/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE
* or https://OpenDS.dev.java.net/OpenDS.LICENSE.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at
* trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
* add the following below this CDDL HEADER, with the fields enclosed
* by brackets "[]" replaced with your own identifying information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2010 Sun Microsystems, Inc.
* Portions copyright 2011-2012 ForgeRock AS.
*/
package org.opends.server.core;
import static org.opends.messages.ConfigMessages.*;
import static org.opends.messages.CoreMessages.*;
import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.server.schema.SchemaConstants.*;
import java.util.*;
import org.opends.messages.Message;
import org.opends.server.admin.std.meta.PasswordPolicyCfgDefn.*;
import org.opends.server.api.AccountStatusNotificationHandler;
import org.opends.server.api.PasswordGenerator;
import org.opends.server.api.PasswordStorageScheme;
import org.opends.server.api.PasswordValidator;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.*;
/**
* This class represents subentry password policy based on Password Policy for
* LDAP Directories Internet-Draft. In order to represent subentry password
* policies as OpenDJ password policies it performs a mapping of Draft defined
* attributes to OpenDJ implementation specific attributes. Any missing
* attributes are inherited from server default password policy. This class is
* also reponsible for any Draft attributes validation ie making sure that
* provided values are acceptable and within the predefined range.
*/
public final class SubentryPasswordPolicy extends PasswordPolicy
{
/**
* The tracer object for the debug logger.
*/
private static final DebugTracer TRACER = getTracer();
// Password Policy Subentry draft attributes.
private static final String PWD_OC_POLICY = "pwdpolicy";
private static final String PWD_ATTR_ATTRIBUTE = "pwdattribute";
private static final String PWD_ATTR_MINAGE = "pwdminage";
private static final String PWD_ATTR_MAXAGE = "pwdmaxage";
private static final String PWD_ATTR_INHISTORY = "pwdinhistory";
private static final String PWD_ATTR_CHECKQUALITY = "pwdcheckquality";
private static final String PWD_ATTR_MINLENGTH = "pwdminlength";
private static final String PWD_ATTR_EXPIREWARNING = "pwdexpirewarning";
private static final String PWD_ATTR_GRACEAUTHNLIMIT = "pwdgraceauthnlimit";
private static final String PWD_ATTR_LOCKOUT = "pwdlockout";
private static final String PWD_ATTR_LOCKOUTDURATION = "pwdlockoutduration";
private static final String PWD_ATTR_MAXFAILURE = "pwdmaxfailure";
private static final String PWD_ATTR_MUSTCHANGE = "pwdmustchange";
private static final String PWD_ATTR_ALLOWUSERCHANGE = "pwdallowuserchange";
private static final String PWD_ATTR_SAFEMODIFY = "pwdsafemodify";
private static final String PWD_ATTR_FAILURECOUNTINTERVAL =
"pwdfailurecountinterval";
// Password Policy Subentry DN.
private final DN passwordPolicySubentryDN;
// The value of the "allow-user-password-changes" property.
private final Boolean pAllowUserPasswordChanges;
// The value of the "force-change-on-reset" property.
private final Boolean pForceChangeOnReset;
// The value of the "grace-login-count" property.
private final Integer pGraceLoginCount;
// The value of the "lockout-duration" property.
private final Long pLockoutDuration;
// The value of the "lockout-failure-count" property.
private final Integer pLockoutFailureCount;
// The value of the "lockout-failure-expiration-interval" property.
private final Long pLockoutFailureExpirationInterval;
// The value of the "max-password-age" property.
private final Long pMaxPasswordAge;
// The value of the "min-password-age" property.
private final Long pMinPasswordAge;
// The value of the "password-attribute" property.
private final AttributeType pPasswordAttribute;
// The value of the "password-change-requires-current-password" property.
private final Boolean pPasswordChangeRequiresCurrentPassword;
// The value of the "password-expiration-warning-interval" property.
private final Long pPasswordExpirationWarningInterval;
// The value of the "password-history-count" property.
private final Integer pPasswordHistoryCount;
// Indicates if the password attribute uses auth password syntax.
private final Boolean pAuthPasswordSyntax;
// Returns the global default password policy which will be used for deriving
// the default properties of sub-entries.
private PasswordPolicy getDefaultPasswordPolicy()
{
return DirectoryServer.getDefaultPasswordPolicy();
}
/**
* Creates subentry password policy object from the subentry, parsing and
* evaluating subentry password policy attributes.
*
* @param subentry
* password policy subentry.
