Package com.unboundid.ldap.sdk.unboundidds.extensions

Class PasswordPolicyStateOperation

  • All Implemented Interfaces:
    java.io.Serializable
    @NotMutable
@ThreadSafety(level=COMPLETELY_THREADSAFE)
public final class PasswordPolicyStateOperation
extends java.lang.Object
implements java.io.Serializable
    This class defines an operation that may be used in conjunction with the password policy state extended operation. A password policy state operation can be used to get or set various properties of the password policy state for a user.
    NOTE: This class, and other classes within the com.unboundid.ldap.sdk.unboundidds package structure, are only supported for use against Ping Identity, UnboundID, and Nokia/Alcatel-Lucent 8661 server products. These classes provide support for proprietary functionality or for external specifications that are not considered stable or mature enough to be guaranteed to work in an interoperable way with other types of LDAP servers.

    Operations that are available for use with the password policy state operation include:
    • Get the DN of the password policy configuration entry for the target user.
    • Determine whether an account is usable (may authenticate or be used as an alternate authorization identity.
    • Retrieve the set of account usability notice, warning, and error messages for a user.
    • Get, set, and clear the account disabled flag for the target user.
    • Get, set, and clear the account activation time for the target user.
    • Get, set, and clear the account expiration time for the target user.
    • Get the length of time in seconds until the target user account expires.
    • Get the time that the target user's password was last changed.
    • Get and clear the time that the first password expiration warning was sent to the user.
    • Get the length of time in seconds until the target user's password expires and the password expiration time for the account.
    • Get the length of time in seconds until the user should receive the first warning about an upcoming password expiration.
    • Determine whether the user's password is expired.
    • Determine whether the account is locked because of failed authentication attempts, an idle lockout, or a password reset lockout.
    • Get, update, set, and clear the list of times that the target user has unsuccessfully tried to authenticate since the last successful authentication.
    • Get the number of remaining failed authentication attempts for the target user before the account is locked.
    • Get the length of time in seconds until the target user's account is automatically unlocked after it was locked due to failed authentication attempts.
    • Get, set, and clear the time that the user last authenticated to the server.
    • Get, set, and clear the IP address of the client from which the user last authenticated to the server.
    • Get the length of time in seconds until the user account may be locked after remaining idle.
    • Get, set, and clear the flag that controls whether the target user must change his/her password before being allowed to perform any other operations.
    • Get the length of time in seconds until the user's account is locked after failing to change the password after an administrative reset.
    • Get, update, set, and clear the times that the target user has authenticated using a grace login after the password had expired.
    • Retrieve the number of remaining grace logins for the user.
    • Get, set, and clear the required password change time for the target user.
    • Retrieve the length of time in seconds until the target user's account will be locked as a result of failing to comply with a password change by required time.
    • Get the password history count for the target user.
    • Clear the password history for the target user.
    • Get information about or purge a user's retired password.
    • Get information about which SASL mechanisms are available for a user.
    • Get information about which OTP delivery mechanisms are available for a user.
    • Determine whether a user has any TOTP shared secrets and manipulate the registered secrets.
    • Get, set, and clear the public IDs of any YubiKey OTP devices registered for a user.
    • Determine whether the user has a static password.
    Note that many of these methods are dependent upon the password policy configuration for the target user and therefore some of them may not be applicable for some users. For example, if password expiration is not enabled in the password policy associated with the target user, then operations that involve password expiration will have no effect and/or will have a return value that indicates that password expiration is not in effect.
    See Also:
    Serialized Form

    • Constructor Detail

      • PasswordPolicyStateOperation

        public PasswordPolicyStateOperation​(int opType)
        Creates a new password policy state operation with the specified operation type and no values.
        Parameters:
        opType - The operation type for this password policy state operation.

      • PasswordPolicyStateOperation

        public PasswordPolicyStateOperation​(int opType,
                                    ASN1OctetString[] values)
        Creates a new password policy state operation with the specified operation type and set of values.
        Parameters:
        opType - The operation type for this password policy state operation.
        values - The set of values for this password policy state operation.

    • Method Detail

      • createGetPasswordPolicyDNOperation

        public static PasswordPolicyStateOperation createGetPasswordPolicyDNOperation()
        Creates a new password policy state operation that may be used to request the DN of the password policy configuration entry for the user. The result returned should include an operation of type OP_TYPE_GET_PW_POLICY_DN with a single string value that is the DN of the password policy configuration entry.
        Returns:
        The created password policy state operation.

      • createSetAccountDisabledStateOperation

        public static PasswordPolicyStateOperation createSetAccountDisabledStateOperation​(boolean isDisabled)
        Creates a new password policy state operation that may be used to specify whether the user account is disabled. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_DISABLED_STATE with a single boolean value of true if the account has been disabled, or false if the account is not disabled.
        Parameters:
        isDisabled - Indicates whether the user account should be disabled.
        Returns:
        The created password policy state operation.

