Class PasswordPolicyStateJSON
- java.lang.Object
-
- com.unboundid.ldap.sdk.unboundidds.PasswordPolicyStateJSON
-
- All Implemented Interfaces:
java.io.Serializable
@NotMutable @ThreadSafety(level=COMPLETELY_THREADSAFE) public final class PasswordPolicyStateJSON extends java.lang.Object implements java.io.Serializable
This class provides support for reading and decoding the value of theds-pwp-state-json
virtual attribute, which holds information about a user's password policy state.
NOTE: This class, and other classes within the
com.unboundid.ldap.sdk.unboundidds
package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
PASSWORD_POLICY_STATE_JSON_ATTRIBUTE
The name of the operational attribute that holds a JSON representation of a user's password policy state.
-
Constructor Summary
Constructors Constructor Description PasswordPolicyStateJSON(JSONObject passwordPolicyStateObject)
Creates a new instance of this object from the provided JSON object.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static PasswordPolicyStateJSON
get(Entry userEntry)
Attempts to retrieve and decode the password policy state information from the provided user entry.static PasswordPolicyStateJSON
get(LDAPInterface connection, java.lang.String userDN)
Attempts to retrieve and decode the password policy state information for the specified user.java.util.Date
getAccountActivationTime()
Retrieves the time that the user's account became (or will become) active.java.util.Date
getAccountExpirationTime()
Retrieves the time that the user's account will (or did) expire.java.lang.Boolean
getAccountIsDisabled()
Retrieves the value of a flag that indicates whether the user's account has been administratively disabled.java.lang.Boolean
getAccountIsExpired()
Retrieves the value of a flag that indicates whether the user's account is expired.java.lang.Boolean
getAccountIsFailureLocked()
Retrieves the value of a flag that indicates whether the user account is currently locked as a result of too many failed authentication attempts.java.lang.Boolean
getAccountIsIdleLocked()
Retrieves the value of a flag that indicates whether the user's account is currently locked because it has been too long since they last authenticated to the server.java.lang.Boolean
getAccountIsNotYetActive()
Retrieves the value of a flag that indicates whether the user's account is not yet active because it has an activation time that is in the future.java.lang.Boolean
getAccountIsResetLocked()
Retrieves the value of a flag that indicates whether the user's account is locked because they failed to choose a new password in a timely manner after an administrative reset.java.lang.Boolean
getAccountIsUsable()
Retrieves the value of a flag that indicates whether the user's account is in a state that the server considers usable.java.lang.Boolean
getAccountIsValidationLocked()
Retrieves the value of a flag that indicates whether the user account is currently locked because it contains a password that does not satisfy all of the configured password validators.java.util.List<PasswordPolicyStateAccountUsabilityError>
getAccountUsabilityErrors()
Retrieves a list of information about any error conditions that may affect usability of the user's account.java.util.List<PasswordPolicyStateAccountUsabilityNotice>
getAccountUsabilityNotices()
Retrieves a list of information about any notices related to the usability of the user's account.java.util.List<PasswordPolicyStateAccountUsabilityWarning>
getAccountUsabilityWarnings()
Retrieves a list of information about any warning conditions that may soon affect usability of the user's account.java.util.List<PasswordQualityRequirement>
getAddPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied for passwords included in new entries that are added using the same password policy as the associated entry.java.util.List<PasswordQualityRequirement>
getAdministrativeResetPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when an administrator attempts to change the user's password.java.util.List<java.util.Date>
getAuthenticationFailureTimes()
Retrieves a list of the outstanding authentication failure times for the user account.java.util.List<java.lang.String>
getAvailableOTPDeliveryMechanisms()
Retrieves a list of the names of the OTP delivery mechanisms that the user can use to receive one-time passwords, password reset tokens, and single-use tokens.java.util.List<java.lang.String>
getAvailableSASLMechanisms()
Retrieves a list of the names of the SASL mechanisms that the user can use to authenticate.java.util.List<PasswordQualityRequirement>
getBindPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when the associated user authenticates in a manner that makes the clear-text password available to the server.java.lang.String
getBindPasswordValidationFailureAction()
Retrieves the name of the action that the server should take if the password provided during a bind operation fails to satisfy one or more password validators.java.lang.Integer
getCurrentAuthenticationFailureCount()
Retrieves the current number of failed authentication attempts for the user account.java.lang.Integer
getCurrentPasswordHistoryCount()
Retrieves the number of passwords currently held in the user's password history.java.lang.Boolean
getExpirePasswordsWithoutWarning()
Retrieves the value of a flag that indicates whether the server will allow a user's password to expire even if they have not yet received any warnings about an upcoming expiration.java.lang.Integer
getFailureLockoutCount()
Retrieves the number of consecutive failed authentication attempts that are required to lock the user's account.java.lang.Integer
getFailureLockoutDurationSeconds()
Retrieves the length of time in seconds that a user's account will be locked after too many failed authentication attempts.java.util.Date
getFailureLockoutExpirationTime()
Retrieves the time that the user's failure-locked account will be automatically unlocked.java.util.Date
getFailureLockoutTime()
Retrieves the time that the user's account was locked as a result of too many failed authentication attempts.java.lang.Boolean
getForceChangeOnAdd()
Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their account is created.java.lang.Boolean
getForceChangeOnReset()
Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their password has been reset by an administrator.java.util.List<java.util.Date>
getGraceLoginUseTimes()
Retrieves a list of the times that the user has used a grace login to authenticate.java.lang.Boolean
getHasRegisteredYubiKeyOTPDevice()
Retrieves the value of a flag that indicates whether the user account has at least one registered YubiKey OTP device that can be used to authenticate via the UNBOUNDID-YUBIKEY-OTP SASL mechanism.java.lang.Boolean
getHasRetiredPassword()
Retrieves the value of a flag that indicates whether the user account has a retired former password that may still be used to authenticate.java.lang.Boolean
getHasStaticPassword()
Retrieves the value of a flag that indicates whether the user's account contains at least one static password.java.lang.Boolean
getHasTOTPSharedSecret()