* @throws DirectoryException
* If a problem occurs while creating subentry password policy
* instance from given subentry.
*/
public SubentryPasswordPolicy(SubEntry subentry) throws DirectoryException
{
// Determine if this is a password policy subentry.
ObjectClass pwdPolicyOC = DirectoryServer.getObjectClass(PWD_OC_POLICY);
Entry entry = subentry.getEntry();
Map<ObjectClass, String> objectClasses = entry.getObjectClasses();
if (pwdPolicyOC == null)
{
// This should not happen -- The server doesn't
// have a pwdPolicy objectclass defined.
if (debugEnabled())
{
TRACER
.debugWarning("No %s objectclass is defined in the server schema.",
PWD_OC_POLICY);
}
for (String ocName : objectClasses.values())
{
if (ocName.equalsIgnoreCase(PWD_OC_POLICY))
{
break;
}
}
Message message = ERR_PWPOLICY_NO_PWDPOLICY_OC.get(subentry.getDN()
.toString());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
else if (!objectClasses.containsKey(pwdPolicyOC))
{
Message message = ERR_PWPOLICY_NO_PWDPOLICY_OC.get(subentry.getDN()
.toString());
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION, message);
}
// Subentry DN for this password policy.
this.passwordPolicySubentryDN = subentry.getDN();
// Get known Password Policy draft attributes from the entry.
// If any given attribute is missing or empty set its value
// from default Password Policy configuration.
AttributeValue value = getAttrValue(entry, PWD_ATTR_ATTRIBUTE);
if ((value != null) && (value.toString().length() > 0))
{
this.pPasswordAttribute = DirectoryServer.getAttributeType(value
.toString().toLowerCase(), false);
if (this.pPasswordAttribute == null)
{
throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM,
ERR_PWPOLICY_UNDEFINED_PASSWORD_ATTRIBUTE.get(
this.passwordPolicySubentryDN.toNormalizedString(),
value.toString()));
}
// Check the syntax.
final String syntaxOID = pPasswordAttribute.getSyntaxOID();
if (syntaxOID.equals(SYNTAX_AUTH_PASSWORD_OID))
{
pAuthPasswordSyntax = true;
}
else if (syntaxOID.equals(SYNTAX_USER_PASSWORD_OID))
{
pAuthPasswordSyntax = false;
}
else
{
String syntax = pPasswordAttribute.getSyntax().getSyntaxName();
if ((syntax == null) || (syntax.length() == 0))
{
syntax = syntaxOID;
}
Message message = ERR_PWPOLICY_INVALID_PASSWORD_ATTRIBUTE_SYNTAX.get(
String.valueOf(passwordPolicySubentryDN),
pPasswordAttribute.getNameOrOID(), String.valueOf(syntax));
throw new DirectoryException(ResultCode.UNWILLING_TO_PERFORM, message);
}
}
else
{
this.pPasswordAttribute = null;
this.pAuthPasswordSyntax = null;
}
value = getAttrValue(entry, PWD_ATTR_MINAGE);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pMinPasswordAge = Long.parseLong(value.toString());
checkIntegerAttr(PWD_ATTR_MINAGE, this.pMinPasswordAge, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pMinPasswordAge = null;
}
value = getAttrValue(entry, PWD_ATTR_MAXAGE);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pMaxPasswordAge = Long.parseLong(value.toString());
checkIntegerAttr(PWD_ATTR_MAXAGE, this.pMaxPasswordAge, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pMaxPasswordAge = null;
}
value = getAttrValue(entry, PWD_ATTR_INHISTORY);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pPasswordHistoryCount = Integer.parseInt(value.toString());
checkIntegerAttr(PWD_ATTR_INHISTORY, this.pPasswordHistoryCount, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pPasswordHistoryCount = null;
}
// This one is managed via the password validator
// so only check if its value is acceptable.
value = getAttrValue(entry, PWD_ATTR_CHECKQUALITY);
if ((value != null) && (value.toString().length() > 0))
{
try
{
int pwdCheckQuality = Integer.parseInt(value.toString());
checkIntegerAttr(PWD_ATTR_CHECKQUALITY, pwdCheckQuality, 0, 2);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
// This one is managed via the password validator
// so only check if its value is acceptable.
value = getAttrValue(entry, PWD_ATTR_MINLENGTH);
if ((value != null) && (value.toString().length() > 0))
{
try
{
int pwdMinLength = Integer.parseInt(value.toString());
checkIntegerAttr(PWD_ATTR_MINLENGTH, pwdMinLength, 0,Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
// This one depends on lockout failure count value
// so only check if its value is acceptable.