      • createGetAccountActivationTimeOperation

        public static PasswordPolicyStateOperation createGetAccountActivationTimeOperation()
        Creates a new password policy state operation that may be used to retrieve the time that the user's account will become active. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME with a single string value that is the generalized time representation of the account activation time, or a null value if the account does not have an activation time.
        Returns:
        The created password policy state operation.

      • createSetAccountActivationTimeOperation

        public static PasswordPolicyStateOperation createSetAccountActivationTimeOperation​(java.util.Date expirationTime)
        Creates a new password policy state operation that may be used to set the time that the user's account expires. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME with a single string value that is the generalized time representation of the account activation time, or a null value if the account does not have an activation time.
        Parameters:
        expirationTime - The time that the user's account should expire. It may be null if the server should use the current time.
        Returns:
        The created password policy state operation.

      • createClearAccountActivationTimeOperation

        public static PasswordPolicyStateOperation createClearAccountActivationTimeOperation()
        Creates a new password policy state operation that may be used to clear the account expiration time in the user's entry. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME with a single string value that is the generalized time representation of the account activation time, or a null value if the account does not have an activation time.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilAccountActivationOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilAccountActivationOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user's account becomes active. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION with a single integer value representing the number of seconds until the account becomes active, or a null value if the account does not have an activation time.
        Returns:
        The created password policy state operation.

      • createGetAccountExpirationTimeOperation

        public static PasswordPolicyStateOperation createGetAccountExpirationTimeOperation()
        Creates a new password policy state operation that may be used to retrieve the time that the user's account expires. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME with a single string value that is the generalized time representation of the account expiration time, or a null value if the account does not have an expiration time.
        Returns:
        The created password policy state operation.

      • createSetAccountExpirationTimeOperation

        public static PasswordPolicyStateOperation createSetAccountExpirationTimeOperation​(java.util.Date expirationTime)
        Creates a new password policy state operation that may be used to set the time that the user's account expires. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME with a single string value that is the generalized time representation of the account expiration time, or a null value if the account does not have an expiration time.
        Parameters:
        expirationTime - The time that the user's account should expire. It may be null if the server should use the current time.
        Returns:
        The created password policy state operation.

      • createClearAccountExpirationTimeOperation

        public static PasswordPolicyStateOperation createClearAccountExpirationTimeOperation()
        Creates a new password policy state operation that may be used to clear the account expiration time in the user's entry. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME with a single string value that is the generalized time representation of the account expiration time, or a null value if the account does not have an expiration time.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilAccountExpirationOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilAccountExpirationOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user's account is expired. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION with a single integer value representing the number of seconds until the account will expire, or a null value if the account does not have an expiration time.
        Returns:
        The created password policy state operation.

      • createGetPasswordChangedTimeOperation

        public static PasswordPolicyStateOperation createGetPasswordChangedTimeOperation()
        Creates a new password policy state operation that may be used to determine when the user's password was last changed. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_TIME with a single string value that is the generalized time representation of the time the password was last changed.
        Returns:
        The created password policy state operation.

      • createSetPasswordChangedTimeOperation

        public static PasswordPolicyStateOperation createSetPasswordChangedTimeOperation​(java.util.Date passwordChangedTime)
        Creates a new password policy state operation that may be used to specify when the user's password was last changed. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_TIME with a single string value that is the generalized time representation of the time the password was last changed.
        Parameters:
        passwordChangedTime - The time the user's password was last changed. It may be null if the server should use the current time.
        Returns:
        The created password policy state operation.

      • createClearPasswordChangedTimeOperation

        public static PasswordPolicyStateOperation createClearPasswordChangedTimeOperation()
        Creates a new password policy state operation that may be used to clear the password changed time from a user's entry. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_TIME with a single string value that is the generalized time representation of the time the password was last changed, or null if it can no longer be determined.
        Returns:
        The created password policy state operation.

      • createGetPasswordExpirationWarnedTimeOperation

        public static PasswordPolicyStateOperation createGetPasswordExpirationWarnedTimeOperation()
        Creates a new password policy state operation that may be used to determine when the user first received a password expiration warning. The result returned should include an operation of type OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME with a single string value that is the generalized time representation of the time the user received the first expiration warning.
        Returns:
        The created password policy state operation.

      • createSetPasswordExpirationWarnedTimeOperation

        public static PasswordPolicyStateOperation createSetPasswordExpirationWarnedTimeOperation​(java.util.Date passwordExpirationWarnedTime)
        Creates a new password policy state operation that may be used to specify when the user first received a password expiration warning. The result returned should include an operation of type OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME with a single string value that is the generalized time representation of the time the user received the first expiration warning.
        Parameters:
        passwordExpirationWarnedTime - The password expiration warned time for the user. It may be null if the server should use the current time.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilPasswordExpirationOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilPasswordExpirationOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user's password expires. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION with a single integer value that is the number of seconds until the user's password expires, or a null value if the user's password will not expire.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilPasswordExpirationWarningOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilPasswordExpirationWarningOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user is eligible to start receiving password expiration warnings. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING with a single integer value that is the number of seconds until the user is eligible to receive the first expiration warning, or a null value if the user's password will not expire.
        Returns:
        The created password policy state operation.

