Package com.unboundid.ldap.sdk.unboundidds.extensions

Class PasswordPolicyStateExtendedRequest

java.lang.Object
com.unboundid.ldap.sdk.LDAPRequest
com.unboundid.ldap.sdk.ExtendedRequest
com.unboundid.ldap.sdk.unboundidds.extensions.PasswordPolicyStateExtendedRequest
All Implemented Interfaces:
ProtocolOp, ReadOnlyLDAPRequest, Serializable
@NotMutable @ThreadSafety(level=NOT_THREADSAFE) public final class PasswordPolicyStateExtendedRequest extends ExtendedRequest
This class provides an implementation of the password policy state extended request as used in the Ping Identity, UnboundID, or Nokia/Alcatel-Lucent 8661 Directory Server. It may be used to retrieve and/or alter password policy properties for a user account. See the documentation in the PasswordPolicyStateOperation class for information about the types of operations that can be performed.
NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

The extended request has an OID of 1.3.6.1.4.1.30221.1.6.1 and a value with the following encoding: 
   PasswordPolicyStateValue ::= SEQUENCE {
        targetUser     LDAPDN
        operations     SEQUENCE OF PasswordPolicyStateOperation OPTIONAL }

   PasswordPolicyStateOperation ::= SEQUENCE {
        opType       ENUMERATED {
             getPasswordPolicyDN                          (0),
             getAccountDisabledState                      (1),
             setAccountDisabledState                      (2),
             clearAccountDisabledState                    (3),
             getAccountExpirationTime                     (4),
             setAccountExpirationTime                     (5),
             clearAccountExpirationTime                   (6),
             getSecondsUntilAccountExpiration             (7),
             getPasswordChangedTime                       (8),
             setPasswordChangedTime                       (9),
             clearPasswordChangedTime                     (10),
             getPasswordExpirationWarnedTime              (11),
             setPasswordExpirationWarnedTime              (12),
             clearPasswordExpirationWarnedTime            (13),
             getSecondsUntilPasswordExpiration            (14),
             getSecondsUntilPasswordExpirationWarning     (15),
             getAuthenticationFailureTimes                (16),
             addAuthenticationFailureTime                 (17),
             setAuthenticationFailureTimes                (18),
             clearAuthenticationFailureTimes              (19),
             getSecondsUntilAuthenticationFailureUnlock   (20),
             getRemainingAuthenticationFailureCount       (21),
             getLastLoginTime                             (22),
             setLastLoginTime                             (23),
             clearLastLoginTime                           (24),
             getSecondsUntilIdleLockout                   (25),
             getPasswordResetState                        (26),
             setPasswordResetState                        (27),
             clearPasswordResetState                      (28),
             getSecondsUntilPasswordResetLockout          (29),
             getGraceLoginUseTimes                        (30),
             addGraceLoginUseTime                         (31),
             setGraceLoginUseTimes                        (32),
             clearGraceLoginUseTimes                      (33),
             getRemainingGraceLoginCount                  (34),
             getPasswordChangedByRequiredTime             (35),
             setPasswordChangedByRequiredTime             (36),
             clearPasswordChangedByRequiredTime           (37),
             getSecondsUntilRequiredChangeTime            (38),
             getPasswordHistory                           (39), -- Deprecated
             clearPasswordHistory                         (40),
             hasRetiredPassword                           (41),
             getPasswordRetiredTime                       (42),
             getRetiredPasswordExpirationTime             (43),
             purgeRetiredPassword                         (44),
             getAccountActivationTime                     (45),
             setAccountActivationTime                     (46),
             clearAccountActivationTime                   (47),
             getSecondsUntilAccountActivation             (48),
             getLastLoginIPAddress                        (49),
             setLastLoginIPAddress                        (50),
             clearLastLoginIPAddress                      (51),
             getAccountUsabilityNotices                   (52),
             getAccountUsabilityWarnings                  (53),
             getAccountUsabilityErrors                    (54),
             getAccountIsUsable                           (55),
             getAccountIsNotYetActive                     (56),
             getAccountIsExpired                          (57),
             getPasswordExpirationTime                    (58),
             getAccountIsFailureLocked                    (59),
             setAccountIsFailureLocked                    (60),
             getFailureLockoutTime                        (61),
             getAccountIsIdleLocked                       (62),
             getIdleLockoutTime                           (63),
             getAccountIsResetLocked                      (64),
             getResetLockoutTime                          (65),
             getPasswordHistoryCount                      (66),
             getPasswordIsExpired                         (67),
             getAvailableSASLMechanisms                   (68),
             getAvailableOTPDeliveryMechanisms            (69),
             getHasTOTPSharedSecret                       (70),
             getRegisteredYubiKeyPublicIDs                (71),
             addRegisteredYubiKeyPublicID                 (72),
             removeRegisteredYubiKeyPublicID              (73),
             setRegisteredYubiKeyPublicIDs                (74),
             clearRegisteredYubiKeyPublicIDs              (75),
             addTOTPSharedSecret                          (76),
             removeTOTPSharedSecret                       (77),
             setTOTPSharedSecrets                         (78),
             clearTOTPSharedSecrets                       (79),
             hasRegisteredYubiKeyPublicID                 (80),
             hasStaticPassword                            (81),
             getLastBindPasswordValidationTime            (82),
             getSecondsSinceLastBindPasswordValidation    (83),
             setLastBindPasswordValidationTime            (84),
             clearLastBindPasswordValidationTime          (85),
             getAccountIsValidationLocked                 (86),
             setAccountIsValidationLocked                 (87),
             getRecentLoginHistory                        (88),
             clearRecentLoginHistory                      (89),
             ... },
      opValues     SEQUENCE OF OCTET STRING OPTIONAL }