Retrieves the value of a flag that indicates whether the user account has at least one TOTP shared secret that can be used to authenticate with time-based one-time passwords via the UNBOUNDID-TOTP SASL mechanism.java.lang.Integer
getIdleLockoutIntervalSeconds()
Retrieves the maximum length of time in seconds that can elapse between successful authentications before the user's account is locked.java.util.Date
getIdleLockoutTime()
Retrieves the time that the user's account will be (or was) locked for allowing too much time to elapse between successful authentications.java.lang.Boolean
getIsWithinMinimumPasswordAge()
Indicates whether the user is currently prohibited from changing their password because not enough time has elapsed since they last changed their password.java.util.Date
getLastBindPasswordValidationTime()
Retrieves the time that the server last invoked password validators during a bind operation for the user.java.lang.String
getLastLoginIPAddress()
Retrieves the IP address of the client from which the user last successfully authenticated.java.util.Date
getLastLoginTime()
Retrieves the time that the user last successfully authenticated to the server.java.lang.Integer
getMaximumGraceLoginCount()
Retrieves the maximum number of grace login attempts that the user will have to allow them to change an expired password.java.lang.Integer
getMaximumPasswordAgeSeconds()
Retrieves the maximum length of time in seconds after a password change that the user is allowed to keep using that password.java.lang.Integer
getMaximumPasswordHistoryCount()
Retrieves the maximum number of passwords that the server will maintain in the user's password history.java.lang.Integer
getMaximumPasswordHistoryDurationSeconds()
Retrieves the maximum length of time in seconds that the server will maintain passwords in the user's password history.java.lang.Integer
getMaximumPasswordResetAgeSeconds()
Retrieves the maximum length of time in seconds that a user has to change their password after an administrative reset before their account will be locked.java.lang.Integer
getMaximumRecentLoginHistoryFailedAuthenticationCount()
Retrieves the maximum number of recent failed login attempts the server should maintain for a user.java.lang.Integer
getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds()
Retrieves the maximum age in seconds of recent failed login attempts the server should maintain for a user.java.lang.Integer
getMaximumRecentLoginHistorySuccessfulAuthenticationCount()
Retrieves the maximum number of recent successful login attempts the server should maintain for a user.java.lang.Integer
getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds()
Retrieves the maximum age in seconds of recent successful login attempts the server should maintain for a user.java.lang.Integer
getMinimumBindPasswordValidationFrequencySeconds()
Retrieves the minimum length of time in seconds that should pass between invocations of password validators during a bind operation for the user.java.util.Date
getMinimumPasswordAgeExpirationTime()
Retrieves the earliest time that the user will be permitted to change their password as a result of the minimum password age.java.lang.Integer
getMinimumPasswordAgeSeconds()
Retrieves the minimum length of time in seconds that must elapse after a user changes their password before they will be permitted to change it again.java.lang.Boolean
getMustChangePassword()
Retrieves the value of a flag that indicates whether the user must change their password before they will be allowed to perform any other operations in the server.java.util.Map<java.lang.String,java.util.List<java.lang.String>>
getNonCurrentPasswordStorageSchemeSettingsExplanations()
Retrieves a map with information about the reasons that a password may not be encoded with the current settings for the associated password storage scheme.java.util.Date
getPasswordChangedTime()
Retrieves the time that the user's password was last changed.java.util.Date
getPasswordExpirationTime()
Retrieves the time that the user's password will (or did) expire.java.lang.Integer
getPasswordExpirationWarningIntervalSeconds()
Retrieves the length of time in seconds before an upcoming password expiration that the user will be eligible to start receving warnings about that expiration.java.lang.Boolean
getPasswordExpirationWarningIssued()
Retrieves the value of a flag that indicates whether the user has received at least one warning about an upcoming password expiration.java.util.Date
getPasswordExpirationWarningTime()
Retrieves the time that the user will be eligible to receive (or the time that the user first received) a warning about an upcoming password expiration.java.lang.Boolean
getPasswordIsExpired()
Retrieves the value of a flag that indicates whether the user's password is expired.java.lang.String
getPasswordPolicyDN()
Retrieves the DN of the entry that defines the password policy that governs the associated user.JSONObject
getPasswordPolicyStateJSONObject()
Retrieves the JSON object that contains the encoded password policy state information.RecentLoginHistory
getRecentLoginHistory()
Retrieves the recent login history for the user.java.lang.Integer
getRemainingAuthenticationFailureCount()
Retrieves the remaining number of failed authentication attempts required to lock the user account.java.lang.Integer
getRemainingGraceLoginCount()
Retrieves the remaining number of grace logins for the user.java.lang.Boolean
getRequireSecureAuthentication()
Retrieves the value of a flag that indicates whether the user will be required to authenticate in a secure manner that does not reveal their credentials to an observer.java.lang.Boolean
getRequireSecurePasswordChanges()
Retrieves the value of a flag that indicates whether the user will be required to change their password in a secure manner that does not reveal their credentials to an observer.java.util.Date
getResetLockoutTime()
Retrieves the time that the user's account will be (or was) locked after failing to choose a new password in a timely manner after an administrative reset.java.util.Date
getRetiredPasswordExpirationTime()
Retrieves the time that the user's retired password will expire and can no longer be used to authenticate.java.lang.Integer
getSecondsRemainingInFailureLockout()
Retrieves the length of time in seconds remaining until the user's failure-locked account will be automatically unlocked.java.lang.Integer
getSecondsRemainingInMinimumPasswordAge()
Retrieves the length of time in seconds remaining until the user will be permitted to change their password as a result of the minimum password age.java.lang.Integer
getSecondsSinceAccountActivation()
Retrieves the length of time in seconds since the user's account became active.java.lang.Integer
getSecondsSinceAccountExpiration()
Retrieves the length of time in seconds since the user's account expired.java.lang.Integer
getSecondsSinceIdleLockout()
Retrieves the length of time in seconds since the user's account was locked for allowing too much time to elapse between successful authentications.java.lang.Integer