      • createGetAuthenticationFailureTimesOperation

        public static PasswordPolicyStateOperation createGetAuthenticationFailureTimesOperation()
        Creates a new password policy state operation that may be used to retrieve the times that the user has unsuccessfully tried to authenticate since the last successful authentication. The result returned should include an operation of type OP_TYPE_GET_AUTH_FAILURE_TIMES with an array of string values representing the timestamps (in generalized time format) of the authentication failures.
        Returns:
        The created password policy state operation.

      • createAddAuthenticationFailureTimeOperation

        public static PasswordPolicyStateOperation createAddAuthenticationFailureTimeOperation()
        Creates a new password policy state operation that may be used to add the current time to the set of times that the user has unsuccessfully tried to authenticate since the last successful authentication. The result returned should include an operation of type OP_TYPE_GET_AUTH_FAILURE_TIMES with an array of string values representing the timestamps (in generalized time format) of the authentication failures.
        Returns:
        The created password policy state operation.

      • createAddAuthenticationFailureTimeOperation

        public static PasswordPolicyStateOperation createAddAuthenticationFailureTimeOperation​(java.util.Date[] authFailureTimes)
        Creates a new password policy state operation that may be used to add the specified values to the set of times that the user has unsuccessfully tried to authenticate since the last successful authentication. The result returned should include an operation of type OP_TYPE_GET_AUTH_FAILURE_TIMES with an array of string values representing the timestamps (in generalized time format) of the authentication failures.
        Parameters:
        authFailureTimes - The set of authentication failure time values to add. It may be null or empty if the server should add the current time.
        Returns:
        The created password policy state operation.

      • createSetAuthenticationFailureTimesOperation

        public static PasswordPolicyStateOperation createSetAuthenticationFailureTimesOperation​(java.util.Date[] authFailureTimes)
        Creates a new password policy state operation that may be used to specify the set of times that the user has unsuccessfully tried to authenticate since the last successful authentication. The result returned should include an operation of type OP_TYPE_GET_AUTH_FAILURE_TIMES with an array of string values representing the timestamps (in generalized time format) of the authentication failures.
        Parameters:
        authFailureTimes - The set of times that the user has unsuccessfully tried to authenticate since the last successful authentication. It may be null or empty if the server should use the current time as the only failure time.
        Returns:
        The created password policy state operation.

      • createClearAuthenticationFailureTimesOperation

        public static PasswordPolicyStateOperation createClearAuthenticationFailureTimesOperation()
        Creates a new password policy state operation that may be used to clear the set of times that the user has unsuccessfully tried to authenticate since the last successful authentication. The result returned should include an operation of type OP_TYPE_GET_AUTH_FAILURE_TIMES with an array of string values representing the timestamps (in generalized time format) of the authentication failures.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilAuthenticationFailureUnlockOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilAuthenticationFailureUnlockOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user's account is automatically unlocked after too many failed authentication attempts. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK with a single integer value that represents the number of seconds until the account becomes unlocked, or a null value if the account is not temporarily locked as a result of authentication failures.
        Returns:
        The created password policy state operation.

      • createGetRemainingAuthenticationFailureCountOperation

        public static PasswordPolicyStateOperation createGetRemainingAuthenticationFailureCountOperation()
        Creates a new password policy state operation that may be used to determine the number of authentication failures required to lock the user's account. The result returned should include an operation of type OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT with a single integer value that represents the number of authentication failures that a user will be permitted before the account is locked, or a null value if the password policy is not configured to lock accounts as a result of too many failed authentication attempts.
        Returns:
        The created password policy state operation.

      • createGetLastLoginTimeOperation

        public static PasswordPolicyStateOperation createGetLastLoginTimeOperation()
        Creates a new password policy state operation that may be used to determine the time that the user last successfully authenticated to the server. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_TIME with a single string value that is the generalized time representation of the user's last login time, or a null value if no last login time is available.
        Returns:
        The created password policy state operation.

      • createSetLastLoginTimeOperation

        public static PasswordPolicyStateOperation createSetLastLoginTimeOperation​(java.util.Date lastLoginTime)
        Creates a new password policy state operation that may be used to set the time that the user last successfully authenticated to the server. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_TIME with a single string value that is the generalized time representation of the user's last login time, or a null value if no last login time is available.
        Parameters:
        lastLoginTime - The last login time to set in the user's entry. It may be null if the server should use the current time.
        Returns:
        The created password policy state operation.

      • createClearLastLoginTimeOperation

        public static PasswordPolicyStateOperation createClearLastLoginTimeOperation()
        Creates a new password policy state operation that may be used to clear the last login time from the user's entry. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_TIME with a single string value that is the generalized time representation of the user's last login time, or a null value if no last login time is available.
        Returns:
        The created password policy state operation.

