server/core/PasswordPolicyTestCase.java

296N/A/*
296N/A * CDDL HEADER START
296N/A *
296N/A * The contents of this file are subject to the terms of the
296N/A * Common Development and Distribution License, Version 1.0 only
296N/A * (the "License").  You may not use this file except in compliance
296N/A * with the License.
296N/A *
296N/A * You can obtain a copy of the license at
296N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE
296N/A * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
296N/A * See the License for the specific language governing permissions
296N/A * and limitations under the License.
296N/A *
296N/A * When distributing Covered Code, include this CDDL HEADER in each
296N/A * file and include the License file at
296N/A * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
296N/A * add the following below this CDDL HEADER, with the fields enclosed
873N/A * by brackets "[]" replaced with your own identifying information:
296N/A *      Portions Copyright [yyyy] [name of copyright owner]
296N/A *
296N/A * CDDL HEADER END
296N/A *
296N/A *
3232N/A *      Copyright 2006-2008 Sun Microsystems, Inc.
5433N/A *      Portions Copyright 2011 ForgeRock AS
296N/A */
296N/Apackage org.opends.server.core;
296N/A
296N/A
296N/A
296N/Aimport java.util.List;
5488N/Aimport java.util.Set;
296N/A
296N/Aimport org.testng.annotations.BeforeClass;
296N/Aimport org.testng.annotations.DataProvider;
296N/Aimport org.testng.annotations.Test;
296N/A
296N/Aimport org.opends.server.TestCaseUtils;
1205N/Aimport org.opends.server.admin.server.AdminTestCaseUtils;
1205N/Aimport org.opends.server.admin.std.meta.PasswordPolicyCfgDefn;
1205N/Aimport org.opends.server.admin.std.server.PasswordPolicyCfg;
296N/Aimport org.opends.server.api.PasswordStorageScheme;
296N/Aimport org.opends.server.config.ConfigEntry;
296N/Aimport org.opends.server.config.ConfigException;
1653N/Aimport org.opends.server.tools.LDAPModify;
296N/Aimport org.opends.server.types.AttributeType;
296N/Aimport org.opends.server.types.DN;
296N/Aimport org.opends.server.types.Entry;
338N/Aimport org.opends.server.types.InitializationException;
2063N/Aimport org.opends.server.util.TimeThread;
296N/A
296N/Aimport static org.testng.Assert.*;
296N/A
296N/A
296N/A
296N/A/**
296N/A * A set of generic test cases for the Directory Server password policy class.
296N/A */
296N/Apublic class PasswordPolicyTestCase
296N/A       extends CoreTestCase
296N/A{
296N/A  /**
296N/A   * Ensures that the Directory Server is running.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @BeforeClass()
296N/A  public void startServer()
296N/A         throws Exception
296N/A  {
2342N/A    TestCaseUtils.restartServer();
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Retrieves a set of invalid configurations that cannot be used to
296N/A   * initialize a password policy.
296N/A   *
296N/A   * @return  A set of invalid configurations that cannot be used to
296N/A   *          initialize a password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @DataProvider(name = "invalidConfigs")
296N/A  public Object[][] getInvalidConfigurations()
296N/A         throws Exception
296N/A  {
296N/A    List<Entry> entries = TestCaseUtils.makeEntries(
1452N/A         "dn: cn=Default Password Policy 1,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 2,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: invalid",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 3,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: cn",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 4,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
296N/A         "ds-cfg-last-login-time-attribute: invalid",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 5,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: invalid",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 6,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: invalid",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 7,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: invalid",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 8,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: invalid",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 9,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: invalid",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 10,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: invalid",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 11,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: invalid",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 12,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: invalid",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 13,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: invalid",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 14,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: invalid",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 15,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: invalid",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 16,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: -1",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 17,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: notnumeric",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 18,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: -1 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 19,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: notnumeric seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 20,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 21,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 invalid",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 22,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: invalid",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 23,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: -1 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 24,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: notnumeric seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 25,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: -1 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 26,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 invalid",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 27,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: invalid",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 28,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: -1",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 29,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: notnumeric",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 30,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: -1 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 31,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: notnumeric seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 32,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 33,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 invalid",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 34,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: invalid",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 35,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: -1 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 36,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: invalid seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 37,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 38,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 invalid",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 39,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: invalid",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 40,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: -1 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 41,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: invalid seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 42,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 43,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 invalid",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 44,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: invalid",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 45,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: -1 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 46,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: invalid seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 47,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 48,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 invalid",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 49,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: invalid",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 50,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 0 seconds",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 51,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: -1 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 52,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: invalid days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 53,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 54,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 invalid",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 55,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: invalid",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 56,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "ds-cfg-require-change-by-time: invalid",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 57,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "ds-cfg-last-login-time-format: invalid",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 58,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: invalid",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 59,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=nonexistent," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 60,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
2624N/A         "ds-cfg-account-status-notification-handler: invalid",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 61,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
2624N/A         "ds-cfg-account-status-notification-handler: cn=nonexistent," +
296N/A              "cn=Account Status Notification Handlers,cn=config",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 62,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 63,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Undefined,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 64,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: invalid",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 65,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
2624N/A         "ds-cfg-password-validator: invalid",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 66,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
2624N/A         "ds-cfg-password-validator: cn=nonexistent," +
296N/A              "cn=Password Validators,cn=config",
296N/A         "",
1452N/A         "dn: cn=Default Password Policy 67,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: 0 seconds",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "ds-cfg-previous-last-login-time-format: invalid",
296N/A         "",
296N/A      // This is a catch-all invalid case to get coverage for attributes not
296N/A      // normally included in the default scheme.  It is based on the internal
296N/A      // knowledge that the idle lockout interval is the last attribute checked
296N/A      // during validation.