getSecondsSinceLastBindPasswordValidation()
Retrieves the length of time in seconds that has passed since the server last invoked password validators during a bind operation for the user.java.lang.Integer
getSecondsSinceLastLogin()
Retrieves the length of time in seconds since the user last successfully authenticated to the server.java.lang.Integer
getSecondsSincePasswordChange()
Retrieves the length of time in seconds that has passed since the user's password was last changed.java.lang.Integer
getSecondsSincePasswordExpiration()
Retrieves the length of time in seconds since the user's password expired.java.lang.Integer
getSecondsSincePasswordExpirationWarning()
Retrieves the length of time in seconds since the user received the first warning about an upcoming password expiration.java.lang.Integer
getSecondsUntilAccountActivation()
Retrieves the length of time in seconds until the user's account will become active.java.lang.Integer
getSecondsUntilAccountExpiration()
Retrieves the length of time in seconds until the user's account will expire.java.lang.Integer
getSecondsUntilIdleLockout()
Retrieves the length of time in seconds until the user's account will be locked for allowing too much time to elapse between successful authentications.java.lang.Integer
getSecondsUntilPasswordExpiration()
Retrieves the length of time in seconds until the user's password will expire.java.lang.Integer
getSecondsUntilPasswordExpirationWarning()
Retrieves the length of time in seconds until the user will be eligible to receive a warning about an upcoming password expiration.java.lang.Integer
getSecondsUntilResetLockout()
Retrieves the length of time in seconds until the user's account will be locked for failing to choose a new password after an administrative reset.java.lang.Integer
getSecondsUntilRetiredPasswordExpiration()
Retrieves the length of time in seconds remaining until the user's retired password expires and can no longer be used to authenticate.java.util.List<PasswordQualityRequirement>
getSelfChangePasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when the associated user attempts to change their own password.java.lang.Integer
getUsedGraceLoginCount()
Retrieves the number of grace logins that the user has currently used.java.lang.Boolean
hasPasswordEncodedWithNonCurrentSettings()
Indicates whether the user has a static password that is encoded with settings that don't match the current configuration for the associated password storage scheme.java.lang.String
toString()
Retrieves a string representation of the password policy state information.
-
-
-
Field Detail
-
PASSWORD_POLICY_STATE_JSON_ATTRIBUTE
@NotNull public static final java.lang.String PASSWORD_POLICY_STATE_JSON_ATTRIBUTE
The name of the operational attribute that holds a JSON representation of a user's password policy state.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
PasswordPolicyStateJSON
public PasswordPolicyStateJSON(@NotNull JSONObject passwordPolicyStateObject)
Creates a new instance of this object from the provided JSON object.- Parameters:
passwordPolicyStateObject
- The JSON object containing the encoded password policy state.
-
-
Method Detail
-
get
@Nullable public static PasswordPolicyStateJSON get(@NotNull LDAPInterface connection, @NotNull java.lang.String userDN) throws LDAPException
Attempts to retrieve and decode the password policy state information for the specified user.- Parameters:
connection
- The connection to use to communicate with the server. It must not benull
, and it must be established and authenticated as an account with permission to access the target user's password policy state information.userDN
- The DN of the user for whom to retrieve the password policy state. It must not benull
.- Returns:
- The password policy state information for the specified user, or
null
because no password policy state information is available for the user. - Throws:
LDAPException
- If a problem is encountered while trying to retrieve the user's entry or decode the password policy state JSON object.
-
get
@Nullable public static PasswordPolicyStateJSON get(@NotNull Entry userEntry) throws LDAPException
Attempts to retrieve and decode the password policy state information from the provided user entry.- Parameters:
userEntry
- The entry for the user for whom to obtain the password policy state information. It must not benull
.- Returns:
- The password policy state information from the provided user
entry, or
null
if no password policy state information is available for the user. - Throws:
LDAPException
- If a problem is encountered while trying to decode the password policy state JSON object.
-
getPasswordPolicyStateJSONObject
@NotNull public JSONObject getPasswordPolicyStateJSONObject()
Retrieves the JSON object that contains the encoded password policy state information.- Returns:
- The JSON object that contains the encoded password policy state information.
-
getPasswordPolicyDN
@Nullable public java.lang.String getPasswordPolicyDN()
Retrieves the DN of the entry that defines the password policy that governs the associated user.- Returns:
- The DN of the entry that defines hte password policy that governs
the associated user, or
null
if this was not included in the password policy state JSON object.
-
getAccountIsUsable
@Nullable public java.lang.Boolean getAccountIsUsable()
Retrieves the value of a flag that indicates whether the user's account is in a state that the server considers usable.- Returns:
Boolean.TRUE
if the account is in a usable state,Boolean.FALSE
if the account is not in a usable state, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountUsabilityErrors
@NotNull public java.util.List<PasswordPolicyStateAccountUsabilityError> getAccountUsabilityErrors()
Retrieves a list of information about any error conditions that may affect usability of the user's account.- Returns:
- A list of information about any error conditions that may affect the usability of the user's account. The returned list may be empty if there are no account usability errors or if this was not included in the password policy state JSON object.
-
getAccountUsabilityWarnings
@NotNull public java.util.List<PasswordPolicyStateAccountUsabilityWarning> getAccountUsabilityWarnings()
Retrieves a list of information about any warning conditions that may soon affect usability of the user's account.- Returns:
- A list of information about any warning conditions that may soon affect the usability of the user's account. The returned list may be empty if there are no account usability warnings or if this was not included in the password policy state JSON object.
-
getAccountUsabilityNotices
@NotNull public java.util.List<PasswordPolicyStateAccountUsabilityNotice> getAccountUsabilityNotices()
Retrieves a list of information about any notices related to the usability of the user's account.- Returns:
- A list of information about any notices related to the usability of the user's account. The returned list may be empty if there are no account usability notices or if this was not included in the password policy state JSON object.