      • createGetLastLoginIPAddressOperation

        public static PasswordPolicyStateOperation createGetLastLoginIPAddressOperation()
        Creates a new password policy state operation that may be used to determine the IP address from which the user last successfully authenticated to the server. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS with a single string value that is the user's last login IP address, or a null value if no last login IP address is available.
        Returns:
        The created password policy state operation.

      • createSetLastLoginIPAddressOperation

        public static PasswordPolicyStateOperation createSetLastLoginIPAddressOperation​(java.lang.String lastLoginIPAddress)
        Creates a new password policy state operation that may be used to set the IP address from which the user last successfully authenticated to the server. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS with a single string value that is the user's last login IP address, or a null value if no last login IP address is available.
        Parameters:
        lastLoginIPAddress - The last login IP address to set in the user's entry. It must not be null.
        Returns:
        The created password policy state operation.

      • createClearLastLoginIPAddressOperation

        public static PasswordPolicyStateOperation createClearLastLoginIPAddressOperation()
        Creates a new password policy state operation that may be used to clear the last login IP address from the user's entry. The result returned should include an operation of type OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS with a single string value that is the user's last login IP address, or a null value if no last login IP address is available.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilIdleLockoutOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilIdleLockoutOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds until the user's account is locked due to inactivity. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT with a single integer value that represents the number of seconds until the user's account is locked as a result of being idle for too long, or a null value if no idle account lockout is configured.
        Returns:
        The created password policy state operation.

      • createGetPasswordResetStateOperation

        public static PasswordPolicyStateOperation createGetPasswordResetStateOperation()
        Creates a new password policy state operation that may be used to determine whether the user's password has been reset by an administrator and must be changed before performing any other operations. The result returned should include an operation of type OP_TYPE_GET_PW_RESET_STATE with a single boolean value of true if the user's password must be changed before the account can be used, or false if not.
        Returns:
        The created password policy state operation.

      • createSetPasswordResetStateOperation

        public static PasswordPolicyStateOperation createSetPasswordResetStateOperation​(boolean isReset)
        Creates a new password policy state operation that may be used to specify whether the user's password has been reset by an administrator and must be changed before performing any other operations. The result returned should include an operation of type OP_TYPE_GET_PW_RESET_STATE with a single boolean value of true if the user's password must be changed before the account can be used, or false if not.
        Parameters:
        isReset - Specifies whether the user's password must be changed before performing any other operations.
        Returns:
        The created password policy state operation.

      • createClearPasswordResetStateOperation

        public static PasswordPolicyStateOperation createClearPasswordResetStateOperation()
        Creates a new password policy state operation that may be used to clear the password reset state information in the user's entry. The result returned should include an operation of type OP_TYPE_GET_PW_RESET_STATE with a single boolean value of true if the user's password must be changed before the account can be used, or false if not.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilPasswordResetLockoutOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilPasswordResetLockoutOperation()
        Creates a new password policy state operation that may be used to determine the length of time in seconds that the user has left to change his/her password after an administrative reset before the account is locked. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT with a single integer value that represents the number of seconds until the user's account will be locked unless the password is reset, or a null value if the user's password is not in a "must change" state.
        Returns:
        The created password policy state operation.

      • createGetGraceLoginUseTimesOperation

        public static PasswordPolicyStateOperation createGetGraceLoginUseTimesOperation()
        Creates a new password policy state operation that may be used to retrieve the set of times that the user has authenticated using grace logins since his/her password expired. The result returned should include an operation of type OP_TYPE_GET_GRACE_LOGIN_USE_TIMES with an array of string values in generalized time format.
        Returns:
        The created password policy state operation.

      • createAddGraceLoginUseTimeOperation

        public static PasswordPolicyStateOperation createAddGraceLoginUseTimeOperation()
        Creates a new password policy state operation that may be used to add the current time to the set of times that the user has authenticated using grace logins since his/her password expired. The result returned should include an operation of type OP_TYPE_GET_GRACE_LOGIN_USE_TIMES with an array of string values in generalized time format.
        Returns:
        The created password policy state operation.

      • createAddGraceLoginUseTimeOperation

        public static PasswordPolicyStateOperation createAddGraceLoginUseTimeOperation​(java.util.Date[] graceLoginUseTimes)
        Creates a new password policy state operation that may be used to add the current time to the set of times that the user has authenticated using grace logins since his/her password expired. The result returned should include an operation of type OP_TYPE_GET_GRACE_LOGIN_USE_TIMES with an array of string values in generalized time format.
        Parameters:
        graceLoginUseTimes - The set of grace login use times to add. It may be null or empty if the server should add the current time to the set of grace login times.
        Returns:
        The created password policy state operation.

      • createSetGraceLoginUseTimesOperation

        public static PasswordPolicyStateOperation createSetGraceLoginUseTimesOperation​(java.util.Date[] graceLoginUseTimes)
        Creates a new password policy state operation that may be used to specify the set of times that the user has authenticated using grace logins since his/her password expired. The result returned should include an operation of type OP_TYPE_GET_GRACE_LOGIN_USE_TIMES with an array of string values in generalized time format.
        Parameters:
        graceLoginUseTimes - The set of times that the user has authenticated using grace logins since his/her password expired. It amy be null or empty if the server should use the current time as the only grace login use time.
        Returns:
        The created password policy state operation.

