLICY_DN.

    • getTargetEntryDN

      @Nullable public String getTargetEntryDN()
      Retrieves the DN of the target entry whose governing password policy should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.TARGET_ENTRY_DN password policy selection type.
      Returns:
      The DN of the target entry whose governing password policy should be used when generating and validating the passwords, or null if the password policy selection type is anything other than TARGET_ENTRY_DN.

    • getNumberOfPasswords

      public int getNumberOfPasswords()
      Retrieves the number of passwords that the client wants the server to generate. Note that the server may choose to generate fewer passwords than this, based on its configuration.
      Returns:
      The number of passwords that the client wants the server to generate.

    • getNumberOfValidationAttempts

      public int getNumberOfValidationAttempts()
      Retrieves the number of maximum number of attempts that the client wants the server to make when generating each password in the hope that the generated password will satisfy the validation criteria specified in the associated password policy. Note that the server may choose to make fewer validation attempts than this, based on its configuration.
      Returns:
      The number maximum number of validation attempts that the client wants the server to make, or zero if the server should not attempt to validate the generated passwords.

    • process

      @NotNull protected GeneratePasswordExtendedResult process(@NotNull LDAPConnection connection, int depth) throws LDAPException
      Sends this extended request to the directory server over the provided connection and returns the associated response.
      Overrides:
      process in class ExtendedRequest
      Parameters:
      connection - The connection to use to communicate with the directory server.
      depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.
      Returns:
      An LDAP result object that provides information about the result of the extended operation processing.
      Throws:
      LDAPException - If a problem occurs while sending the request or reading the response.

    • duplicate

      @NotNull public GeneratePasswordExtendedRequest duplicate()
      Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • duplicate

      @NotNull public GeneratePasswordExtendedRequest duplicate(@Nullable Control[] controls)
      Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Parameters:
      controls - The set of controls to include in the duplicate request.
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • getExtendedRequestName

      @NotNull public String getExtendedRequestName()
      Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.
      Overrides:
      getExtendedRequestName in class ExtendedRequest
      Returns:
      The user-friendly name for this extended request, or the OID if no user-friendly name is available.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this request to the provided buffer.
      Specified by:
      toString in interface ProtocolOp
      Specified by:
      toString in interface ReadOnlyLDAPRequest
      Overrides:
      toString in class ExtendedRequest
      Parameters:
      buffer - The buffer to which to append a string representation of this request.