-
getHasStaticPassword
@Nullable public java.lang.Boolean getHasStaticPassword()
Retrieves the value of a flag that indicates whether the user's account contains at least one static password.- Returns:
Boolean.TRUE
if the account has at least one static password,Boolean.FALSE
if the account does not have any static password, ornull
if this flag was not included in the password policy state JSON object.
-
getPasswordChangedTime
@Nullable public java.util.Date getPasswordChangedTime()
Retrieves the time that the user's password was last changed.- Returns:
- The time that the user's password was last changed, or
null
if this was not included in the password policy state JSON object.
-
getSecondsSincePasswordChange
@Nullable public java.lang.Integer getSecondsSincePasswordChange()
Retrieves the length of time in seconds that has passed since the user's password was last changed.- Returns:
- The length of time in seconds that has passed since the user's
password was last changed, or
null
if this was not included in the password policy state JSON object.
-
getAccountIsDisabled
@Nullable public java.lang.Boolean getAccountIsDisabled()
Retrieves the value of a flag that indicates whether the user's account has been administratively disabled.- Returns:
Boolean.TRUE
if the account has been administratively disabled,Boolean.FALSE
if the account has not been administratively disabled, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountIsNotYetActive
@Nullable public java.lang.Boolean getAccountIsNotYetActive()
Retrieves the value of a flag that indicates whether the user's account is not yet active because it has an activation time that is in the future.- Returns:
Boolean.TRUE
if the account is not yet active,Boolean.FALSE
if the account either does not have an activation time or if that time has already passed, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountActivationTime
@Nullable public java.util.Date getAccountActivationTime()
Retrieves the time that the user's account became (or will become) active.- Returns:
- The time that the user's account became (or will become) active,
or
null
if this was not included in the password policy state JSON object.
-
getSecondsUntilAccountActivation
@Nullable public java.lang.Integer getSecondsUntilAccountActivation()
Retrieves the length of time in seconds until the user's account will become active.- Returns:
- The length of time in seconds until the user's account will become
active, or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have an activation time in the future).
-
getSecondsSinceAccountActivation
@Nullable public java.lang.Integer getSecondsSinceAccountActivation()
Retrieves the length of time in seconds since the user's account became active.- Returns:
- The length of time in seconds since the user's account became
active, or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have an activation time in the past).
-
getAccountIsExpired
@Nullable public java.lang.Boolean getAccountIsExpired()
Retrieves the value of a flag that indicates whether the user's account is expired.- Returns:
Boolean.TRUE
if the account is expired,Boolean.FALSE
if the account is not expired, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountExpirationTime
@Nullable public java.util.Date getAccountExpirationTime()
Retrieves the time that the user's account will (or did) expire.- Returns:
- The time that the user's account will (or did) expire, or
null
if this was not included in the password policy state JSON object.
-
getSecondsUntilAccountExpiration
@Nullable public java.lang.Integer getSecondsUntilAccountExpiration()
Retrieves the length of time in seconds until the user's account will expire.- Returns:
- The length of time in seconds until the user's account will
expire, or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have an expiration time in the future).
-
getSecondsSinceAccountExpiration
@Nullable public java.lang.Integer getSecondsSinceAccountExpiration()
Retrieves the length of time in seconds since the user's account expired.- Returns:
- The length of time in seconds since the user's account expired,
or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have an expiration time in the past).
-
getPasswordIsExpired
@Nullable public java.lang.Boolean getPasswordIsExpired()
Retrieves the value of a flag that indicates whether the user's password is expired.- Returns:
Boolean.TRUE
if the password is expired,Boolean.FALSE
if the password is not expired, ornull
if this flag was not included in the password policy state JSON object.
-
getMaximumPasswordAgeSeconds
@Nullable public java.lang.Integer getMaximumPasswordAgeSeconds()
Retrieves the maximum length of time in seconds after a password change that the user is allowed to keep using that password.- Returns:
- The maximum length of time in seconds after a password change that
the user is allowed to keep using that password, or
null
if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getPasswordExpirationTime
@Nullable public java.util.Date getPasswordExpirationTime()
Retrieves the time that the user's password will (or did) expire.- Returns:
- The time that the user's password will (or did) expire, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getSecondsUntilPasswordExpiration
@Nullable public java.lang.Integer getSecondsUntilPasswordExpiration()
Retrieves the length of time in seconds until the user's password will expire.- Returns:
- The length of time in seconds until the user's password will
expire, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user's password is already expired).
-
getSecondsSincePasswordExpiration
@Nullable public java.lang.Integer getSecondsSincePasswordExpiration()
Retrieves the length of time in seconds since the user's password expired.- Returns:
- The length of time in seconds since the user's password expired,
or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user's password is not expired).
-
getPasswordExpirationWarningIntervalSeconds
@Nullable public java.lang.Integer getPasswordExpirationWarningIntervalSeconds()
Retrieves the length of time in seconds before an upcoming password expiration that the user will be eligible to start receving warnings about that expiration.- Returns:
- The length of time in seconds before an upcoming password
expiration that the user will be eligible to start receiving
messages about that expiration, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getExpirePasswordsWithoutWarning
@Nullable public java.lang.Boolean getExpirePasswordsWithoutWarning()
Retrieves the value of a flag that indicates whether the server will allow a user's password to expire even if they have not yet received any warnings about an upcoming expiration.- Returns:
Boolean.TRUE
if the server will allow a user's password to expire even if they have not been warned about an upcoming expiration,Boolean.FALSE
if the server will ensure that the user receives at least one warning before expiring the password, ornull
if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getPasswordExpirationWarningIssued
@Nullable public java.lang.Boolean getPasswordExpirationWarningIssued()
Retrieves the value of a flag that indicates whether the user has received at least one warning about an upcoming password expiration.- Returns:
Boolean.TRUE
if the user has received at least one warning about an upcoming password expiration,Boolean.FALSE
if the user has not been warned about an upcoming password expiration, ornull
if this flag was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getPasswordExpirationWarningTime
@Nullable public java.util.Date getPasswordExpirationWarningTime()
Retrieves the time that the user will be eligible to receive (or the time that the user first received) a warning about an upcoming password expiration.- Returns:
- The time that the user will be eligible to receive (or the time
that the user first received) a warning about an upcoming password
expiration, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user).
