Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact support in order to understand the potential impact of that change.
The Generate Password Extended Operation Handler may be used to request that the server generate one or more passwords, which will be returned in the extended response.
The server can optionally check the generated passwords against the configured set of password validators, re-generating passwords up to a specified maximum number of times in the event that the initial attempts do not create suitable passwords. In the event that the server is ultimately unable to generate a password that satisfies all of the configured validators, the response will include human-readable reasons that the generated password was not considered acceptable.
Note that while the server already provides the ability to generate a password when processing an add operation (using the generate password request control) or a password modify extended operation (by omitting the new password element from the request), this extended operation may still be useful because it allows applications to suggest passwords to the user in advance of sending them to the server. The server can generate multiple passwords for a single request to provide the user with a set of options.
The Generate Password Extended Operation Handler component inherits from the Extended Operation Handler
The following components have a direct aggregation relation from Generate Password Extended Operation Handlers:
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
description | None |
enabled | |
default-password-policy | |
default-password-generator | |
maximum-passwords-per-request | |
maximum-validation-attempts-per-password |
Description | A description for this Extended Operation Handler |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the Extended Operation Handler is enabled (that is, whether the types of extended operations are allowed in the server). |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The default password policy that should be used when generating and validating passwords if the request does not specify an alternate policy. If this is not provided, then this Generate Password Extended Operation Handler will use the default password policy defined in the global configuration. |
Default Value | The Generate Password Extended Operation Handler will use the default password policy defined in the global configuration. |
Allowed Values | The DN of any Password Policy. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | The default password generator that will be used if the selected password policy is not configured with a password generator. |
Default Value | None |
Allowed Values | The DN of any Password Generator. |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | The maximum number of passwords that may be generated and returned to the client for a single request. This value must be greater than or equal to one. It may be desirable to permit multiple passwords to be returned for a single operation if the client wishes to present multiple options to the end user. If the number of passwords requested by the client is less than or equal to this value, then the requested number of passwords will be returned. If the client requests more than the maximum number of passwords, then the maximum will be returned. |
Default Value | 10 |
Allowed Values | An integer value. Lower limit is 1. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
maximum-validation-attempts-per-password
Description | The maximum number of attempts that the server may use to generate a password that passes validation. This value must be greater than or equal to zero. If the number of validation attempts requested by the client is less than or equal to this value, then the requested number of attempts will be used. If the client requests more than the maximum number of validation attempts, then the maximum will be used. If the selected number of validation attempts is zero, then each generated password will be returned without any attempt to validate it. If the selected number of validation attempts is one, then each generated password will be checked against teh set of password validators configured in the selected password policy. The generated password will be returned regardless of whether it passes validation, but if it does not pass validation, then the response will include a list of reasons that the password was not considered acceptable. If the selected number of validation attempts is greater than one, and if the initial password does not pass validation, then the password may be re-generated and the new password subjected to validation. This process may be repeated until a generated password passes validation, or until the total number of validation attempts have been made. If the server is unable to generate an acceptable password after the maximum number of attempts, then it will use the most recently generated password, but will include a list of reasons that the password was not considered acceptable. |
Default Value | 5 |
Allowed Values | An integer value. Lower limit is 0. |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
To list the configured Extended Operation Handlers:
dsconfig list-extended-operation-handlers [--property {propertyName}] ...
To view the configuration for an existing Extended Operation Handler:
dsconfig get-extended-operation-handler-prop --handler-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Extended Operation Handler:
dsconfig set-extended-operation-handler-prop --handler-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...