value = getAttrValue(entry, PWD_ATTR_LOCKOUT);
if ((value != null) && (value.toString().length() > 0))
{
if (value.toString().equalsIgnoreCase(Boolean.TRUE.toString())
|| value.toString().equalsIgnoreCase(Boolean.FALSE.toString()))
{
Boolean.parseBoolean(value.toString());
}
else
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_BOOLEAN_VALUE.get(PWD_ATTR_MUSTCHANGE,
value.toString()));
}
}
value = getAttrValue(entry, PWD_ATTR_EXPIREWARNING);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pPasswordExpirationWarningInterval = Long.parseLong(value
.toString());
checkIntegerAttr(PWD_ATTR_EXPIREWARNING,
this.pPasswordExpirationWarningInterval, 0, Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pPasswordExpirationWarningInterval = null;
}
value = getAttrValue(entry, PWD_ATTR_GRACEAUTHNLIMIT);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pGraceLoginCount = Integer.parseInt(value.toString());
checkIntegerAttr(PWD_ATTR_GRACEAUTHNLIMIT, this.pGraceLoginCount, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pGraceLoginCount = null;
}
value = getAttrValue(entry, PWD_ATTR_LOCKOUTDURATION);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pLockoutDuration = Long.parseLong(value.toString());
checkIntegerAttr(PWD_ATTR_LOCKOUTDURATION, this.pLockoutDuration, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pLockoutDuration = null;
}
value = getAttrValue(entry, PWD_ATTR_MAXFAILURE);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pLockoutFailureCount = Integer.parseInt(value.toString());
checkIntegerAttr(PWD_ATTR_MAXFAILURE, this.pLockoutFailureCount, 0,
Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(PWD_ATTR_MINAGE,
value.toString(), ne.getLocalizedMessage()));
}
}
else
{
this.pLockoutFailureCount = null;
}
value = getAttrValue(entry, PWD_ATTR_MUSTCHANGE);
if ((value != null) && (value.toString().length() > 0))
{
if (value.toString().equalsIgnoreCase(Boolean.TRUE.toString())
|| value.toString().equalsIgnoreCase(Boolean.FALSE.toString()))
{
this.pForceChangeOnReset = Boolean.parseBoolean(value.toString());
}
else
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_BOOLEAN_VALUE.get(PWD_ATTR_MUSTCHANGE,
value.toString()));
}
}
else
{
this.pForceChangeOnReset = null;
}
value = getAttrValue(entry, PWD_ATTR_ALLOWUSERCHANGE);
if ((value != null) && (value.toString().length() > 0))
{
if (value.toString().equalsIgnoreCase(Boolean.TRUE.toString())
|| value.toString().equalsIgnoreCase(Boolean.FALSE.toString()))
{
this.pAllowUserPasswordChanges = Boolean.parseBoolean(value.toString());
}
else
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_BOOLEAN_VALUE.get(PWD_ATTR_ALLOWUSERCHANGE,
value.toString()));
}
}
else
{
this.pAllowUserPasswordChanges = null;
}
value = getAttrValue(entry, PWD_ATTR_SAFEMODIFY);
if ((value != null) && (value.toString().length() > 0))
{
if (value.toString().equalsIgnoreCase(Boolean.TRUE.toString())
|| value.toString().equalsIgnoreCase(Boolean.FALSE.toString()))
{
this.pPasswordChangeRequiresCurrentPassword = Boolean
.parseBoolean(value.toString());
}
else
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_BOOLEAN_VALUE.get(PWD_ATTR_SAFEMODIFY,
value.toString()));
}
}
else
{
this.pPasswordChangeRequiresCurrentPassword = null;
}
value = getAttrValue(entry, PWD_ATTR_FAILURECOUNTINTERVAL);
if ((value != null) && (value.toString().length() > 0))
{
try
{
this.pLockoutFailureExpirationInterval = Long.parseLong(value
.toString());
checkIntegerAttr(PWD_ATTR_FAILURECOUNTINTERVAL,
this.pLockoutFailureExpirationInterval, 0, Integer.MAX_VALUE);
}
catch (NumberFormatException ne)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INVALID_INT_VALUE.get(
PWD_ATTR_FAILURECOUNTINTERVAL, value.toString(),
ne.getLocalizedMessage()));
}
}
else
{
this.pLockoutFailureExpirationInterval = null;
}
}
/**
* Helper method to validate integer values.
