This extension allows to retrieve or set user state without directly using the PasswordPolicyStateExtendedRequest
Providing a single trigger attribute (ds-pwp-user-state-get-all) along with a search request will retrieve all available information. The following password policy state operations are supported:
- OP_TYPE_GET_ACCOUNT_ACTIVATION_TIME
- OP_TYPE_GET_ACCOUNT_DISABLED_STATE
- OP_TYPE_GET_ACCOUNT_EXPIRATION_TIME
- OP_TYPE_GET_ACCOUNT_USABILITY_ERRORS
- OP_TYPE_GET_ACCOUNT_USABILITY_NOTICES
- OP_TYPE_GET_ACCOUNT_USABILITY_WARNINGS
- OP_TYPE_GET_AUTH_FAILURE_TIMES
- OP_TYPE_GET_GRACE_LOGIN_USE_TIMES
- OP_TYPE_GET_LAST_LOGIN_IP_ADDRESS
- OP_TYPE_GET_LAST_LOGIN_TIME
- OP_TYPE_GET_PASSWORD_RETIRED_TIME
- OP_TYPE_GET_PW_CHANGED_BY_REQUIRED_TIME
- OP_TYPE_GET_PW_CHANGED_TIME
- OP_TYPE_GET_PW_EXPIRATION_WARNED_TIME
- OP_TYPE_GET_PW_HISTORY
- OP_TYPE_GET_PW_POLICY_DN
- OP_TYPE_GET_PW_RESET_STATE
- OP_TYPE_GET_REMAINING_AUTH_FAILURE_COUNT
- OP_TYPE_GET_REMAINING_GRACE_LOGIN_COUNT
- OP_TYPE_GET_RETIRED_PASSWORD_EXPIRATION_TIME
- OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_ACTIVATION
- OP_TYPE_GET_SECONDS_UNTIL_ACCOUNT_EXPIRATION
- OP_TYPE_GET_SECONDS_UNTIL_AUTH_FAILURE_UNLOCK
- OP_TYPE_GET_SECONDS_UNTIL_IDLE_LOCKOUT
- OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION
- OP_TYPE_GET_SECONDS_UNTIL_PW_EXPIRATION_WARNING
- OP_TYPE_GET_SECONDS_UNTIL_PW_RESET_LOCKOUT
- OP_TYPE_GET_SECONDS_UNTIL_REQUIRED_CHANGE_TIME
- OP_TYPE_HAS_RETIRED_PASSWORD
The following attributes are available to use in a modify operation:
- ds-pwp-user-state-account-activation-time
- ds-pwp-user-state-account-disabled
- ds-pwp-user-state-account-expiration-time
- ds-pwp-user-state-account-expired
- ds-pwp-user-state-account-failure-locked
- ds-pwp-user-state-account-idle-locked
- ds-pwp-user-state-account-not-active-yet
- ds-pwp-user-state-account-reset-locked
- ds-pwp-user-state-account-usability-error
- ds-pwp-user-state-account-usability-notice
- ds-pwp-user-state-account-usability-warning
- ds-pwp-user-state-account-usable
- ds-pwp-user-state-auth-failure-time
- ds-pwp-user-state-available-sasl-mechanism
- ds-pwp-user-state-available-totp-delivery-mechanism
- ds-pwp-user-state-failure-lockout-time
- ds-pwp-user-state-grace-login-use-time
- ds-pwp-user-state-idle-lockout-time
- ds-pwp-user-state-last-login-ip-address
- ds-pwp-user-state-last-login-time
- ds-pwp-user-state-pw-changed-by-required-time
- ds-pwp-user-state-pw-changed-time
- ds-pwp-user-state-pw-expiration-time
- ds-pwp-user-state-pw-expiration-warned-time
- ds-pwp-user-state-pw-expired
- ds-pwp-user-state-pw-history
- ds-pwp-user-state-pw-history-count
- ds-pwp-user-state-pw-reset
- ds-pwp-user-state-pw-retired-time
- ds-pwp-user-state-pwp-dn
- ds-pwp-user-state-remaining-auth-failure-count
- ds-pwp-user-state-remaining-grace-login-count
- ds-pwp-user-state-has-retired-password
- ds-pwp-user-state-retired-password-expiration-time
- ds-pwp-user-state-seconds-until-account-activation
- ds-pwp-user-state-seconds-until-account-expiration
- ds-pwp-user-state-seconds-until-auth-failure-unlock
- ds-pwp-user-state-seconds-until-idle-lockout
- ds-pwp-user-state-seconds-until-pw-expiration
- ds-pwp-user-state-seconds-until-pw-expiration-warning
- ds-pwp-user-state-seconds-until-pw-reset-lockout
- ds-pwp-user-state-seconds-until-required-changed-time
Example usage:
ldapmodify -D cn=directory\ manager -w password
dn: uid=user.0,ou=people,dc=example,dc=comchangetype: modify
add: ds-pwp-user-state-account-disabled
ds-pwp-user-state-account-disabled: true
Allowed Arguments
| Argument Name: | time-format |
| Description: | the date time format as per Java SimpleDateFormat specification. (Default: yyyyMMddHHmmss.SSS'Z') |
| Data Type: | String |
| Is Required: | false |
| Maximum Occurrences: | 1 |