-
getSecondsUntilPasswordExpirationWarning
@Nullable public java.lang.Integer getSecondsUntilPasswordExpirationWarning()
Retrieves the length of time in seconds until the user will be eligible to receive a warning about an upcoming password expiration.- Returns:
- The length of time in seconds until the user will be eligible to
receive a warning about an upcoming password expiration, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user has already been warned about an upcoming expiration).
-
getSecondsSincePasswordExpirationWarning
@Nullable public java.lang.Integer getSecondsSincePasswordExpirationWarning()
Retrieves the length of time in seconds since the user received the first warning about an upcoming password expiration.- Returns:
- The length of time in seconds since the user received the first
warning about an upcoming password expiration, or
null
if this was not included in the password policy state JSON object (e.g., because password expiration is not configured in the password policy that governs the user, or because the user has not yet been warned about an upcoming expiration).
-
getAccountIsFailureLocked
@Nullable public java.lang.Boolean getAccountIsFailureLocked()
Retrieves the value of a flag that indicates whether the user account is currently locked as a result of too many failed authentication attempts.- Returns:
Boolean.TRUE
if the user account is locked as a result of too many failed authentication attempts,Boolean.FALSE
if the user account is not locked because of too many failed authentication attempts, ornull
if this flag was not included in the password policy state JSON object.
-
getFailureLockoutCount
@Nullable public java.lang.Integer getFailureLockoutCount()
Retrieves the number of consecutive failed authentication attempts that are required to lock the user's account.- Returns:
- The number of consecutive failed authentication attempts that are
required to lock the user's account, or
null
if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).
-
getCurrentAuthenticationFailureCount
@Nullable public java.lang.Integer getCurrentAuthenticationFailureCount()
Retrieves the current number of failed authentication attempts for the user account.- Returns:
- The current number of failed authentication attempts for the user
account, or
null
if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).
-
getRemainingAuthenticationFailureCount
@Nullable public java.lang.Integer getRemainingAuthenticationFailureCount()
Retrieves the remaining number of failed authentication attempts required to lock the user account.- Returns:
- The remaining number of failed authentication attempts required to
lock the user account, or
null
if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).
-
getAuthenticationFailureTimes
@NotNull public java.util.List<java.util.Date> getAuthenticationFailureTimes()
Retrieves a list of the outstanding authentication failure times for the user account.- Returns:
- A list of the outstanding authentication failure times for the user account, or an empty list if there are no outstanding authentication failures or if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user).
-
getFailureLockoutTime
@Nullable public java.util.Date getFailureLockoutTime()
Retrieves the time that the user's account was locked as a result of too many failed authentication attempts.- Returns:
- The time that the user's account was locked as a result of too
many failed authentication attempts, or
null
if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked).
-
getFailureLockoutDurationSeconds
@Nullable public java.lang.Integer getFailureLockoutDurationSeconds()
Retrieves the length of time in seconds that a user's account will be locked after too many failed authentication attempts.- Returns:
- The length of time in seconds that a user's account will be
locked after too many failed authentication attempts, or
null
if this was not included in the password policy state JSON object (e.g., because account lockout is not configured in the password policy that governs the user, or because account lockout is not temporary).
-
getFailureLockoutExpirationTime
@Nullable public java.util.Date getFailureLockoutExpirationTime()
Retrieves the time that the user's failure-locked account will be automatically unlocked.- Returns:
- The time that the user's failure-locked account will be
automatically unlocked, or
null
if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked, or because the lockout is not temporary).
-
getSecondsRemainingInFailureLockout
@Nullable public java.lang.Integer getSecondsRemainingInFailureLockout()
Retrieves the length of time in seconds remaining until the user's failure-locked account will be automatically unlocked.- Returns:
- The length of time in seconds remaining until the user's
failure-locked account will be automatically unlocked, or
null
if this was not included in the password policy state JSON object (e.g., because the user's account is not failure locked, or because the lockout is not temporary).
-
getLastLoginTime
@Nullable public java.util.Date getLastLoginTime()
Retrieves the time that the user last successfully authenticated to the server.- Returns:
- The time that the user last successfully authenticated to the
server, or
null
if this was not included in the password policy state JSON object (e.g., because last login time tracking is not configured in the password policy that governs the user).
-
getSecondsSinceLastLogin
@Nullable public java.lang.Integer getSecondsSinceLastLogin()
Retrieves the length of time in seconds since the user last successfully authenticated to the server.- Returns:
- The length of time in seconds since the user last successfully
authenticated to the server, or
null
if this was not included in the password policy state JSON object (e.g., because last login time tracking is not configured in the password policy that governs the user).
-
getLastLoginIPAddress
@Nullable public java.lang.String getLastLoginIPAddress()
Retrieves the IP address of the client from which the user last successfully authenticated.- Returns:
- The IP address of the client from which the user last successfully
authenticated, or
null
if this was not included in the password policy state JSON object (e.g., because last login IP address tracking is not configured in the password policy that governs the user).
-
getAccountIsIdleLocked
@Nullable public java.lang.Boolean getAccountIsIdleLocked()
Retrieves the value of a flag that indicates whether the user's account is currently locked because it has been too long since they last authenticated to the server.- Returns:
Boolean.TRUE
if the user's account is currently idle-locked,Boolean.FALSE
if the user's account is not currently idle-locked, ornull
if this flag was not included in the password policy state JSON object.
-
getIdleLockoutIntervalSeconds
@Nullable public java.lang.Integer getIdleLockoutIntervalSeconds()
Retrieves the maximum length of time in seconds that can elapse between successful authentications before the user's account is locked.- Returns:
- The maximum length of time in seconds that can elapse between
successful authentications before the user's account is locked, or
null
if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user).