*
* @param attrName
* integer attribute name.
* @param attrValue
* integer value to validate.
* @param lowerBound
* lowest acceptable value.
* @param upperBound
* highest acceptable value.
* @throws DirectoryException
* if the value is out of bounds.
*/
private void checkIntegerAttr(String attrName, long attrValue,
long lowerBound, long upperBound) throws DirectoryException
{
if (attrValue < lowerBound)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INT_BELOW_LOWER_BOUND.get(attrName, attrValue,
lowerBound));
}
if (attrValue > upperBound)
{
throw new DirectoryException(ResultCode.CONSTRAINT_VIOLATION,
ERR_CONFIG_ATTR_INT_ABOVE_UPPER_BOUND.get(attrName, attrValue,
upperBound));
}
}
/**
* Helper method to retieve an attribute value from given entry.
*
* @param entry
* the entry to retrieve an attribute value from.
* @param pwdAttrName
* attribute name to retrieve the value for.
* @return <CODE>AttributeValue</CODE> or <CODE>null</CODE>.
*/
private AttributeValue getAttrValue(Entry entry, String pwdAttrName)
{
AttributeType pwdAttrType = DirectoryServer.getAttributeType(pwdAttrName,
true);
List<Attribute> pwdAttrList = entry.getAttribute(pwdAttrType);
if ((pwdAttrList != null) && (!pwdAttrList.isEmpty()))
{
for (Attribute attr : pwdAttrList)
{
for (AttributeValue value : attr)
{
return value;
}
}
}
return null;
}
/**
* {@inheritDoc}
*/
@Override
public boolean isAllowExpiredPasswordChanges()
{
return getDefaultPasswordPolicy().isAllowExpiredPasswordChanges();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isAllowMultiplePasswordValues()
{
return getDefaultPasswordPolicy().isAllowMultiplePasswordValues();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isAllowPreEncodedPasswords()
{
return getDefaultPasswordPolicy().isAllowPreEncodedPasswords();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isAllowUserPasswordChanges()
{
return pAllowUserPasswordChanges != null ? pAllowUserPasswordChanges
: getDefaultPasswordPolicy().isAllowUserPasswordChanges();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isExpirePasswordsWithoutWarning()
{
return getDefaultPasswordPolicy().isExpirePasswordsWithoutWarning();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isForceChangeOnAdd()
{
// Don't use pwdMustChange since the password provided when the entry was
// added may have been provided by the user. See OPENDJ-341.
return getDefaultPasswordPolicy().isForceChangeOnAdd();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isForceChangeOnReset()
{
return pForceChangeOnReset != null ? pForceChangeOnReset
: getDefaultPasswordPolicy().isForceChangeOnReset();
}
/**
* {@inheritDoc}
*/
@Override
public int getGraceLoginCount()
{
return pGraceLoginCount != null ? pGraceLoginCount
: getDefaultPasswordPolicy().getGraceLoginCount();
}
/**
* {@inheritDoc}
*/
@Override
public long getIdleLockoutInterval()
{
return getDefaultPasswordPolicy().getIdleLockoutInterval();
}
/**
* {@inheritDoc}
*/
@Override
public AttributeType getLastLoginTimeAttribute()
{
return getDefaultPasswordPolicy().getLastLoginTimeAttribute();
}
/**
* {@inheritDoc}
*/
@Override
public String getLastLoginTimeFormat()
{
return getDefaultPasswordPolicy().getLastLoginTimeFormat();
}
/**
* {@inheritDoc}
*/
@Override
public long getLockoutDuration()
{
return pLockoutDuration != null ? pLockoutDuration
: getDefaultPasswordPolicy().getLockoutDuration();
}
/**
* {@inheritDoc}
*/
@Override
public int getLockoutFailureCount()
{
return pLockoutFailureCount != null ? pLockoutFailureCount
: getDefaultPasswordPolicy().getLockoutFailureCount();
}
/**
* {@inheritDoc}
*/
@Override
public long getLockoutFailureExpirationInterval()
{
return pLockoutFailureExpirationInterval != null ?