1452N/A         "dn: cn=Default Password Policy 68,cn=Password Policies,cn=config",
296N/A         "objectClass: top",
296N/A         "objectClass: ds-cfg-password-policy",
296N/A         "cn: Default Password Policy",
296N/A         "ds-cfg-password-attribute: userPassword",
2624N/A         "ds-cfg-default-password-storage-scheme: " +
2414N/A              "cn=Salted SHA-1,cn=Password Storage Schemes,cn=config",
2414N/A         "ds-cfg-deprecated-password-storage-scheme: " +
2414N/A              "cn=BASE64,cn=Password Storage Schemes,cn=config",
296N/A         "ds-cfg-allow-expired-password-changes: false",
296N/A         "ds-cfg-allow-multiple-password-values: false",
296N/A         "ds-cfg-allow-pre-encoded-passwords: false",
296N/A         "ds-cfg-allow-user-password-changes: true",
296N/A         "ds-cfg-expire-passwords-without-warning: false",
296N/A         "ds-cfg-force-change-on-add: false",
296N/A         "ds-cfg-force-change-on-reset: false",
296N/A         "ds-cfg-grace-login-count: 0",
296N/A         "ds-cfg-idle-lockout-interval: invalid",
296N/A         "ds-cfg-lockout-failure-count: 0",
296N/A         "ds-cfg-lockout-duration: 0 seconds",
296N/A         "ds-cfg-lockout-failure-expiration-interval: 0 seconds",
2624N/A         "ds-cfg-min-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-age: 0 seconds",
2624N/A         "ds-cfg-max-password-reset-age: 0 seconds",
296N/A         "ds-cfg-password-expiration-warning-interval: 5 days",
2624N/A         "ds-cfg-password-generator: cn=Random Password Generator," +
296N/A              "cn=Password Generators,cn=config",
296N/A         "ds-cfg-password-change-requires-current-password: false",
296N/A         "ds-cfg-require-secure-authentication: false",
296N/A         "ds-cfg-require-secure-password-changes: false",
296N/A         "ds-cfg-skip-validation-for-administrators: false",
296N/A         "ds-cfg-require-change-by-time: 20060101000000Z",
296N/A         "ds-cfg-last-login-time-attribute: ds-pwp-last-login-time",
296N/A         "ds-cfg-last-login-time-format: yyyyMMdd",
296N/A         "ds-cfg-previous-last-login-time-format: yyyyMMddHHmmss",
2624N/A         "ds-cfg-account-status-notification-handler: " +
296N/A              "cn=Error Log Handler,cn=Account Status Notification Handlers," +
296N/A              "cn=config");
296N/A
296N/A
296N/A    Object[][] configEntries = new Object[entries.size()][1];
296N/A    for (int i=0; i < configEntries.length; i++)
296N/A    {
296N/A      configEntries[i] = new Object[] { entries.get(i) };
296N/A    }
296N/A
296N/A    return configEntries;
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Ensures that password policy creation will fail when given an invalid
296N/A   * configuration.
296N/A   *
296N/A   * @param  e  The entry containing an invalid password policy configuration.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test(dataProvider = "invalidConfigs",
296N/A        expectedExceptions = { ConfigException.class,
296N/A                               InitializationException.class })
296N/A  public void testInvalidConstructor(Entry e)
296N/A         throws Exception
296N/A  {
296N/A    DN parentDN = DN.decode("cn=Password Policies,cn=config");
296N/A    ConfigEntry parentEntry = DirectoryServer.getConfigEntry(parentDN);
296N/A    ConfigEntry configEntry = new ConfigEntry(e, parentEntry);
296N/A
1205N/A    PasswordPolicyCfg configuration =
1205N/A      AdminTestCaseUtils.getConfiguration(PasswordPolicyCfgDefn.getInstance(),
1205N/A          configEntry.getEntry());
1205N/A
5488N/A    new PasswordPolicyFactory().createAuthenticationPolicy(configuration);
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordAttribute</CODE> method for the default password
296N/A   * policy.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordAttributeDefault()
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    AttributeType  t = p.getPasswordAttribute();
296N/A    assertEquals(t, DirectoryServer.getAttributeType("userpassword"));
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordAttribute</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordAttributeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    AttributeType  t = p.getPasswordAttribute();
296N/A    assertEquals(t, DirectoryServer.getAttributeType("authpassword"));
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>usesAuthPasswordSyntax</CODE> method for the default
296N/A   * password policy.
