com.unboundid.ldap.sdk.unboundidds.extensions

Class GeneratePasswordExtendedRequest

java.lang.Object

com.unboundid.ldap.sdk.LDAPRequest

com.unboundid.ldap.sdk.ExtendedRequest

com.unboundid.ldap.sdk.unboundidds.extensions.GeneratePasswordExtendedRequest

All Implemented Interfaces:

ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

@NotMutable
 @ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class GeneratePasswordExtendedRequest
extends ExtendedRequest

This class provides an implementation of an extended request that may be used to request that the server suggest one or more passwords that the client may use in new entries, password changes, or administrative password resets.

NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

This extended request has an OID of "1.3.6.1.4.1.30221.2.6.62" and a value\ with the following encoding:

   GeneratePasswordRequest ::= SEQUENCE {
        passwordPolicySelection     CHOICE {
             defaultPolicy        [0] NULL,
             passwordPolicyDN     [1] LDAPDN,
             targetEntryDN        [2] LDAPDN,
             ... },
        numberOfPasswords      [3] INTEGER DEFAULT 1,
        validationAttempts     [4] INTEGER DEFAULT 5,
        ... }
 

The "passwordPolicySelection" element allows the client to indicate which password policy (along with its associated password generator and password validators) should be used in the course of generating the passwords, and available options include:

• defaultPolicy -- Indicates that the server should use the default password policy as defined in the configuration.
• passwordPolicyDN -- Specifies the DN of the password policy that should be used.
• targetEntryDN -- Specifies the DN of the target entry for which the passwords are to be generated. If this entry exists, then the password policy that governs it will be used. If the entry does not exist, then the server will generate a stub of an entry with the provided DN and compute virtual attributes for that entry to account for the possibility that a password policy may be assigned by a virtual attribute, but will fall back to using the default password policy as defined in the configuration.

The "numberOfPasswords" element indicates the number of passwords that the server should generate, since it may be beneficial for the server to suggest multiple passwords and allow the user to choose one. If specified, then the value must be greater than or equal to one.

The "validationAttempts" element indicates the number of attempts that the server should make to generate each password in a way that will satisfy the set of validators associated with the selected password policy. A value of zero indicates that no validation should be performed. A value of one will cause the server to invoke password validators on each generated password, still returning that password but also including information about potential reasons that generated password may not pass validation. A value that is greater than one will cause the server to re-generate each password up to the specified number of times if the previous attempt resulted in a password that did not satisfy all of the associated password validators. In the event that no acceptable password could be generated after exhausting all attempts, the server will select the last one generated, but will provide a list of reasons that the password was not considered acceptable so that they may be provided to the end user as additional guidance when choosing a password.

If the generate password operation is processed successfully, then the server will return a GeneratePasswordExtendedResult response with the passwords that it generated and other relevant information.

See Also:

Serialized Form

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	GENERATE_PASSWORD_REQUEST_OID The OID (1.3.6.1.4.1.30221.2.6.62) for the generate password extended request.

Fields inherited from class com.unboundid.ldap.sdk.ExtendedRequest

TYPE_EXTENDED_REQUEST_OID, TYPE_EXTENDED_REQUEST_VALUE

Constructor Summary

Constructors

Constructor and Description
GeneratePasswordExtendedRequest(Control... controls) Creates a new generate password extended request with all the default settings.
GeneratePasswordExtendedRequest(ExtendedRequest request) Creates a new generate password extended request that is decoded from the provided generic request.