pLockoutFailureExpirationInterval
: getDefaultPasswordPolicy().getLockoutFailureExpirationInterval();
}
/**
* {@inheritDoc}
*/
@Override
public long getMaxPasswordAge()
{
return pMaxPasswordAge != null ? pMaxPasswordAge
: getDefaultPasswordPolicy().getMaxPasswordAge();
}
/**
* {@inheritDoc}
*/
@Override
public long getMaxPasswordResetAge()
{
return getDefaultPasswordPolicy().getMaxPasswordResetAge();
}
/**
* {@inheritDoc}
*/
@Override
public long getMinPasswordAge()
{
return pMinPasswordAge != null ? pMinPasswordAge
: getDefaultPasswordPolicy().getMinPasswordAge();
}
/**
* {@inheritDoc}
*/
@Override
public AttributeType getPasswordAttribute()
{
return pPasswordAttribute != null ? pPasswordAttribute
: getDefaultPasswordPolicy().getPasswordAttribute();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isPasswordChangeRequiresCurrentPassword()
{
return pPasswordChangeRequiresCurrentPassword != null ?
pPasswordChangeRequiresCurrentPassword
: getDefaultPasswordPolicy().isPasswordChangeRequiresCurrentPassword();
}
/**
* {@inheritDoc}
*/
@Override
public long getPasswordExpirationWarningInterval()
{
return pPasswordExpirationWarningInterval != null ?
pPasswordExpirationWarningInterval
: getDefaultPasswordPolicy().getPasswordExpirationWarningInterval();
}
/**
* {@inheritDoc}
*/
@Override
public int getPasswordHistoryCount()
{
return pPasswordHistoryCount != null ? pPasswordHistoryCount
: getDefaultPasswordPolicy().getPasswordHistoryCount();
}
/**
* {@inheritDoc}
*/
@Override
public long getPasswordHistoryDuration()
{
return getDefaultPasswordPolicy().getPasswordHistoryDuration();
}
/**
* {@inheritDoc}
*/
@Override
public SortedSet<String> getPreviousLastLoginTimeFormats()
{
return getDefaultPasswordPolicy().getPreviousLastLoginTimeFormats();
}
/**
* {@inheritDoc}
*/
@Override
public long getRequireChangeByTime()
{
return getDefaultPasswordPolicy().getRequireChangeByTime();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isRequireSecureAuthentication()
{
return getDefaultPasswordPolicy().isRequireSecureAuthentication();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isRequireSecurePasswordChanges()
{
return getDefaultPasswordPolicy().isRequireSecurePasswordChanges();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isSkipValidationForAdministrators()
{
return getDefaultPasswordPolicy().isSkipValidationForAdministrators();
}
/**
* {@inheritDoc}
*/
@Override
public StateUpdateFailurePolicy getStateUpdateFailurePolicy()
{
return getDefaultPasswordPolicy().getStateUpdateFailurePolicy();
}
/**
* {@inheritDoc}
*/
@Override
public boolean isAuthPasswordSyntax()
{
return pAuthPasswordSyntax != null ? pAuthPasswordSyntax
: getDefaultPasswordPolicy().isAuthPasswordSyntax();
}
/**
* {@inheritDoc}
*/
@Override
public List<PasswordStorageScheme<?>> getDefaultPasswordStorageSchemes()
{
return getDefaultPasswordPolicy().getDefaultPasswordStorageSchemes();
}
/**
* {@inheritDoc}
*/
@Override
public Set<String> getDeprecatedPasswordStorageSchemes()
{
return getDefaultPasswordPolicy().getDeprecatedPasswordStorageSchemes();
}
/**
* {@inheritDoc}
*/
@Override
public DN getDN()
{
return passwordPolicySubentryDN;
}
/**
* {@inheritDoc}
*/
@Override
public boolean isDefaultPasswordStorageScheme(String name)
{
return getDefaultPasswordPolicy().isDefaultPasswordStorageScheme(name);
}
/**
* {@inheritDoc}
*/
@Override
public boolean isDeprecatedPasswordStorageScheme(String name)
{
return getDefaultPasswordPolicy().isDeprecatedPasswordStorageScheme(name);
}
/**
* {@inheritDoc}
*/
@Override
public Collection<PasswordValidator<?>> getPasswordValidators()
{
return getDefaultPasswordPolicy().getPasswordValidators();
}
/**
* {@inheritDoc}
*/
@Override
public Collection<AccountStatusNotificationHandler<?>>
getAccountStatusNotificationHandlers()
{
return getDefaultPasswordPolicy().getAccountStatusNotificationHandlers();
}
/**
* {@inheritDoc}
*/
@Override
public PasswordGenerator<?> getPasswordGenerator()
{
return getDefaultPasswordPolicy().getPasswordGenerator();
}
}