296N/A   */
296N/A  @Test()
296N/A  public void testUsesAuthPasswordSyntaxDefault()
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isAuthPasswordSyntax());
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>usesAuthPasswordSyntax</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testUsesAuthPasswordSyntaxAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAuthPasswordSyntax());
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getDefaultStorageSchemes</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetDefaultStorageSchemesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    List<PasswordStorageScheme<?>> defaultSchemes =
5488N/A         p.getDefaultPasswordStorageSchemes();
296N/A    assertNotNull(defaultSchemes);
296N/A    assertFalse(defaultSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "default-password-storage-scheme:Base64");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    defaultSchemes = p.getDefaultPasswordStorageSchemes();
296N/A    assertNotNull(defaultSchemes);
296N/A    assertFalse(defaultSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted SHA-1");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getDefaultStorageSchemes</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetDefaultStorageSchemesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    List<PasswordStorageScheme<?>> defaultSchemes =
5488N/A         p.getDefaultPasswordStorageSchemes();
296N/A    assertNotNull(defaultSchemes);
296N/A    assertFalse(defaultSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted MD5");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    defaultSchemes = p.getDefaultPasswordStorageSchemes();
296N/A    assertNotNull(defaultSchemes);
296N/A    assertFalse(defaultSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted SHA-1");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>isDefaultStorageScheme</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testIsDefaultStorageSchemeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isDefaultPasswordStorageScheme("SSHA"));
5488N/A    assertFalse(p.isDefaultPasswordStorageScheme("CLEAR"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "default-password-storage-scheme:BASE64");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isDefaultPasswordStorageScheme("BASE64"));
5488N/A    assertFalse(p.isDefaultPasswordStorageScheme("SSHA"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted SHA-1");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>isDefaultStorageScheme</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testIsDefaultStorageSchemeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isDefaultPasswordStorageScheme("SHA1"));
5488N/A    assertFalse(p.isDefaultPasswordStorageScheme("MD5"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted MD5");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isDefaultPasswordStorageScheme("MD5"));
5488N/A    assertFalse(p.isDefaultPasswordStorageScheme("SHA1"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "default-password-storage-scheme:Salted SHA-1");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getDeprecatedStorageSchemes</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetDeprecatedStorageSchemesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    Set<String> deprecatedSchemes =
5488N/A         p.getDeprecatedPasswordStorageSchemes();
296N/A    assertNotNull(deprecatedSchemes);
296N/A    assertTrue(deprecatedSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "deprecated-password-storage-scheme:BASE64");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    deprecatedSchemes = p.getDeprecatedPasswordStorageSchemes();
296N/A    assertNotNull(deprecatedSchemes);
296N/A    assertFalse(deprecatedSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "deprecated-password-storage-scheme:BASE64");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getDeprecatedStorageSchemes</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetDeprecatedStorageSchemesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    Set<String> deprecatedSchemes =
5488N/A         p.getDeprecatedPasswordStorageSchemes();
296N/A    assertNotNull(deprecatedSchemes);
296N/A    assertTrue(deprecatedSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "deprecated-password-storage-scheme:Salted MD5");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    deprecatedSchemes = p.getDeprecatedPasswordStorageSchemes();
296N/A    assertNotNull(deprecatedSchemes);
296N/A    assertFalse(deprecatedSchemes.isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "deprecated-password-storage-scheme:Salted MD5");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>isDeprecatedStorageScheme</CODE> method for the default
296N/A   * password storage scheme.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testIsDeprecatedStorageSchemeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isDeprecatedPasswordStorageScheme("BASE64"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "deprecated-password-storage-scheme:BASE64");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isDeprecatedPasswordStorageScheme("BASE64"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "deprecated-password-storage-scheme:BASE64");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>isDeprecatedStorageScheme</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testIsDeprecatedStorageSchemeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isDeprecatedPasswordStorageScheme("MD5"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "deprecated-password-storage-scheme:Salted MD5");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isDeprecatedPasswordStorageScheme("MD5"));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "deprecated-password-storage-scheme:Salted MD5");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordValidators</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordValidatorsDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getPasswordValidators());
366N/A    assertFalse(p.getPasswordValidators().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--add", "password-validator:Length-Based Password Validator");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getPasswordValidators());
296N/A    assertFalse(p.getPasswordValidators().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "password-validator:Length-Based Password Validator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordValidators</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordValidatorsAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getPasswordValidators());
366N/A    assertFalse(p.getPasswordValidators().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--add", "password-validator:Length-Based Password Validator");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getPasswordValidators());
296N/A    assertFalse(p.getPasswordValidators().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "password-validator:Length-Based Password Validator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getAccountStatusNotificationHandlers</CODE> method for the
296N/A   * default password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetAccountStatusNotificationHandlersDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getAccountStatusNotificationHandlers());
296N/A    assertTrue(p.getAccountStatusNotificationHandlers().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--add", "account-status-notification-handler:Error Log Handler");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getAccountStatusNotificationHandlers());
296N/A    assertFalse(p.getAccountStatusNotificationHandlers().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "account-status-notification-handler:Error Log Handler");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getAccountStatusNotificationHandlers</CODE> method for a
296N/A   * password policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetAccountStatusNotificationHandlersAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getAccountStatusNotificationHandlers());
296N/A    assertTrue(p.getAccountStatusNotificationHandlers().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--add", "account-status-notification-handler:Error Log Handler");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getAccountStatusNotificationHandlers());