-
getIdleLockoutTime
@Nullable public java.util.Date getIdleLockoutTime()
Retrieves the time that the user's account will be (or was) locked for allowing too much time to elapse between successful authentications.- Returns:
- The time that the user's account will be (or was) locked for
allowing too much time to elapse between successful
authentications, or
null
if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user).
-
getSecondsUntilIdleLockout
@Nullable public java.lang.Integer getSecondsUntilIdleLockout()
Retrieves the length of time in seconds until the user's account will be locked for allowing too much time to elapse between successful authentications.- Returns:
- The length of time in seconds until the user's account will be
locked for allowing too much time to elapse between successful
authentication, or
null
if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user, or because the user's account is already idle-locked).
-
getSecondsSinceIdleLockout
@Nullable public java.lang.Integer getSecondsSinceIdleLockout()
Retrieves the length of time in seconds since the user's account was locked for allowing too much time to elapse between successful authentications.- Returns:
- The length of time in seconds since the user's account was locked
for allowing too much time to elapse between successful
authentication, or
null
if this was not included in the password policy state JSON object (e.g., because idle lockout is not configured in the password policy that governs the user, or because the user's account is not idle-locked).
-
getMustChangePassword
@Nullable public java.lang.Boolean getMustChangePassword()
Retrieves the value of a flag that indicates whether the user must change their password before they will be allowed to perform any other operations in the server.- Returns:
Boolean.TRUE
if the user must change their password before they will be allowed to perform any other operations in the server,Boolean.FALSE
if the user is not required to change their password, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountIsResetLocked
@Nullable public java.lang.Boolean getAccountIsResetLocked()
Retrieves the value of a flag that indicates whether the user's account is locked because they failed to choose a new password in a timely manner after an administrative reset.- Returns:
Boolean.TRUE
if the user's account is currently reset-locked,Boolean.FALSE
if the user's account is not reset-locked, ornull
if this flag was not included in the password policy state JSON object.
-
getForceChangeOnAdd
@Nullable public java.lang.Boolean getForceChangeOnAdd()
Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their account is created.- Returns:
Boolean.TRUE
if users are required to choose a new password the first time they authenticate after their account is created,Boolean.FALSE
if users are not required to choose a new password after their account is created, ornull
if this flag was not included in the password policy state JSON object.
-
getForceChangeOnReset
@Nullable public java.lang.Boolean getForceChangeOnReset()
Retrieves the value of a flag that indicates whether the password policy that governs the user is configured to require users to choose a new password the first time they authenticate after their password has been reset by an administrator.- Returns:
Boolean.TRUE
if users are required to choose a new password the first time they authenticate after their password is reset,Boolean.FALSE
if users are not required to choose a new password after their password is reset, ornull
if this flag was not included in the password policy state JSON object.
-
getMaximumPasswordResetAgeSeconds
@Nullable public java.lang.Integer getMaximumPasswordResetAgeSeconds()
Retrieves the maximum length of time in seconds that a user has to change their password after an administrative reset before their account will be locked.- Returns:
- The maximum length of time in seconds that a user has to change
their password after an administrative reset before their account
will be locked, or
null
if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user).
-
getResetLockoutTime
@Nullable public java.util.Date getResetLockoutTime()
Retrieves the time that the user's account will be (or was) locked after failing to choose a new password in a timely manner after an administrative reset.- Returns:
- The time that the user's account will be (or wa) locked after
failing to choose a new password in a timely manner after an
administrative reset, or
null
if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user, or because the user's password has not been reset).
-
getSecondsUntilResetLockout
@Nullable public java.lang.Integer getSecondsUntilResetLockout()
Retrieves the length of time in seconds until the user's account will be locked for failing to choose a new password after an administrative reset.- Returns:
- The length of time in seconds until the user's account will be
locked for failing to choose a new password after an
administrative reset, or
null
if this was not included in the password policy state JSON object (e.g., because reset lockout is not configured in the password policy that governs the user, because the user's password has not been reset, or because the user's account is already reset-locked).
-
getMaximumPasswordHistoryCount
@Nullable public java.lang.Integer getMaximumPasswordHistoryCount()
Retrieves the maximum number of passwords that the server will maintain in the user's password history.- Returns:
- The maximum number of passwords that the server will maintain in
the user's password history, or
null
if this was not included in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history, or because it maintains a password history based on a duration rather than a count).
-
getMaximumPasswordHistoryDurationSeconds
@Nullable public java.lang.Integer getMaximumPasswordHistoryDurationSeconds()
Retrieves the maximum length of time in seconds that the server will maintain passwords in the user's password history.- Returns:
- The maximum length of time in seconds that the server will
maintain passwords in the user's password history, or
null
if this was not included in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history, or because it maintains a password history based on a count rather than a duration).
-
getCurrentPasswordHistoryCount
@Nullable public java.lang.Integer getCurrentPasswordHistoryCount()
Retrieves the number of passwords currently held in the user's password history.- Returns:
- The number of passwords currently held in the user's password
history, or
null
if this was not incldued in the password policy state JSON object (e.g., because the password policy that governs the user is not configured to maintain a password history).
-
getIsWithinMinimumPasswordAge
@Nullable public java.lang.Boolean getIsWithinMinimumPasswordAge()
Indicates whether the user is currently prohibited from changing their password because not enough time has elapsed since they last changed their password.- Returns:
Boolean.TRUE
if the user is currently prohibited from changing their password because not enough time has elapsed since they last changed their password,Boolean.FALSE
if the user is not prohibited from changing their password because of the minimum password age, ornull
if this flag was not included in the password policy state JSON object.
-
getMinimumPasswordAgeSeconds
@Nullable public java.lang.Integer getMinimumPasswordAgeSeconds()
Retrieves the minimum length of time in seconds that must elapse after a user changes their password before they will be permitted to change it again.- Returns:
- The minimum length of time in seconds that must elapse after a
user changes their password before they will be permitted to
change it again, or
null
if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user).
