Class GeneratePasswordExtendedRequest

  • All Implemented Interfaces:
    ProtocolOp, ReadOnlyLDAPRequest, java.io.Serializable

    @NotMutable
    @ThreadSafety(level=COMPLETELY_THREADSAFE)
    public final class GeneratePasswordExtendedRequest
    extends ExtendedRequest
    This class provides an implementation of an extended request that may be used to request that the server suggest one or more passwords that the client may use in new entries, password changes, or administrative password resets.
    NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

    This extended request has an OID of "1.3.6.1.4.1.30221.2.6.62" and a value\ with the following encoding:

       GeneratePasswordRequest ::= SEQUENCE {
            passwordPolicySelection     CHOICE {
                 defaultPolicy        [0] NULL,
                 passwordPolicyDN     [1] LDAPDN,
                 targetEntryDN        [2] LDAPDN,
                 ... },
            numberOfPasswords      [3] INTEGER DEFAULT 1,
            validationAttempts     [4] INTEGER DEFAULT 5,
            ... }
     


    The "passwordPolicySelection" element allows the client to indicate which password policy (along with its associated password generator and password validators) should be used in the course of generating the passwords, and available options include:
    • defaultPolicy -- Indicates that the server should use the default password policy as defined in the configuration.
    • passwordPolicyDN -- Specifies the DN of the password policy that should be used.
    • targetEntryDN -- Specifies the DN of the target entry for which the passwords are to be generated. If this entry exists, then the password policy that governs it will be used. If the entry does not exist, then the server will generate a stub of an entry with the provided DN and compute virtual attributes for that entry to account for the possibility that a password policy may be assigned by a virtual attribute, but will fall back to using the default password policy as defined in the configuration.


    The "numberOfPasswords" element indicates the number of passwords that the server should generate, since it may be beneficial for the server to suggest multiple passwords and allow the user to choose one. If specified, then the value must be greater than or equal to one.

    The "validationAttempts" element indicates the number of attempts that the server should make to generate each password in a way that will satisfy the set of validators associated with the selected password policy. A value of zero indicates that no validation should be performed. A value of one will cause the server to invoke password validators on each generated password, still returning that password but also including information about potential reasons that generated password may not pass validation. A value that is greater than one will cause the server to re-generate each password up to the specified number of times if the previous attempt resulted in a password that did not satisfy all of the associated password validators. In the event that no acceptable password could be generated after exhausting all attempts, the server will select the last one generated, but will provide a list of reasons that the password was not considered acceptable so that they may be provided to the end user as additional guidance when choosing a password.

    If the generate password operation is processed successfully, then the server will return a GeneratePasswordExtendedResult response with the passwords that it generated and other relevant information.
    See Also:
    Serialized Form
    • Constructor Detail

      • GeneratePasswordExtendedRequest

        public GeneratePasswordExtendedRequest​(Control... controls)
        Creates a new generate password extended request with all the default settings.
        Parameters:
        controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
      • GeneratePasswordExtendedRequest

        public GeneratePasswordExtendedRequest​(ExtendedRequest request)
                                        throws LDAPException
        Creates a new generate password extended request that is decoded from the provided generic request.
        Parameters:
        request - The extended request to be decoded as a generate password extended request. It must not be null.
        Throws:
        LDAPException - If the provided extended request cannot be decoded as a generate password request.
    • Method Detail

      • createDefaultPolicyRequest

        public static GeneratePasswordExtendedRequest createDefaultPolicyRequest​(int numberOfPasswords,
                                                                                 int numberOfValidationAttempts,
                                                                                 Control... controls)
        Creates a generate password extended request that will use the default password policy (as defined in the server configuration) to determine which password generator and validators should be used.
        Parameters:
        numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
        numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
        controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
        Returns:
        The generate password extended request that was created.
      • createPasswordPolicyDNRequest

        public static GeneratePasswordExtendedRequest createPasswordPolicyDNRequest​(java.lang.String passwordPolicyDN,
                                                                                    int numberOfPasswords,
                                                                                    int numberOfValidationAttempts,
                                                                                    Control... controls)
        Creates a generate password extended request that will use the password policy defined in the entry with the specified DN to determine which password generator and validators should be used.
        Parameters:
        passwordPolicyDN - The DN of the entry that defines the password policy to use to determine which password generator and validators should be used. It must not be null.
        numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
        numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
        controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
        Returns:
        The generate password extended request that was created.
      • createTargetEntryDNRequest