296N/A    assertFalse(p.getAccountStatusNotificationHandlers().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "account-status-notification-handler:Error Log Handler");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowUserPasswordChanges</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowUserPasswordChangesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isAllowUserPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-user-password-changes:false");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isAllowUserPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-user-password-changes:true");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowUserPasswordChanges</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowUserPasswordChangesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAllowUserPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-user-password-changes:false");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isAllowUserPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-user-password-changes:true");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireCurrentPassword</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireCurrentPasswordDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isPasswordChangeRequiresCurrentPassword());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-change-requires-current-password:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isPasswordChangeRequiresCurrentPassword());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-change-requires-current-password:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireCurrentPassword</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireCurrentPasswordAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isPasswordChangeRequiresCurrentPassword());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "password-change-requires-current-password:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAllowUserPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "password-change-requires-current-password:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>forceChangeOnAdd</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testForceChangeOnAddDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isForceChangeOnAdd());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "force-change-on-add:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isForceChangeOnAdd());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "force-change-on-add:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>forceChangeOnAdd</CODE> method for a password policy using
296N/A   * the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testForceChangeOnAddAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isPasswordChangeRequiresCurrentPassword());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "force-change-on-add:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isForceChangeOnAdd());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "force-change-on-add:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>forceChangeOnReset</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testForceChangeOnResetDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isForceChangeOnReset());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "force-change-on-reset:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isForceChangeOnReset());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "force-change-on-reset:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>forceChangeOnReset</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testForceChangeOnResetAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isPasswordChangeRequiresCurrentPassword());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "force-change-on-reset:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isForceChangeOnReset());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "force-change-on-reset:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>skipValidationForAdministrators</CODE> method for the
296N/A   * default password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testSkipValidationForAdministratorsDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isSkipValidationForAdministrators());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "skip-validation-for-administrators:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isSkipValidationForAdministrators());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "skip-validation-for-administrators:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>skipValidationForAdministrators</CODE> method for a
296N/A   * password policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testSkipValidationForAdministratorsAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isSkipValidationForAdministrators());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "skip-validation-for-administrators:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isSkipValidationForAdministrators());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "skip-validation-for-administrators:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getPasswordGenerator</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordGeneratorDNDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
2624N/A    assertNotNull(p.getPasswordGenerator());
2624N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "password-generator:Random Password Generator");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
2624N/A    assertNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "password-generator:Random Password Generator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getPasswordGenerator</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordGeneratorDNAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
2624N/A    assertNotNull(p.getPasswordGenerator());
2624N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "password-generator:Random Password Generator");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
2624N/A    assertNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "password-generator:Random Password Generator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordGenerator</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordGeneratorDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--remove", "password-generator:Random Password Generator");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "password-generator:Random Password Generator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPasswordGenerator</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPasswordGeneratorAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--remove", "password-generator:Random Password Generator");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNull(p.getPasswordGenerator());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "password-generator:Random Password Generator");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireSecureAuthentication</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireSecureAuthenticationDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isRequireSecureAuthentication());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "require-secure-authentication:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isRequireSecureAuthentication());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "require-secure-authentication:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireSecureAuthentication</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireSecureAuthenticationAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isRequireSecureAuthentication());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "require-secure-authentication:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isRequireSecureAuthentication());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "require-secure-authentication:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireSecurePasswordChanges</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireSecurePasswordChangesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isRequireSecurePasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "require-secure-password-changes:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isRequireSecurePasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "require-secure-password-changes:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>requireSecurePasswordChanges</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testRequireSecurePasswordChangesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isRequireSecurePasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "require-secure-password-changes:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isRequireSecurePasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "require-secure-password-changes:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowMultiplePasswordValues</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowMultiplePasswordValuesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isAllowMultiplePasswordValues());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-multiple-password-values:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isAllowMultiplePasswordValues());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-multiple-password-values:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowMultiplePasswordValues</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowMultiplePasswordValuesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isAllowMultiplePasswordValues());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-multiple-password-values:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAllowMultiplePasswordValues());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-multiple-password-values:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowPreEncodedPasswords</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowPreEncodedPasswordsDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isAllowPreEncodedPasswords());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-pre-encoded-passwords:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isAllowPreEncodedPasswords());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-pre-encoded-passwords:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowPreEncodedPasswords</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowPreEncodedPasswordsAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isAllowPreEncodedPasswords());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-pre-encoded-passwords:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAllowPreEncodedPasswords());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-pre-encoded-passwords:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMinPasswordAge</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMinimumPasswordAgeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMinPasswordAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "min-password-age:24 