      • createClearGraceLoginUseTimesOperation

        public static PasswordPolicyStateOperation createClearGraceLoginUseTimesOperation()
        Creates a new password policy state operation that may be used to clear the set of times that the user has authenticated using grace logins since his/her password expired. The result returned should include an operation of type OP_TYPE_GET_GRACE_LOGIN_USE_TIMES with an array of string values in generalized time format.
        Returns:
        The created password policy state operation.

      • createGetRemainingGraceLoginCountOperation

        public static PasswordPolicyStateOperation createGetRemainingGraceLoginCountOperation()
        Creates a new password policy state operation that may be used to retrieve the number of remaining grace logins available to the user. The result returned should include an operation of type OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT with a single integer value that represents the number of remaining grace logins, or a null value if grace login functionality is not enabled for the user.
        Returns:
        The created password policy state operation.

      • createGetPasswordChangedByRequiredTimeOperation

        public static PasswordPolicyStateOperation createGetPasswordChangedByRequiredTimeOperation()
        Creates a new password policy state operation that may be used to retrieve the last required password change time that with which the user has complied. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME with a single string value that is the generalized time representation of the most recent required password change time with which the user complied, or a null value if this is not available for the user.
        Returns:
        The created password policy state operation.

      • createSetPasswordChangedByRequiredTimeOperation

        public static PasswordPolicyStateOperation createSetPasswordChangedByRequiredTimeOperation()
        Creates a new password policy state operation that may be used to update the user's entry to indicate that he/she has complied with the required password change time. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME with a single string value that is the generalized time representation of the most recent required password change time with which the user complied, or a null value if this is not available for the user.
        Returns:
        The created password policy state operation.

      • createSetPasswordChangedByRequiredTimeOperation

        public static PasswordPolicyStateOperation createSetPasswordChangedByRequiredTimeOperation​(java.util.Date requiredTime)
        Creates a new password policy state operation that may be used to update the user's entry to indicate that he/she has complied with the required password change time. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME with a single string value that is the generalized time representation of the most recent required password change time with which the user complied, or a null value if this is not available for the user.
        Parameters:
        requiredTime - The required password changed time with which the user has complied. It may be null if the server should use the most recent required change time.
        Returns:
        The created password policy state operation.

      • createClearPasswordChangedByRequiredTimeOperation

        public static PasswordPolicyStateOperation createClearPasswordChangedByRequiredTimeOperation()
        Creates a new password policy state operation that may be used to clear the last required password change time from the user's entry. The result returned should include an operation of type OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME with a single string value that is the generalized time representation of the most recent required password change time with which the user complied, or a null value if this is not available for the user.
        Returns:
        The created password policy state operation.

      • createGetSecondsUntilRequiredChangeTimeOperation

        public static PasswordPolicyStateOperation createGetSecondsUntilRequiredChangeTimeOperation()
        Creates a new password policy state operation that may be used to retrieve the length of time in seconds until the required password change time arrives. The result returned should include an operation of type OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME with a single integer value that represents the number of seconds before the user will be required to change his/her password as a result of the require-change-by-time property, or a null value if the user is not required to change their password for this reason.
        Returns:
        The created password policy state operation.

      • createClearPasswordHistoryOperation

        public static PasswordPolicyStateOperation createClearPasswordHistoryOperation()
        Creates a new password policy state operation that may be used to clear the password history values stored in the user's entry. The result returned should include an operation of type OP_TYPE_GET_PW_HISTORY with an array of strings representing the user's password history content.
        Returns:
        The created password policy state operation.

      • createHasRetiredPasswordOperation

        public static PasswordPolicyStateOperation createHasRetiredPasswordOperation()
        Creates a new password policy state operation that may be used to determine whether the user has a valid retired password. The result returned should include an operation of type OP_TYPE_HAS_RETIRED_PASSWORD with a single boolean value of true if the user has a valid retired password, or false if not.
        Returns:
        The created password policy state operation.

      • createGetPasswordRetiredTimeOperation

        public static PasswordPolicyStateOperation createGetPasswordRetiredTimeOperation()
        Creates a new password policy state operation that may be used to determine the time that the user's former password was retired. The result returned should include an operation of type OP_TYPE_GET_PASSWORD_RETIRED_TIME with a single string value that is the generalized time representation of the time the user's former password was retired, or a null value if the user does not have a valid retired password.
        Returns:
        The created password policy state operation.

      • createGetRetiredPasswordExpirationTimeOperation

        public static PasswordPolicyStateOperation createGetRetiredPasswordExpirationTimeOperation()
        Creates a new password policy state operation that may be used to determine the length of time until the user's retired password expires. The result returned should include an operation of type OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME with a single string value that is the generalized time representation of the time the user's retired password will cease to be valid, or a null value if the user does not have a valid retired password.
        Returns:
        The created password policy state operation.