Method Summary

Modifier and Type	Method and Description
static GeneratePasswordExtendedRequest	createDefaultPolicyRequest(int numberOfPasswords, int numberOfValidationAttempts, Control... controls) Creates a generate password extended request that will use the default password policy (as defined in the server configuration) to determine which password generator and validators should be used.
static GeneratePasswordExtendedRequest	createPasswordPolicyDNRequest(java.lang.String passwordPolicyDN, int numberOfPasswords, int numberOfValidationAttempts, Control... controls) Creates a generate password extended request that will use the password policy defined in the entry with the specified DN to determine which password generator and validators should be used.
static GeneratePasswordExtendedRequest	createTargetEntryDNRequest(java.lang.String targetEntryDN, int numberOfPasswords, int numberOfValidationAttempts, Control... controls) Creates a generate password extended request that will use the password policy that governs the specified entry to determine which password generator and validators should be used.
GeneratePasswordExtendedRequest	duplicate() Creates a new instance of this LDAP request that may be modified without impacting this request.
GeneratePasswordExtendedRequest	duplicate(Control[] controls) Creates a new instance of this LDAP request that may be modified without impacting this request.
java.lang.String	getExtendedRequestName() Retrieves the user-friendly name for the extended request, if available.
int	getNumberOfPasswords() Retrieves the number of passwords that the client wants the server to generate.
int	getNumberOfValidationAttempts() Retrieves the number of maximum number of attempts that the client wants the server to make when generating each password in the hope that the generated password will satisfy the validation criteria specified in the associated password policy.
java.lang.String	getPasswordPolicyDN() Retrieves the DN of the entry that defines the password policy that should be used when generating and validating passwords.
GeneratePasswordPolicySelectionType	getPasswordPolicySelectionType() Retrieves the password policy selection type for this request.
java.lang.String	getTargetEntryDN() Retrieves the DN of the target entry whose governing password policy should be used when generating and validating passwords.
protected GeneratePasswordExtendedResult	process(LDAPConnection connection, int depth) Sends this extended request to the directory server over the provided connection and returns the associated response.
void	toString(java.lang.StringBuilder buffer) Appends a string representation of this request to the provided buffer.

Methods inherited from class com.unboundid.ldap.sdk.ExtendedRequest

encodeProtocolOp, getLastMessageID, getOID, getOperationType, getProtocolOpType, getValue, hasValue, responseReceived, toCode, writeTo

Methods inherited from class com.unboundid.ldap.sdk.LDAPRequest

followReferrals, getControl, getControlList, getControls, getIntermediateResponseListener, getReferralConnector, getReferralConnectorInternal, getReferralDepth, getResponseTimeoutMillis, hasControl, hasControl, setFollowReferrals, setIntermediateResponseListener, setReferralConnector, setReferralDepth, setResponseTimeoutMillis, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

GENERATE_PASSWORD_REQUEST_OID

@NotNull
public static final java.lang.String GENERATE_PASSWORD_REQUEST_OID

The OID (1.3.6.1.4.1.30221.2.6.62) for the generate password extended request.

See Also:

Constant Field Values

Constructor Detail

GeneratePasswordExtendedRequest

public GeneratePasswordExtendedRequest(@Nullable
                                       Control... controls)

Creates a new generate password extended request with all the default settings.

Parameters:

controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.

GeneratePasswordExtendedRequest

public GeneratePasswordExtendedRequest(@NotNull
                                       ExtendedRequest request)
                                throws LDAPException

Creates a new generate password extended request that is decoded from the provided generic request.

Parameters:

request - The extended request to be decoded as a generate password extended request. It must not be null.

Throws:

LDAPException - If the provided extended request cannot be decoded as a generate password request.

Method Detail

createDefaultPolicyRequest

@NotNull
public static GeneratePasswordExtendedRequest createDefaultPolicyRequest(int numberOfPasswords,
                                                                                  int numberOfValidationAttempts,
                                                                                  @Nullable
                                                                                  Control... controls)

Creates a generate password extended request that will use the default password policy (as defined in the server configuration) to determine which password generator and validators should be used.

Parameters:

numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.

numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.

controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.

Returns:

The generate password extended request that was created.

createPasswordPolicyDNRequest

@NotNull
public static GeneratePasswordExtendedRequest createPasswordPolicyDNRequest(@NotNull
                                                                                     java.lang.String passwordPolicyDN,
                                                                                     int numberOfPasswords,
                                                                                     int numberOfValidationAttempts,
                                                                                     @Nullable
                                                                                     Control... controls)

Creates a generate password extended request that will use the password policy defined in the entry with the specified DN to determine which password generator and validators should be used.

Parameters:

passwordPolicyDN - The DN of the entry that defines the password policy to use to determine which password generator and validators should be used. It must not be null.

numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.

numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.

controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.