hours");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMinPasswordAge(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "min-password-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMinPasswordAge</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMinimumPasswordAgeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMinPasswordAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "min-password-age:24 hours");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMinPasswordAge(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "min-password-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMaxPasswordAge</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMaximumPasswordAgeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMaxPasswordAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "max-password-age:90 days");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMaxPasswordAge(), (90*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "max-password-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMaxPasswordAge</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMaximumPasswordAgeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMaxPasswordAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "max-password-age:90 days");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMaxPasswordAge(), (90*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "max-password-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMaxPasswordResetAge</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMaximumPasswordResetAgeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMaxPasswordResetAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "max-password-reset-age:24 hours");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getMaxPasswordResetAge(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2624N/A      "--set", "max-password-reset-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
2624N/A   * Tests the <CODE>getMaxPasswordResetAge</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetMaximumPasswordResetAgeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMaxPasswordResetAge(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "max-password-reset-age:24 hours");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getMaxPasswordResetAge(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2624N/A      "--set", "max-password-reset-age:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getWarningInterval</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetWarningIntervalDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getPasswordExpirationWarningInterval(), (5*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-expiration-warning-interval:24 hours");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertEquals(p.getPasswordExpirationWarningInterval(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-expiration-warning-interval:5 days");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getWarningInterval</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetWarningIntervalAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getPasswordExpirationWarningInterval(), (5*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "password-expiration-warning-interval:24 hours");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertEquals(p.getPasswordExpirationWarningInterval(), (24*60*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "password-expiration-warning-interval:5 days");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>expirePasswordsWithoutWarning</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testExpirePasswordsWithoutWarningDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isExpirePasswordsWithoutWarning());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "expire-passwords-without-warning:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isExpirePasswordsWithoutWarning());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "expire-passwords-without-warning:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>expirePasswordsWithoutWarning</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testExpirePasswordsWithoutWarningAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isExpirePasswordsWithoutWarning());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "expire-passwords-without-warning:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isExpirePasswordsWithoutWarning());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "expire-passwords-without-warning:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowExpiredPasswordChanges</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowExpiredPasswordChangesDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertFalse(p.isAllowExpiredPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-expired-password-changes:true");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
5488N/A    assertTrue(p.isAllowExpiredPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "allow-expired-password-changes:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>allowExpiredPasswordChanges</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testAllowExpiredPasswordChangesAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertFalse(p.isAllowExpiredPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-expired-password-changes:true");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
5488N/A    assertTrue(p.isAllowExpiredPasswordChanges());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "allow-expired-password-changes:false");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getGraceLoginCount</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetGraceLoginCountDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getGraceLoginCount(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "grace-login-count:3");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getGraceLoginCount(), 3);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "grace-login-count:0");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getGraceLoginCount</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetGraceLoginCountAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getGraceLoginCount(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "grace-login-count:3");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getGraceLoginCount(), 3);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "grace-login-count:0");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutFailureCount</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutFailureCountDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutFailureCount(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-failure-count:3");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutFailureCount(), 3);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-failure-count:0");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutFailureCount</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutFailureCountAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutFailureCount(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-failure-count:3");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutFailureCount(), 3);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-failure-count:0");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutDuration</CODE> method for the default password
296N/A   * policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutDurationDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutDuration(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-duration:15 minutes");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutDuration(), (15*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-duration:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutDuration</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutDurationAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutDuration(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-duration:15 minutes");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutDuration(), (15*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-duration:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutFailureExpirationInterval</CODE> method for the
296N/A   * default password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutFailureExpirationIntervalDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutFailureExpirationInterval(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-failure-expiration-interval:10 minutes");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLockoutFailureExpirationInterval(), (10*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "lockout-failure-expiration-interval:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLockoutFailureExpirationInterval</CODE> method for a
296N/A   * password policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLockoutFailureExpirationIntervalAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutFailureExpirationInterval(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-failure-expiration-interval:10 minutes");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLockoutFailureExpirationInterval(), (10*60));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "lockout-failure-expiration-interval:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getRequireChangeByTime</CODE> method for the default