      • createPurgeRetiredPasswordOperation

        public static PasswordPolicyStateOperation createPurgeRetiredPasswordOperation()
        Creates a new password policy state operation that may be used to purge any retired password from the user's entry. The result returned should include an operation of type OP_TYPE_HAS_RETIRED_PASSWORD with a single boolean value of true if the user has a valid retired password, or false if not.
        Returns:
        The created password policy state operation.

      • createGetAccountIsUsableOperation

        public static PasswordPolicyStateOperation createGetAccountIsUsableOperation()
        Creates a new password policy state operation that may be used to determine whether an account is usable (i.e., the account will be allowed to authenticate and/or be used as an alternate authorization identity. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_IS_USABLE with a single boolean value that indicates whether the account is usable.
        Returns:
        The created password policy state operation.

      • createGetAccountIsExpiredOperation

        public static PasswordPolicyStateOperation createGetAccountIsExpiredOperation()
        Creates a new password policy state operation that may be used to determine whether an account has an expiration time that is in the past. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_IS_EXPIRED with a single boolean value that indicates whether the account is expired.
        Returns:
        The created password policy state operation.

      • createGetPasswordExpirationTimeOperation

        public static PasswordPolicyStateOperation createGetPasswordExpirationTimeOperation()
        Creates a new password policy state operation that may be used to determine when a user's password is expected to expire. The result returned should include an operation of type OP_TYPE_GET_PW_EXPIRATION_TIME with a single string value that is the generalized time representation of the password expiration time.
        Returns:
        The created password policy state operation.

      • createSetAccountIsFailureLockedOperation

        public static PasswordPolicyStateOperation createSetAccountIsFailureLockedOperation​(boolean isFailureLocked)
        Creates a new password policy state operation that may be used to specify whether an account should be locked because of too many failed authentication attempts. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_IS_FAILURE_LOCKED with a single boolean value that indicates whether the account is failure locked.
        Parameters:
        isFailureLocked - Indicates whether the account should be locked because of too many failed attempts.
        Returns:
        The created password policy state operation.

      • createGetFailureLockoutTimeOperation

        public static PasswordPolicyStateOperation createGetFailureLockoutTimeOperation()
        Creates a new password policy state operation that may be used to determine when a user's password is was locked because of too many failed authentication attempts. The result returned should include an operation of type OP_TYPE_GET_FAILURE_LOCKOUT_TIME with a single string value that is the generalized time representation of the failure lockout time.
        Returns:
        The created password policy state operation.

      • createGetAccountIsIdleLockedOperation

        public static PasswordPolicyStateOperation createGetAccountIsIdleLockedOperation()
        Creates a new password policy state operation that may be used to determine whether an account has been locked because it has remained idle for too long. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_IS_IDLE_LOCKED with a single boolean value that indicates whether the account is idle locked.
        Returns:
        The created password policy state operation.

      • createGetIdleLockoutTimeOperation

        public static PasswordPolicyStateOperation createGetIdleLockoutTimeOperation()
        Creates a new password policy state operation that may be used to determine when a user's password is was locked because of the idle account lockout. The result returned should include an operation of type OP_TYPE_GET_IDLE_LOCKOUT_TIME with a single string value that is the generalized time representation of the idle lockout time.
        Returns:
        The created password policy state operation.

      • createGetAccountIsResetLockedOperation

        public static PasswordPolicyStateOperation createGetAccountIsResetLockedOperation()
        Creates a new password policy state operation that may be used to determine whether an account has been locked because the user failed to change their password in a timely manner after an administrative reset. The result returned should include an operation of type OP_TYPE_GET_ACCOUNT_IS_RESET_LOCKED with a single boolean value that indicates whether the account is reset locked.
        Returns:
        The created password policy state operation.

      • createGetResetLockoutTimeOperation

        public static PasswordPolicyStateOperation createGetResetLockoutTimeOperation()
        Creates a new password policy state operation that may be used to determine when a user's password is was locked because the user failed to change their password in a timely manner after an administrative reset. The result returned should include an operation of type OP_TYPE_GET_RESET_LOCKOUT_TIME with a single string value that is the generalized time representation of the reset lockout time.
        Returns:
        The created password policy state operation.

      • createGetPasswordHistoryCountOperation

        public static PasswordPolicyStateOperation createGetPasswordHistoryCountOperation()
        Creates a new password policy state operation that may be used to retrieve the number of passwords currently held in a user's password history. The result returned should include an operation of type OP_TYPE_GET_PW_HISTORY_COUNT with a single integer value that represents the number of passwords in the history, or a null value if a password history is not enabled for the user.
        Returns:
        The created password policy state operation.

      • createGetPasswordIsExpiredOperation

        public static PasswordPolicyStateOperation createGetPasswordIsExpiredOperation()
        Creates a new password policy state operation that may be used to determine whether a user's password is expired. The result returned should include an operation of type OP_TYPE_GET_PW_IS_EXPIRED with a single Boolean value that indicates whether the password is expired, or a null value if password expiration is not enabled for the user.
        Returns:
        The created password policy state operation.