        public static GeneratePasswordExtendedRequest createTargetEntryDNRequest​(java.lang.String targetEntryDN,
                                                                                 int numberOfPasswords,
                                                                                 int numberOfValidationAttempts,
                                                                                 Control... controls)
        Creates a generate password extended request that will use the password policy that governs the specified entry to determine which password generator and validators should be used. If the target entry does not exist, then the server will generate a stub of an entry and compute virtual attributes for that entry to account for the possibility that the password policy may be specified using a virtual attribute.
        Parameters:
        targetEntryDN - The DN of the entry whose governing password policy should be used. It must not be null.
        numberOfPasswords - The number of passwords to generate. The value must be greater than or equal to one.
        numberOfValidationAttempts - The number of attempts that should be made to generate each password in an attempt to obtain a password that satisfies the associated set of password validators. The value must be greater than or equal to zero.
        controls - The set of controls to include in the request. It may be null or empty if there should not be any request controls.
        Returns:
        The generate password extended request that was created.
      • getPasswordPolicyDN

        public java.lang.String getPasswordPolicyDN()
        Retrieves the DN of the entry that defines the password policy that should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.PASSWORD_POLICY_DN password policy selection type.
        Returns:
        The DN of the entry that defines the password policy that should be used when generating and validating the passwords, or null if the password policy selection type is anything other than PASSWORD_POLICY_DN.
      • getTargetEntryDN

        public java.lang.String getTargetEntryDN()
        Retrieves the DN of the target entry whose governing password policy should be used when generating and validating passwords. This will only be available for the GeneratePasswordPolicySelectionType.TARGET_ENTRY_DN password policy selection type.
        Returns:
        The DN of the target entry whose governing password policy should be used when generating and validating the passwords, or null if the password policy selection type is anything other than TARGET_ENTRY_DN.
      • getNumberOfPasswords

        public int getNumberOfPasswords()
        Retrieves the number of passwords that the client wants the server to generate. Note that the server may choose to generate fewer passwords than this, based on its configuration.
        Returns:
        The number of passwords that the client wants the server to generate.
      • getNumberOfValidationAttempts

        public int getNumberOfValidationAttempts()
        Retrieves the number of maximum number of attempts that the client wants the server to make when generating each password in the hope that the generated password will satisfy the validation criteria specified in the associated password policy. Note that the server may choose to make fewer validation attempts than this, based on its configuration.
        Returns:
        The number maximum number of validation attempts that the client wants the server to make, or zero if the server should not attempt to validate the generated passwords.
      • process

        protected GeneratePasswordExtendedResult process​(LDAPConnection connection,
                                                         int depth)
                                                  throws LDAPException
        Sends this extended request to the directory server over the provided connection and returns the associated response.
        Overrides:
        process in class ExtendedRequest
        Parameters:
        connection - The connection to use to communicate with the directory server.
        depth - The current referral depth for this request. It should always be one for the initial request, and should only be incremented when following referrals.
        Returns:
        An LDAP result object that provides information about the result of the extended operation processing.
        Throws:
        LDAPException - If a problem occurs while sending the request or reading the response.
      • duplicate

        public GeneratePasswordExtendedRequest duplicate​(Control[] controls)
        Creates a new instance of this LDAP request that may be modified without impacting this request. The provided controls will be used for the new request instead of duplicating the controls from this request.. Subclasses should override this method to return a duplicate of the appropriate type.
        Specified by:
        duplicate in interface ReadOnlyLDAPRequest
        Overrides:
        duplicate in class ExtendedRequest
        Parameters:
        controls - The set of controls to include in the duplicate request.
        Returns:
        A new instance of this LDAP request that may be modified without impacting this request.
      • getExtendedRequestName

        public java.lang.String getExtendedRequestName()
        Retrieves the user-friendly name for the extended request, if available. If no user-friendly name has been defined, then the OID will be returned.
        Overrides:
        getExtendedRequestName in class ExtendedRequest
        Returns:
        The user-friendly name for this extended request, or the OID if no user-friendly name is available.
      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of this request to the provided buffer.
        Specified by:
        toString in interface ProtocolOp
        Specified by:
        toString in interface ReadOnlyLDAPRequest
        Overrides:
        toString in class ExtendedRequest
        Parameters:
        buffer - The buffer to which to append a string representation of this request.