2414N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetRequireChangeByTimeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getRequireChangeByTime(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "require-change-by-time:19700101000001Z");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getRequireChangeByTime(), 1000);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--remove", "require-change-by-time:19700101000001Z");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getRequireChangeByTime</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetRequireChangeByTimeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getRequireChangeByTime(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "require-change-by-time:19700101000001Z");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getRequireChangeByTime(), 1000);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--remove", "require-change-by-time:19700101000001Z");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLastLoginTimeAttribute</CODE> method for the default
2414N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLastLoginTimeAttributeDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNull(p.getLastLoginTimeAttribute());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "last-login-time-attribute:ds-pwp-last-login-time");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getLastLoginTimeAttribute());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--remove", "last-login-time-attribute:ds-pwp-last-login-time");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLastLoginTimeAttribute</CODE> method for a password
296N/A   * policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLastLoginTimeAttributeAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNull(p.getLastLoginTimeAttribute());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "last-login-time-attribute:ds-pwp-last-login-time");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getLastLoginTimeAttribute());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--remove", "last-login-time-attribute:ds-pwp-last-login-time");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLastLoginTimeFormat</CODE> method for the default
2414N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLastLoginTimeAttributeFormatDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNull(p.getLastLoginTimeFormat());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "last-login-time-format:yyyyMMdd");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getLastLoginTimeFormat(), "yyyyMMdd");
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--remove", "last-login-time-format:yyyyMMdd");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getLastLoginTimeFormat</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetLastLoginTimeFormatAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNull(p.getLastLoginTimeFormat());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "last-login-time-format:yyyyMMdd");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getLastLoginTimeFormat(), "yyyyMMdd");
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--remove", "last-login-time-format:yyyyMMdd");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPreviousLastLoginTimeFormats</CODE> method for the
2414N/A   * default password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPreviousLastLoginTimeFormatsDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getPreviousLastLoginTimeFormats());
296N/A    assertTrue(p.getPreviousLastLoginTimeFormats().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "previous-last-login-time-format:yyyyMMdd");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.getPreviousLastLoginTimeFormats());
296N/A    assertFalse(p.getPreviousLastLoginTimeFormats().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--remove", "previous-last-login-time-format:yyyyMMdd");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getPreviousLastLoginTimeFormats</CODE> method for a
296N/A   * password policy using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetPreviousLastLoginTimeFormatsAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getPreviousLastLoginTimeFormats());
296N/A    assertTrue(p.getPreviousLastLoginTimeFormats().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "previous-last-login-time-format:yyyyMMdd");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.getPreviousLastLoginTimeFormats());
296N/A    assertFalse(p.getPreviousLastLoginTimeFormats().isEmpty());
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--remove", "previous-last-login-time-format:yyyyMMdd");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getIdleLockoutInterval</CODE> method for the default
296N/A   * password policy.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetIdleLockoutIntervalDefault()
296N/A         throws Exception
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getIdleLockoutInterval(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "idle-lockout-interval:90 days");
296N/A
808N/A    p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertEquals(p.getIdleLockoutInterval(), (90*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "idle-lockout-interval:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>getIdleLockoutInterval</CODE> method for a password policy
296N/A   * using the authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
296N/A  @Test()
296N/A  public void testGetIdleLockoutIntervalAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getIdleLockoutInterval(), 0);
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "idle-lockout-interval:90 days");
296N/A
5488N/A    p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertEquals(p.getIdleLockoutInterval(), (90*60*60*24));
296N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "SHA1 AuthPassword Policy",
2063N/A      "--set", "idle-lockout-interval:0 seconds");
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
1653N/A   * Tests the ability of a user to bind to the server when their account
1653N/A   * includes the pwdReset operational attribute and last login time tracking is
1653N/A   * enabled.
1653N/A   *
1653N/A   * @throws  Exception  If an unexpected problem occurs.
1653N/A   */
1653N/A  @Test()
1653N/A  public void testResetWithLastLoginTime()
1653N/A         throws Exception
1653N/A  {
1653N/A    TestCaseUtils.initializeTestBackend(true);
1653N/A    TestCaseUtils.addEntry(
1653N/A      "dn: uid=test.user,o=test",
1653N/A      "objectClass: top",
1653N/A      "objectClass: person",
1653N/A      "objectClass: organizationalPerson",
1653N/A      "objectClass: inetOrgPerson",
1653N/A      "uid: test.user",
1653N/A      "givenName: Test",
1653N/A      "sn: User",
1653N/A      "cn: Test User",
1653N/A      "userPassword: oldpassword",
1653N/A      "ds-privilege-name: bypass-acl"
1653N/A    );
1653N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "force-change-on-reset:true",
2063N/A      "--set", "last-login-time-attribute:ds-pwp-last-login-time",
2063N/A      "--set", "last-login-time-format:yyyyMMdd");
2063N/A
1653N/A    try
1653N/A    {
3853N/A      TestCaseUtils.applyModifications(false,
1653N/A        "dn: uid=test.user,o=test",
1653N/A        "changetype: modify",
1653N/A        "replace: userPassword",
1653N/A        "userPassword: newpassword");
1653N/A
1653N/A      String path = TestCaseUtils.createTempFile(
1653N/A        "dn: uid=test.user,o=test",
1653N/A        "changetype: modify",
1653N/A        "replace: userPassword",
1653N/A        "userPassword: newnewpassword"
1653N/A      );
1653N/A
1653N/A      String[] args =
1653N/A      {
1653N/A        "-h", "127.0.0.1",
1653N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1653N/A        "-D", "uid=test.user,o=test",
1653N/A        "-w", "newpassword",
1653N/A        "-f", path
1653N/A      };
1653N/A
1653N/A      assertEquals(LDAPModify.mainModify(args, false, null, System.err), 0);
1653N/A    }
1653N/A    finally
1653N/A    {
2063N/A      TestCaseUtils.dsconfig(
2063N/A        "set-password-policy-prop",
2063N/A        "--policy-name", "Default Password Policy",
2063N/A        "--set", "force-change-on-reset:false",
2063N/A        "--remove", "last-login-time-attribute:ds-pwp-last-login-time",
2063N/A        "--remove", "last-login-time-format:yyyyMMdd");
1653N/A    }
1653N/A  }
1653N/A
1653N/A
1653N/A
1653N/A  /**
1874N/A   * Tests the Directory Server's password history maintenance capabilities
1874N/A   * using only the password history count configuration option.
1874N/A   *
1874N/A   * @throws  Exception  If an unexpected problem occurs.
1874N/A   */
2063N/A  @Test()
1874N/A  public void testPasswordHistoryUsingCount()
1874N/A         throws Exception
1874N/A  {
1874N/A    TestCaseUtils.initializeTestBackend(true);
1874N/A    TestCaseUtils.addEntry(
1874N/A      "dn: uid=test.user,o=test",
1874N/A      "objectClass: top",
1874N/A      "objectClass: person",
1874N/A      "objectClass: organizationalPerson",
1874N/A      "objectClass: inetOrgPerson",
1874N/A      "uid: test.user",
1874N/A      "givenName: Test",
1874N/A      "sn: User",
1874N/A      "cn: Test User",
1874N/A      "userPassword: originalPassword",
1874N/A      "ds-privilege-name: bypass-acl");
1874N/A
1874N/A    // Make sure that before we enable history features we can re-use the
1874N/A    // current password.
