This Password Policy State JSON Virtual Attribute may be used to expose a JSON-formatted virtual attribute in user entries that provides information about the user's password policy state and the configuration for their governing password policy.
The Password Policy State JSON Virtual Attribute component inherits from the Virtual Attribute
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | require-explicit-request-by-name |
| enabled | multiple-virtual-attribute-evaluation-order-index |
| base-dn | |
| group-dn | |
| filter | |
| client-connection-policy |
| Description | A description for this Virtual Attribute |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the Virtual Attribute is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the base DNs for the branches containing entries that are eligible to use this virtual attribute. If no values are given, then the server generates virtual attributes anywhere in the server. |
| Default Value | The location of the entry in the server is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the DNs of the groups whose members can be eligible to use this virtual attribute. If no values are given, then group membership is not taken into account when generating the virtual attribute. If one or more group DNs are specified, then only members of those groups are allowed to have the virtual attribute. |
| Default Value | Group membership is not taken into account when determining whether an entry is eligible to use this virtual attribute. |
| Allowed Values | A valid DN. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the search filters to be applied against entries to determine if the virtual attribute is to be generated for those entries. If no values are given, then any entry is eligible to have the value generated. If one or more filters are specified, then only entries that match at least one of those filters are allowed to have the virtual attribute. |
| Default Value | None |
| Allowed Values | Any valid search filter string. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a set of client connection policies for which this Virtual Attribute should be generated. If this is undefined, then this Virtual Attribute will always be generated. If it is associated with one or more client connection policies, then this Virtual Attribute will be generated only for operations requested by clients assigned to one of those client connection policies. |
| Default Value | None |
| Allowed Values | The DN of any Client Connection Policy. |
| Multi-Valued | Yes |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
require-explicit-request-by-name (Advanced Property)
| Description | Indicates whether attributes of this type must be explicitly included by name in the list of requested attributes. Note that this will only apply to virtual attributes which are associated with an attribute type that is operational. It will be ignored for virtual attributes associated with a non-operational attribute type. If this is true and the associated attribute type is operational, then virtual attributes of this type will only be returned in a search result entry if the attribute type was specifically included in the list of requested attributes but will not be returned if the client only requested "+" (to indicate all operational attributes) but did not explicitly mention this attribute. This should generally only be set to "true" for virtual attributes which may be expensive to construct and for which it is known that the attribute will always be explicitly requested by the client when it is needed. |
| Default Value | false |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
multiple-virtual-attribute-evaluation-order-index (Advanced Property)
| Description | Specifies the order in which virtual attribute definitions for the same attribute type will be evaluated when generating values for an entry. Evaluation will occur in ascending order, so a virtual attribute definition with an evaluation order index of one will be evaluated before a definition with an evaluation order index of two. Virtual attribute definitions with no evaluation order index will be evaluated after those which do have a defined order. It is not necessary for evaluation order index values to be in consecutive order, and there may be gaps between values. It is also acceptable for multiple virtual attribute definitions for the same attribute to have the same evaluation order index value. In that case, definitions with the same evaluation order index for the same attribute type will be evaluated in case-insensitive lexicographic order based on the name of the config definition. For virtual attribute definitions pertaining to single-valued attributes, only the first applicable virtual attribute definition will be applied to the entry. For multi-valued attributes, it is possible for multiple virtual attribute definitions to be merged or to only use the first definition encountered, based on the value of the multiple-virtual-attribute-merge-behavior configuration property. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 1. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Virtual Attributes:
dsconfig list-virtual-attributes
[--property {propertyName}] ...
To view the configuration for an existing Virtual Attribute:
dsconfig get-virtual-attribute-prop
--name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Virtual Attribute:
dsconfig set-virtual-attribute-prop
--name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Password Policy State JSON Virtual Attribute:
dsconfig create-virtual-attribute
--name {name}
--type password-policy-state-json
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Virtual Attribute:
dsconfig delete-virtual-attribute
--name {name}