The Password Policy Import Plugin ensures that clear-text passwords contained in LDIF entries are properly encoded before they are stored in the appropriate directory server backend.
The Password Policy Import Plugin object inherits from Plugin.
Password Policy Import Plugins depend on the following objects:
Use the --advanced option to access advanced properties.
Basic Properties
Advanced Properties
default-auth-password-storage-scheme
| Synopsis | Specifies the names of password storage schemes that to be used for encoding passwords contained in attributes with the auth password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy should be used to govern them. |
| Default Value | If the default password policy uses an attribute with the auth password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes auth password values using the "SHA1" scheme. |
| Allowed Values | The name of an existing Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import plug-in is enabled. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
default-user-password-storage-scheme
| Synopsis | Specifies the names of the password storage schemes to be used for encoding passwords contained in attributes with the user password syntax for entries that do not include the ds-pwp-password-policy-dn attribute specifying which password policy is to be used to govern them. |
| Default Value | If the default password policy uses the attribute with the user password syntax, then the server uses the default password storage schemes for that password policy. Otherwise, it encodes user password values using the "SSHA" scheme. |
| Allowed Values | The name of an existing Password Storage Scheme. The referenced password storage schemes must be enabled when the Password Policy Import Plugin is enabled. |
| Multi-valued | Yes |
| Required | No |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
| Synopsis | Indicates whether the plug-in is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | No |
| Read-Only | No |
invoke-for-internal-operations
| Synopsis | Indicates whether the plug-in should be invoked for internal operations. |
| Description | Any plug-in that can be invoked for internal operations must ensure that it does not create any new internal operatons that can cause the same plug-in to be re-invoked. |
| Default Value | false |
| Allowed Values | true false |
| Multi-valued | No |
| Required | No |
| Admin Action Required | None |
| Advanced | Yes |
| Read-Only | No |
| Synopsis | Specifies the fully-qualified name of the Java class that provides the plug-in implementation. |
| Default Value | org.opends.server.plugins.PasswordPolicyImportPlugin |
| Allowed Values | A Java class that extends or implements: org.opends.server.api.plugin.DirectoryServerPlugin |
| Multi-valued | No |
| Required | Yes |
| Admin Action Required | None |
| Advanced | Yes |
| Read-Only | No |
| Synopsis | Specifies the set of plug-in types for the plug-in, which specifies the times at which the plug-in is invoked. |
| Default Value | ldifimport |
| Allowed Values | intermediateresponse: Invoked before sending an intermediate repsonse message to the client. ldifexport: Invoked for each operation to be written during an LDIF export. ldifimport: Invoked for each entry read during an LDIF import. ldifimportbegin: Invoked at the beginning of an LDIF import session. ldifimportend: Invoked at the end of an LDIF import session. postconnect: Invoked whenever a new connection is established to the server. postdisconnect: Invoked whenever an existing connection is terminated (by either the client or the server). postoperationabandon: Invoked after completing the abandon processing. postoperationadd: Invoked after completing the core add processing but before sending the response to the client. postoperationbind: Invoked after completing the core bind processing but before sending the response to the client. postoperationcompare: Invoked after completing the core compare processing but before sending the response to the client. postoperationdelete: Invoked after completing the core delete processing but before sending the response to the client. postoperationextended: Invoked after completing the core extended processing but before sending the response to the client. postoperationmodify: Invoked after completing the core modify processing but before sending the response to the client. postoperationmodifydn: Invoked after completing the core modify DN processing but before sending the response to the client. postoperationsearch: Invoked after completing the core search processing but before sending the response to the client. postoperationunbind: Invoked after completing the unbind processing. postresponseadd: Invoked after sending the add response to the client. postresponsebind: Invoked after sending the bind response to the client. postresponsecompare: Invoked after sending the compare response to the client. postresponsedelete: Invoked after sending the delete response to the client. postresponseextended: Invoked after sending the extended response to the client. postresponsemodify: Invoked after sending the modify response to the client. postresponsemodifydn: Invoked after sending the modify DN response to the client. postresponsesearch: Invoked after sending the search result done message to the client. postsynchronizationadd: Invoked after completing post-synchronization processing for an add operation. postsynchronizationdelete: Invoked after completing post-synchronization processing for a delete operation. postsynchronizationmodify: Invoked after completing post-synchronization processing for a modify operation. postsynchronizationmodifydn: Invoked after completing post-synchronization processing for a modify DN operation. preoperationadd: Invoked prior to performing the core add processing. preoperationbind: Invoked prior to performing the core bind processing. preoperationcompare: Invoked prior to performing the core compare processing. preoperationdelete: Invoked prior to performing the core delete processing. preoperationextended: Invoked prior to performing the core extended processing. preoperationmodify: Invoked prior to performing the core modify processing. preoperationmodifydn: Invoked prior to performing the core modify DN processing. preoperationsearch: Invoked prior to performing the core search processing. preparseabandon: Invoked prior to parsing an abandon request. preparseadd: Invoked prior to parsing an add request. preparsebind: Invoked prior to parsing a bind request. preparsecompare: Invoked prior to parsing a compare request. preparsedelete: Invoked prior to parsing a delete request. preparseextended: Invoked prior to parsing an extended request. preparsemodify: Invoked prior to parsing a modify request. preparsemodifydn: Invoked prior to parsing a modify DN request. preparsesearch: Invoked prior to parsing a search request. preparseunbind: Invoked prior to parsing an unbind request. searchresultentry: Invoked before sending a search result entry to the client. searchresultreference: Invoked before sending a search result reference to the client. shutdown: Invoked during a graceful directory server shutdown. startup: Invoked during the directory server startup process. subordinatedelete: Invoked in the course of deleting a subordinate entry of a delete operation. subordinatemodifydn: Invoked in the course of moving or renaming an entry subordinate to the target of a modify DN operation. |
| Multi-valued | Yes |
| Required | Yes |
| Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
| Advanced | Yes |
| Read-Only | No |