Example

The following example demonstrates the use of the password policy state extended operation to administratively disable a user's account: 
 PasswordPolicyStateOperation disableOp =
      PasswordPolicyStateOperation.createSetAccountDisabledStateOperation(
           true);
 PasswordPolicyStateExtendedRequest pwpStateRequest =
      new PasswordPolicyStateExtendedRequest(
               "uid=john.doe,ou=People,dc=example,dc=com", disableOp);
 PasswordPolicyStateExtendedResult pwpStateResult =
      (PasswordPolicyStateExtendedResult)
      connection.processExtendedOperation(pwpStateRequest);

 // NOTE:  The processExtendedOperation method will generally only throw an
 // exception if a problem occurs while trying to send the request or read
 // the response.  It will not throw an exception because of a non-success
 // response.

 if (pwpStateResult.getResultCode() == ResultCode.SUCCESS)
 {
   boolean isDisabled = pwpStateResult.getBooleanValue(
        PasswordPolicyStateOperation.OP_TYPE_GET_ACCOUNT_DISABLED_STATE);
   if (isDisabled)
   {
     // The user account has been disabled.
   }
   else
   {
     // The user account is not disabled.
   }
 }
See Also:

  • Field Details

  • Constructor Details

    • PasswordPolicyStateExtendedRequest

      public PasswordPolicyStateExtendedRequest(@NotNull String userDN, @NotNull PasswordPolicyStateOperation... operations)
      Creates a new password policy state extended request with the provided user DN and optional set of operations.
      Parameters:
      userDN - The DN of the user account on which to operate.
      operations - The set of password policy state operations to process. If no operations are provided, then the effect will be to retrieve the values of all available password policy state properties.

    • PasswordPolicyStateExtendedRequest

      public PasswordPolicyStateExtendedRequest(@NotNull String userDN, @Nullable Control[] controls, @NotNull PasswordPolicyStateOperation... operations)
      Creates a new password policy state extended request with the provided user DN, optional set of operations, and optional set of controls.
      Parameters:
      userDN - The DN of the user account on which to operate.
      controls - The set of controls to include in the request.
      operations - The set of password policy state operations to process. If no operations are provided, then the effect will be to retrieve the values of all available password policy state properties.

    • PasswordPolicyStateExtendedRequest

      public PasswordPolicyStateExtendedRequest(@NotNull ExtendedRequest extendedRequest) throws LDAPException
      Creates a new password policy state extended request from the provided generic extended request.
      Parameters:
      extendedRequest - The generic extended request to use to create this password policy state extended request.
      Throws:
      LDAPException - If a problem occurs while decoding the request.

  • Method Details

    • getUserDN

      @NotNull public String getUserDN()
      Retrieves the DN of the user account on which to operate.
      Returns:
      The DN of the user account on which to operate.

    • getOperations

      @NotNull public PasswordPolicyStateOperation[] getOperations()
      Retrieves the set of password policy state operations to be processed.
      Returns:
      The set of password policy state operations to be processed, or an empty list if the values of all password policy state properties should be retrieved.

    • process

      @NotNull public PasswordPolicyStateExtendedResult process(@NotNull LDAPConnection connection, int depth) throws LDAPException
      Sends this extended request to the directory server over the provided connection and returns the associated response.
      Overrides:
      process in class ExtendedRequest
      Parameters:
      connection - The connection to use to communicate with the directory server.
      depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.
      Returns:
      An LDAP result object that provides information about the result of the extended operation processing.
      Throws:
      LDAPException - If a problem occurs while sending the request or reading the response.

    • duplicate

      @NotNull public PasswordPolicyStateExtendedRequest duplicate()
      Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • duplicate

      @NotNull public PasswordPolicyStateExtendedRequest duplicate(@Nullable Control[] controls)
      Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.
      Specified by:
      duplicate in interface ReadOnlyLDAPRequest
      Overrides:
      duplicate in class ExtendedRequest
      Parameters:
      controls - The set of controls to include in the duplicate request.
      Returns:
      A new instance of this LDAP request that may be modified without impacting this request.

    • getExtendedRequestName

      @NotNull public String getExtendedRequestName()
      Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.
      Overrides:
      getExtendedRequestName in class ExtendedRequest
      Returns:
      The user-friendly name for this extended request, or the OID if no user-friendly name is available.

    • toString

      public void toString(@NotNull StringBuilder buffer)
      Appends a string representation of this request to the provided buffer.
      Specified by:
      toString in interface ProtocolOp
      Specified by:
      toString in interface ReadOnlyLDAPRequest
      Overrides:
      toString in class ExtendedRequest
      Parameters:
      buffer - The buffer to which to append a string representation of this request.