      • createGetAvailableSASLMechanismsOperation

        public static PasswordPolicyStateOperation createGetAvailableSASLMechanismsOperation()
        Creates a new password policy state operation that may be used to retrieve a list of the SASL mechanisms that are available for a user. This will take into consideration the server's configuration, the types of credentials that a user has, and per-user constraints and preferences.
        Returns:
        The created password policy state operation.

      • createGetAvailableOTPDeliveryMechanismsOperation

        public static PasswordPolicyStateOperation createGetAvailableOTPDeliveryMechanismsOperation()
        Creates a new password policy state operation that may be used to retrieve a list of the one-time password delivery mechanisms that are available for a user. If the user's entry includes information about which OTP delivery mechanisms are preferred, the list will be ordered from most preferred to least preferred.
        Returns:
        The created password policy state operation.

      • createHasTOTPSharedSecret

        public static PasswordPolicyStateOperation createHasTOTPSharedSecret()
        Creates a new password policy state operation that may be used to determine whether the user has at least one TOTP shared secret. The result returned should include an operation of type OP_TYPE_HAS_TOTP_SHARED_SECRET with a single boolean value of true if the user has one or more TOTP shared secrets, or false if not.
        Returns:
        The created password policy state operation.

      • createAddTOTPSharedSecretOperation

        public static PasswordPolicyStateOperation createAddTOTPSharedSecretOperation​(java.lang.String... totpSharedSecrets)
        Creates a new password policy state operation that may be used to add one or more values to the set of TOTP shared secrets for a user. The result returned should include an operation of type OP_TYPE_HAS_TOTP_SHARED_SECRET with a single boolean value of true if the user has one or more TOTP shared secrets, or false if not.
        Parameters:
        totpSharedSecrets - The base32-encoded representations of the TOTP shared secrets to add to the user. It must not be null or empty.
        Returns:
        The created password policy state operation.

      • createRemoveTOTPSharedSecretOperation

        public static PasswordPolicyStateOperation createRemoveTOTPSharedSecretOperation​(java.lang.String... totpSharedSecrets)
        Creates a new password policy state operation that may be used to remove one or more values from the set of TOTP shared secrets for a user. The result returned should include an operation of type OP_TYPE_HAS_TOTP_SHARED_SECRET with a single boolean value of true if the user has one or more TOTP shared secrets, or false if not.
        Parameters:
        totpSharedSecrets - The base32-encoded representations of the TOTP shared secrets to remove from the user. It must not be null or empty.
        Returns:
        The created password policy state operation.

      • createSetTOTPSharedSecretsOperation

        public static PasswordPolicyStateOperation createSetTOTPSharedSecretsOperation​(java.lang.String... totpSharedSecrets)
        Creates a new password policy state operation that may be used to replace the set of TOTP shared secrets for a user. The result returned should include an operation of type OP_TYPE_HAS_TOTP_SHARED_SECRET with a single boolean value of true if the user has one or more TOTP shared secrets, or false if not.
        Parameters:
        totpSharedSecrets - The base32-encoded representations of the TOTP shared secrets for the user. It must not be null but may be empty.
        Returns:
        The created password policy state operation.

      • createClearTOTPSharedSecretsOperation

        public static PasswordPolicyStateOperation createClearTOTPSharedSecretsOperation()
        Creates a new password policy state operation that may be used to clear the set of TOTP shared secrets for a user. The result returned should include an operation of type OP_TYPE_HAS_TOTP_SHARED_SECRET with a single boolean value of true if the user has one or more TOTP shared secrets, or false if not.
        Returns:
        The created password policy state operation.

      • createHasYubiKeyPublicIDOperation

        public static PasswordPolicyStateOperation createHasYubiKeyPublicIDOperation()
        Creates a new password policy state operation that may be used to determine whether the user has at least one registered YubiKey OTP device. The result returned should include an operation of type OP_TYPE_HAS_REGISTERED_YUBIKEY_PUBLIC_ID with a single boolean value of true if the user has one or more registered devices, or false if not.
        Returns:
        The created password policy state operation.

      • createAddRegisteredYubiKeyPublicIDOperation

        public static PasswordPolicyStateOperation createAddRegisteredYubiKeyPublicIDOperation​(java.lang.String... publicIDs)
        Creates a new password policy state operation that may be used to add one or more values to the set of the public IDs of the YubiKey OTP devices registered for a user. The result returned should include an operation of type OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS with an array of string values that represent the public IDs of the registered YubiKey OTP devices.
        Parameters:
        publicIDs - The set of public IDs to add to the set of YubiKey OTP devices registered for the user. It must not be null or empty.
        Returns:
        The created password policy state operation.