1874N/A    String origPWPath = TestCaseUtils.createTempFile(
1874N/A      "dn: uid=test.user,o=test",
1874N/A      "changetype: modify",
1874N/A      "replace: userPassword",
1874N/A      "userPassword: originalPassword");
1874N/A
1874N/A    String[] args =
1874N/A    {
1874N/A      "-h", "127.0.0.1",
1874N/A      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A      "-D", "uid=test.user,o=test",
1874N/A      "-w", "originalPassword",
1874N/A      "-f", origPWPath
1874N/A    };
1874N/A
1874N/A    assertEquals(LDAPModify.mainModify(args, false, System.out, System.err), 0);
1874N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-history-count:3");
1874N/A
1874N/A    try
1874N/A    {
1874N/A      // Make sure that we cannot re-use the original password as a new
1874N/A      // password.
1874N/A      assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1874N/A                  0);
1874N/A
1874N/A
1874N/A      // Change the password three times.
1874N/A      String newPWsPath = TestCaseUtils.createTempFile(
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword1",
1874N/A        "",
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword2",
1874N/A        "",
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword3");
1874N/A
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "originalPassword",
1874N/A        "-f", newPWsPath
1874N/A      };
1874N/A
1874N/A      assertEquals(LDAPModify.mainModify(args, false, System.out, System.err),
1874N/A                   0);
1874N/A
1874N/A
2063N/A      // Sleep until we can be sure that the time thread has been updated.
2063N/A      // Otherwise, the password changes can all appear to be in the same
2063N/A      // millisecond and really weird things start to happen because of the way
2063N/A      // that we handle conflicts in password history timestamps.  In short, if
2063N/A      // the history is already at the maximum count and all the previous
2063N/A      // changes occurred in the same millisecond as the new change, then it's
2063N/A      // possible for a new change to come with a timestamp that is before the
2063N/A      // timestamps of all the existing values.
2063N/A      long timeThreadCurrentTime = TimeThread.getTime();
2063N/A      while (timeThreadCurrentTime == TimeThread.getTime())
2063N/A      {
2063N/A        Thread.sleep(10);
2063N/A      }
2063N/A
2063N/A
1874N/A      // Make sure that we still can't use the original password.
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "newPassword3",
1874N/A        "-f", origPWPath
1874N/A      };
1874N/A
1874N/A      assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1874N/A                  0);
1874N/A
1874N/A
1874N/A      // Change the password one more time and then verify that we can use the
1874N/A      // original password again.
1874N/A      String newPWsPath2 = TestCaseUtils.createTempFile(
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword4",
1874N/A        "",
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: originalPassword");
1874N/A
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "newPassword3",
1874N/A        "-f", newPWsPath2
1874N/A      };
1874N/A
1874N/A      assertEquals(LDAPModify.mainModify(args, false, System.out, System.err),
1874N/A                   0);
1874N/A
1874N/A
2063N/A      // Sleep again to ensure that the time thread is updated.
2063N/A      timeThreadCurrentTime = TimeThread.getTime();
2063N/A      while (timeThreadCurrentTime == TimeThread.getTime())
2063N/A      {
2063N/A        Thread.sleep(10);
2063N/A      }
2063N/A
2063N/A
2063N/A      // Make sure that we can't use the second new password.
1874N/A      String firstPWPath = TestCaseUtils.createTempFile(
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
2063N/A        "userPassword: newPassword2");
1874N/A
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "originalPassword",
1874N/A        "-f", firstPWPath
1874N/A      };
1874N/A
1874N/A      assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1874N/A                  0);
1874N/A
1874N/A
2063N/A      // Sleep again to ensure that the time thread is updated.
2063N/A      timeThreadCurrentTime = TimeThread.getTime();
2063N/A      while (timeThreadCurrentTime == TimeThread.getTime())
2063N/A      {
2063N/A        Thread.sleep(10);
2063N/A      }
2063N/A
2063N/A
1874N/A      // Reduce the password history count from 3 to 2 and verify that we can
2063N/A      // now use the second new password.
2063N/A      TestCaseUtils.dsconfig(
2063N/A        "set-password-policy-prop",
2063N/A        "--policy-name", "Default Password Policy",
2063N/A        "--set", "password-history-count:2");
1874N/A
1874N/A      assertEquals(LDAPModify.mainModify(args, false, System.out, System.err),
1874N/A                   0);
1874N/A    }
1874N/A    finally
1874N/A    {
2063N/A      TestCaseUtils.dsconfig(
2063N/A        "set-password-policy-prop",
2063N/A        "--policy-name", "Default Password Policy",
2063N/A        "--set", "password-history-count:0");
1874N/A    }
1874N/A  }
1874N/A
1874N/A
1874N/A
1874N/A  /**
1874N/A   * Tests the Directory Server's password history maintenance capabilities
1874N/A   * using only the password history duration configuration option.
1874N/A   *
1874N/A   * @throws  Exception  If an unexpected problem occurs.