-
getMinimumPasswordAgeExpirationTime
@Nullable public java.util.Date getMinimumPasswordAgeExpirationTime()
Retrieves the earliest time that the user will be permitted to change their password as a result of the minimum password age.- Returns:
- The earliest time that the user will be permitted to change their
password as a result of the minimum password age, or
null
if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user, or because it has been longer than the minimum age since they last changed their password).
-
getSecondsRemainingInMinimumPasswordAge
@Nullable public java.lang.Integer getSecondsRemainingInMinimumPasswordAge()
Retrieves the length of time in seconds remaining until the user will be permitted to change their password as a result of the minimum password age.- Returns:
- The length of time in seconds remaining until the user will be
permitted to change their password as a result of the minimum
password age, or
null
if this was not included in the password policy state JSON object (e.g., because no minimum password age is configured in the password policy that governs the user, or because it has been longer than the minimum age since they last changed their password).
-
getMaximumGraceLoginCount
@Nullable public java.lang.Integer getMaximumGraceLoginCount()
Retrieves the maximum number of grace login attempts that the user will have to allow them to change an expired password.- Returns:
- The maximum number of grace login attempts that the user will have
to allow them to change an expired password, or
null
if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).
-
getUsedGraceLoginCount
@Nullable public java.lang.Integer getUsedGraceLoginCount()
Retrieves the number of grace logins that the user has currently used.- Returns:
- The number of grace login attempts that the user has currently
used, or
null
if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).
-
getRemainingGraceLoginCount
@Nullable public java.lang.Integer getRemainingGraceLoginCount()
Retrieves the remaining number of grace logins for the user.- Returns:
- The remaining number of grace logins for the user, or
null
if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).
-
getGraceLoginUseTimes
@NotNull public java.util.List<java.util.Date> getGraceLoginUseTimes()
Retrieves a list of the times that the user has used a grace login to authenticate.- Returns:
- A list of the times that the user has used a grace login to authenticate, or an empty list if the user has not used any grace logins, or if this was not included in the password policy state JSON object (e.g., if grace logins are not configured in the password policy that governs the user).
-
getHasRetiredPassword
@Nullable public java.lang.Boolean getHasRetiredPassword()
Retrieves the value of a flag that indicates whether the user account has a retired former password that may still be used to authenticate.- Returns:
Boolean.TRUE
if the user account currently has a valid retired password,Boolean.FALSE
if the user account does not have a valid retired password, ornull
if this flag was not included in the password policy state JSON object.
-
getRetiredPasswordExpirationTime
@Nullable public java.util.Date getRetiredPasswordExpirationTime()
Retrieves the time that the user's retired password will expire and can no longer be used to authenticate.- Returns:
- The time that the user's retired password will expire, or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have a retired password).
-
getSecondsUntilRetiredPasswordExpiration
@Nullable public java.lang.Integer getSecondsUntilRetiredPasswordExpiration()
Retrieves the length of time in seconds remaining until the user's retired password expires and can no longer be used to authenticate.- Returns:
- The length of time in seconds remaining until the user's retired
password expires, or
null
if this was not included in the password policy state JSON object (e.g., because the user does not have a retired password).
-
getRequireSecureAuthentication
@Nullable public java.lang.Boolean getRequireSecureAuthentication()
Retrieves the value of a flag that indicates whether the user will be required to authenticate in a secure manner that does not reveal their credentials to an observer.- Returns:
Boolean.TRUE
if the user will be required to authenticate in a secure manner,Boolean.FALSE
if the user will not be required to authenticate in a secure manner, ornull
if this flag was not included in the password policy state JSON object.
-
getRequireSecurePasswordChanges
@Nullable public java.lang.Boolean getRequireSecurePasswordChanges()
Retrieves the value of a flag that indicates whether the user will be required to change their password in a secure manner that does not reveal their credentials to an observer.- Returns:
Boolean.TRUE
if the user will be required to change their password in a secure manner,Boolean.FALSE
if the user will not be required to change their password in a secure manner, ornull
if this flag was not included in the password policy state JSON object.
-
getAvailableSASLMechanisms
@NotNull public java.util.List<java.lang.String> getAvailableSASLMechanisms()
Retrieves a list of the names of the SASL mechanisms that the user can use to authenticate.- Returns:
- A list of the names of the SASL mechanisms that the user can use to authenticate, or an empty list if no SASL mechanisms are available to the user or if this was not included in the password policy state JSON object.
-
getAvailableOTPDeliveryMechanisms
@NotNull public java.util.List<java.lang.String> getAvailableOTPDeliveryMechanisms()
Retrieves a list of the names of the OTP delivery mechanisms that the user can use to receive one-time passwords, password reset tokens, and single-use tokens.- Returns:
- A list of the names of the OTP delivery mechanisms that the user can use, or an empty list if no OTP delivery mechanisms are available to the user or if this was not included in the password policy state JSON object.
-
getHasTOTPSharedSecret
@Nullable public java.lang.Boolean getHasTOTPSharedSecret()
Retrieves the value of a flag that indicates whether the user account has at least one TOTP shared secret that can be used to authenticate with time-based one-time passwords via the UNBOUNDID-TOTP SASL mechanism.- Returns:
Boolean.TRUE
if the user account has at least one TOTP shared secret,Boolean.FALSE
if the user account does not have any TOTP shared secrets, ornull
if this flag was not included in the password policy state JSON object.
-
getHasRegisteredYubiKeyOTPDevice
@Nullable public java.lang.Boolean getHasRegisteredYubiKeyOTPDevice()
Retrieves the value of a flag that indicates whether the user account has at least one registered YubiKey OTP device that can be used to authenticate via the UNBOUNDID-YUBIKEY-OTP SASL mechanism.- Returns:
Boolean.TRUE
if the user account has at least one registered YubiKey OTP device,Boolean.FALSE
if the user account does not have any registered YubiKey OTP devices, ornull
if this flag was not included in the password policy state JSON object.