Returns:

The generate password extended request that was created.

createTargetEntryDNRequest

@NotNull
public static GeneratePasswordExtendedRequest createTargetEntryDNRequest(@NotNull
                                                                                  java.lang.String targetEntryDN,
                                                                                  int numberOfPasswords,
                                                                                  int numberOfValidationAttempts,
                                                                                  @Nullable
                                                                                  Control... controls)

Creates a generate password extended request that will use the password policy that governs the specified entry to determine which password generator and validators should be used. If the target entry does not exist, then the server will generate a stub of an entry and compute virtual attributes for that entry to account for the possibility that the password policy may be specified using a virtual attribute.

Parameters:

targetEntryDN - The DN of the entry whose governing password policy should be used. It must not be null.

numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.

numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.

controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.

Returns:

The generate password extended request that was created.

getPasswordPolicySelectionType

@NotNull
public GeneratePasswordPolicySelectionType getPasswordPolicySelectionType()

Retrieves the password policy selection type for this request.

Returns:

The password policy selection type for this request.

getPasswordPolicyDN

@Nullable
public java.lang.String getPasswordPolicyDN()

Retrieves the DN of the entry that defines the password policy that should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.PASSWORD_POLICY_DN password policy selection type.

Returns:

The DN of the entry that defines the password policy that should be used when generating and validating the passwords, or null if the password policy selection type is anything other than PASSWORD_POLICY_DN.

getTargetEntryDN

@Nullable
public java.lang.String getTargetEntryDN()

Retrieves the DN of the target entry whose governing password policy should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.TARGET_ENTRY_DN password policy selection type.

Returns:

The DN of the target entry whose governing password policy should be used when generating and validating the passwords, or null if the password policy selection type is anything other than TARGET_ENTRY_DN.

getNumberOfPasswords

public int getNumberOfPasswords()

Retrieves the number of passwords that the client wants the server to generate. Note that the server may choose to generate fewer passwords than this, based on its configuration.

Returns:

The number of passwords that the client wants the server to generate.

getNumberOfValidationAttempts

public int getNumberOfValidationAttempts()

Retrieves the number of maximum number of attempts that the client wants the server to make when generating each password in the hope that the generated password will satisfy the validation criteria specified in the associated password policy. Note that the server may choose to make fewer validation attempts than this, based on its configuration.

Returns:

The number maximum number of validation attempts that the client wants the server to make, or zero if the server should not attempt to validate the generated passwords.

process

@NotNull
protected GeneratePasswordExtendedResult process(@NotNull
                                                          LDAPConnection connection,
                                                          int depth)
                                                   throws LDAPException

Sends this extended request to the directory server over the provided connection and returns the associated response.

Overrides:

process in class ExtendedRequest

Parameters:

connection - The connection to use to communicate with the directory server.

depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.

Returns:

An LDAP result object that provides information about the result of the extended operation processing.

Throws:

LDAPException - If a problem occurs while sending the request or reading the response.

duplicate

@NotNull
public GeneratePasswordExtendedRequest duplicate()

Creates a new instance of this LDAP request that may be modified without impacting this request.. Subclasses should override this method to return a duplicate of the appropriate type.

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

duplicate

@NotNull
public GeneratePasswordExtendedRequest duplicate(@Nullable
                                                          Control[] controls)

Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.

Specified by:

duplicate in interface ReadOnlyLDAPRequest

Overrides:

duplicate in class ExtendedRequest

Parameters:

controls - The set of controls to include in the duplicate request.

Returns:

A new instance of this LDAP request that may be modified without impacting this request.

getExtendedRequestName

@NotNull
public java.lang.String getExtendedRequestName()

Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.

Overrides:

getExtendedRequestName in class ExtendedRequest

Returns:

The user-friendly name for this extended request, or the OID if no user-friendly name is available.

toString

public void toString(@NotNull
                     java.lang.StringBuilder buffer)

Appends a string representation of this request to the provided buffer.

Specified by:

toString in interface ProtocolOp

Specified by:

toString in interface ReadOnlyLDAPRequest

Overrides:

toString in class ExtendedRequest

Parameters:

buffer - The buffer to which to append a string representation of this request.