      • createRemoveRegisteredYubiKeyPublicIDOperation

        public static PasswordPolicyStateOperation createRemoveRegisteredYubiKeyPublicIDOperation​(java.lang.String... publicIDs)
        Creates a new password policy state operation that may be used to remove one or more values from the set of the public IDs of the YubiKey OTP devices registered for a user. The result returned should include an operation of type OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS with an array of string values that represent the public IDs of the registered YubiKey OTP devices.
        Parameters:
        publicIDs - The set of public IDs to remove from the set of YubiKey OTP devices registered for the user. It must not be null or empty.
        Returns:
        The created password policy state operation.

      • createSetRegisteredYubiKeyPublicIDsOperation

        public static PasswordPolicyStateOperation createSetRegisteredYubiKeyPublicIDsOperation​(java.lang.String... publicIDs)
        Creates a new password policy state operation that may be used to replace the set of the public IDs of the YubiKey OTP devices registered for a user. The result returned should include an operation of type OP_TYPE_GET_REGISTERED_YUBIKEY_PUBLIC_IDS with an array of string values that represent the public IDs of the registered YubiKey OTP devices.
        Parameters:
        publicIDs - The set of public IDs for the YubiKey OTP devices registered for the user. It must not be null but may be empty.
        Returns:
        The created password policy state operation.

      • createHasStaticPasswordOperation

        public static PasswordPolicyStateOperation createHasStaticPasswordOperation()
        Creates a new password policy state operation that may be used to determine whether the user has a static password. The result should include an operation of type OP_TYPE_HAS_STATIC_PASSWORD with a single boolean value of true if the user has a static password, or false if not.
        Returns:
        The created password policy state operation.

      • getOperationType

        public int getOperationType()
        Retrieves the operation type for this password policy state operation.
        Returns:
        The operation type for this password policy state operation.

      • getRawValues

        public ASN1OctetString[] getRawValues()
        Retrieves the set of raw values for this password policy state operation.
        Returns:
        The set of raw values for this password policy state operation.

      • getStringValue

        public java.lang.String getStringValue()
        Retrieves the string representation of the value for this password policy state operation. If there are multiple values, then the first will be returned.
        Returns:
        The string representation of the value for this password policy state operation, or null if there are no values.

      • getStringValues

        public java.lang.String[] getStringValues()
        Retrieves the string representations of the values for this password policy state operation.
        Returns:
        The string representations of the values for this password policy state operation.

      • getBooleanValue

        public boolean getBooleanValue()
                        throws java.lang.IllegalStateException
        Retrieves the boolean representation of the value for this password policy state operation.
        Returns:
        The boolean representation of the value for this password policy state operation.
        Throws:
        java.lang.IllegalStateException - If this operation does not have exactly one value, or if the value cannot be decoded as a boolean value.

      • getIntValue

        public int getIntValue()
                throws java.lang.IllegalStateException,
                       java.lang.NumberFormatException
        Retrieves the integer representation of the value for this password policy state operation. If there are multiple values, then the first will be returned.
        Returns:
        The integer representation of the value for this password policy operation.
        Throws:
        java.lang.IllegalStateException - If this operation does not have any values.
        java.lang.NumberFormatException - If the value cannot be parsed as an integer.

      • getGeneralizedTimeValue

        public java.util.Date getGeneralizedTimeValue()
                                       throws java.text.ParseException
        Retrieves the Date object represented by the value for this password policy state operation treated as a timestamp in generalized time form. If there are multiple values, then the first will be returned.
        Returns:
        The Date object represented by the value for this password policy state operation treated as a timestamp in generalized time form, or null if this operation does not have any values.
        Throws:
        java.text.ParseException - If the value cannot be decoded as a timestamp in generalized time form.

      • getGeneralizedTimeValues

        public java.util.Date[] getGeneralizedTimeValues()
                                          throws java.text.ParseException
        Retrieves the Date objects represented by the values for this password policy state operation treated as timestamps in generalized time form.
        Returns:
        The Date objects represented by the values for this password policy state operation treated as timestamps in generalized time form.
        Throws:
        java.text.ParseException - If any of the values cannot be decoded as a timestamp in generalized time form.

      • encode

        public ASN1Element encode()
        Encodes this password policy state operation for use in the extended request or response.
        Returns:
        An ASN.1 element containing an encoded representation of this password policy state operation.

      • decode

        public static PasswordPolicyStateOperation decode​(ASN1Element element)
                                           throws LDAPException
        Decodes the provided ASN.1 element as a password policy state operation.
        Parameters:
        element - The ASN.1 element to be decoded.
        Returns:
        The decoded password policy state operation.
        Throws:
        LDAPException - If a problem occurs while attempting to decode the provided ASN.1 element as a password policy state operation.

      • toString

        public java.lang.String toString()
        Retrieves a string representation of this password policy state operation.
        Overrides:
        toString in class java.lang.Object
        Returns:
        A string representation of this password policy state operation.

      • toString

        public void toString​(java.lang.StringBuilder buffer)
        Appends a string representation of this password policy state operation to the provided buffer.
        Parameters:
        buffer - The buffer to which the information should be appended.