-
getAccountIsValidationLocked
@Nullable public java.lang.Boolean getAccountIsValidationLocked()
Retrieves the value of a flag that indicates whether the user account is currently locked because it contains a password that does not satisfy all of the configured password validators.- Returns:
Boolean.TRUE
if the user account is locked because it contains a password that does not satisfy all of the configured password validators,Boolean.FALSE
if the account is not validation-locked, ornull
if this flag was not included in the password policy state JSON object.
-
getLastBindPasswordValidationTime
@Nullable public java.util.Date getLastBindPasswordValidationTime()
Retrieves the time that the server last invoked password validators during a bind operation for the user.- Returns:
- The time that the server last invoked password validators during a
bind operation for the user, or
null
if this was not included in the password policy state JSON object.
-
getSecondsSinceLastBindPasswordValidation
@Nullable public java.lang.Integer getSecondsSinceLastBindPasswordValidation()
Retrieves the length of time in seconds that has passed since the server last invoked password validators during a bind operation for the user.- Returns:
- The length of time in seconds that has passed since the server
last invoked password validators during a bind operation for the
user, or
null
if this was not included in the password policy state JSON object.
-
getMinimumBindPasswordValidationFrequencySeconds
@Nullable public java.lang.Integer getMinimumBindPasswordValidationFrequencySeconds()
Retrieves the minimum length of time in seconds that should pass between invocations of password validators during a bind operation for the user.- Returns:
- The minimum length of time in seconds that should pass between
invocations of password validators during a bind operation for
each user, or
null
if this was not included in the password policy state JSON object.
-
getBindPasswordValidationFailureAction
@Nullable public java.lang.String getBindPasswordValidationFailureAction()
Retrieves the name of the action that the server should take if the password provided during a bind operation fails to satisfy one or more password validators.- Returns:
- The name of the action that the server should take if the password
provided during a bind operation fails to satisfy one or more
password validators, or
null
if this was not included in the password policy state JSON object.
-
getRecentLoginHistory
@Nullable public RecentLoginHistory getRecentLoginHistory() throws LDAPException
Retrieves the recent login history for the user.- Returns:
- The recent login history for the user, or
null
if this was not included in the password policy state JSON object. - Throws:
LDAPException
- If a problem occurs while trying to parse the recent login history for the user.
-
getMaximumRecentLoginHistorySuccessfulAuthenticationCount
@Nullable public java.lang.Integer getMaximumRecentLoginHistorySuccessfulAuthenticationCount()
Retrieves the maximum number of recent successful login attempts the server should maintain for a user.- Returns:
- The maximum number of recent successful login attempts the server
should maintain for a user, or
null
if this was not included in the password policy state JSON object.
-
getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds
@Nullable public java.lang.Integer getMaximumRecentLoginHistorySuccessfulAuthenticationDurationSeconds()
Retrieves the maximum age in seconds of recent successful login attempts the server should maintain for a user.- Returns:
- The maximum age in seconds of recent successful login attempts the
server should maintain for a user, or
null
if this was not included in the password policy state JSON object.
-
getMaximumRecentLoginHistoryFailedAuthenticationCount
@Nullable public java.lang.Integer getMaximumRecentLoginHistoryFailedAuthenticationCount()
Retrieves the maximum number of recent failed login attempts the server should maintain for a user.- Returns:
- The maximum number of recent failed login attempts the server
should maintain for a user, or
null
if this was not included in the password policy state JSON object.
-
getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds
@Nullable public java.lang.Integer getMaximumRecentLoginHistoryFailedAuthenticationDurationSeconds()
Retrieves the maximum age in seconds of recent failed login attempts the server should maintain for a user.- Returns:
- The maximum age in seconds of recent failed login attempts the
server should maintain for a user, or
null
if this was not included in the password policy state JSON object.
-
getAddPasswordQualityRequirements
@NotNull public java.util.List<PasswordQualityRequirement> getAddPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied for passwords included in new entries that are added using the same password policy as the associated entry.- Returns:
- The list of password quality requirements that will be enforced for adds using the same password policy as the associated entry, or an empty list if no requirements will be imposed.
-
getSelfChangePasswordQualityRequirements
@NotNull public java.util.List<PasswordQualityRequirement> getSelfChangePasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when the associated user attempts to change their own password.- Returns:
- The list of password quality requirements that will be enforced for self password changes, or an empty list if no requirements will be imposed.
-
getAdministrativeResetPasswordQualityRequirements
@NotNull public java.util.List<PasswordQualityRequirement> getAdministrativeResetPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when an administrator attempts to change the user's password.- Returns:
- The list of password quality requirements that will be enforced for administrative password resets, or an empty list if no requirements will be imposed.
-
getBindPasswordQualityRequirements
@NotNull public java.util.List<PasswordQualityRequirement> getBindPasswordQualityRequirements()
Retrieves the list of quality requirements that must be satisfied when the associated user authenticates in a manner that makes the clear-text password available to the server.- Returns:
- The list of password quality requirements that will be enforced for binds, or an empty list if no requirements will be imposed.
-
hasPasswordEncodedWithNonCurrentSettings
@Nullable public java.lang.Boolean hasPasswordEncodedWithNonCurrentSettings()
Indicates whether the user has a static password that is encoded with settings that don't match the current configuration for the associated password storage scheme.- Returns:
Boolean.TRUE
if the account has a static password that is encoded with non-current settings,Boolean.FALSE
if the account does not have a static password that is encoded with non-current settings, ornull
if this flag was not included in the password policy state JSON object.
-
getNonCurrentPasswordStorageSchemeSettingsExplanations
@NotNull public java.util.Map<java.lang.String,java.util.List<java.lang.String>> getNonCurrentPasswordStorageSchemeSettingsExplanations()
Retrieves a map with information about the reasons that a password may not be encoded with the current settings for the associated password storage scheme. The keys of the map will the name of the storage scheme, and the values will be a possibly-empty list of explanations that describe why a password encoded with that scheme is encoded with non-current settings.- Returns:
- A map with information about the reasons that a password may not be encoded with the current settings for the associated password storage scheme, or an empty map if this was not included in the password policy state JSON object.
-
-