1874N/A   */
1874N/A  @Test(groups = "slow")
1874N/A  public void testPasswordHistoryUsingDuration()
1874N/A         throws Exception
1874N/A  {
1874N/A    TestCaseUtils.initializeTestBackend(true);
1874N/A    TestCaseUtils.addEntry(
1874N/A      "dn: uid=test.user,o=test",
1874N/A      "objectClass: top",
1874N/A      "objectClass: person",
1874N/A      "objectClass: organizationalPerson",
1874N/A      "objectClass: inetOrgPerson",
1874N/A      "uid: test.user",
1874N/A      "givenName: Test",
1874N/A      "sn: User",
1874N/A      "cn: Test User",
1874N/A      "userPassword: originalPassword",
1874N/A      "ds-privilege-name: bypass-acl");
1874N/A
1874N/A    // Make sure that before we enable history features we can re-use the
1874N/A    // current password.
1874N/A    String origPWPath = TestCaseUtils.createTempFile(
1874N/A      "dn: uid=test.user,o=test",
1874N/A      "changetype: modify",
1874N/A      "replace: userPassword",
1874N/A      "userPassword: originalPassword");
1874N/A
1874N/A    String[] args =
1874N/A    {
1874N/A      "-h", "127.0.0.1",
1874N/A      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A      "-D", "uid=test.user,o=test",
1874N/A      "-w", "originalPassword",
1874N/A      "-f", origPWPath
1874N/A    };
1874N/A
1874N/A    assertEquals(LDAPModify.mainModify(args, false, System.out, System.err), 0);
1874N/A
2063N/A    TestCaseUtils.dsconfig(
2063N/A      "set-password-policy-prop",
2063N/A      "--policy-name", "Default Password Policy",
2063N/A      "--set", "password-history-duration:5 seconds");
1874N/A
1874N/A    try
1874N/A    {
1874N/A      // Make sure that we can no longer re-use the original password as a new
1874N/A      // password.
1874N/A      assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1874N/A                  0);
1874N/A
1874N/A
1874N/A      // Change the password three times.
1874N/A      String newPWsPath = TestCaseUtils.createTempFile(
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword1",
1874N/A        "",
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword2",
1874N/A        "",
1874N/A        "dn: uid=test.user,o=test",
1874N/A        "changetype: modify",
1874N/A        "replace: userPassword",
1874N/A        "userPassword: newPassword3");
1874N/A
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "originalPassword",
1874N/A        "-f", newPWsPath
1874N/A      };
1874N/A
1874N/A      assertEquals(LDAPModify.mainModify(args, false, System.out, System.err),
1874N/A                   0);
1874N/A
1874N/A
1874N/A      // Make sure that we still can't use the original password.
1874N/A      args = new String[]
1874N/A      {
1874N/A        "-h", "127.0.0.1",
1874N/A        "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1874N/A        "-D", "uid=test.user,o=test",
1874N/A        "-w", "newPassword3",
1874N/A        "-f", origPWPath
1874N/A      };
1874N/A
1874N/A      assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1874N/A                  0);
1874N/A
1874N/A
1874N/A      // Sleep for six seconds and then verify that we can use the original
1874N/A      // password again.
1874N/A      Thread.sleep(6000);
1874N/A      assertEquals(LDAPModify.mainModify(args, false, System.out, System.err),
1874N/A                  0);
1874N/A    }
1874N/A    finally
1874N/A    {
2063N/A      TestCaseUtils.dsconfig(
2063N/A        "set-password-policy-prop",
2063N/A        "--policy-name", "Default Password Policy",
2063N/A        "--set", "password-history-duration:0 seconds");
1874N/A    }
1874N/A  }
1874N/A
1874N/A
1874N/A
1874N/A  /**
1984N/A   * Tests to ensure that the server will reject an attempt to set the password
1984N/A   * expiration warning interval to a value larger than the maximum password
1984N/A   * age.
1984N/A   *
1984N/A   * @throws  Exception  If an unexpected problem occurs.
1984N/A   */
1984N/A  @Test()
1984N/A  public void testWarningIntervalGreaterThanMaxAge()
1984N/A         throws Exception
1984N/A  {
1984N/A    String path = TestCaseUtils.createTempFile(
1984N/A      "dn: cn=Default Password Policy,cn=Password Policies,cn=config",
1984N/A      "changetype: modify",
2624N/A      "replace: ds-cfg-max-password-age",
2624N/A      "ds-cfg-max-password-age: 5 days",
1984N/A      "-",
1984N/A      "replace: ds-cfg-password-expiration-warning-interval",
1984N/A      "ds-cfg-password-expiration-warning-interval: 10 days");
1984N/A
1984N/A    String[] args =
1984N/A    {
1984N/A      "-h", "127.0.0.1",
1984N/A      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1984N/A      "-D", "cn=Directory Manager",
1984N/A      "-w", "password",
1984N/A      "-f", path
1984N/A    };
1984N/A
1984N/A    assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1984N/A                0);
1984N/A  }
1984N/A
1984N/A
1984N/A
1984N/A  /**
1984N/A   * Tests to ensure that the server will reject an attempt to set the sum of
1984N/A   * the password expiration warning interval and the minimum password age to a
1984N/A   * value larger than the maximum password age.
1984N/A   *
1984N/A   * @throws  Exception  If an unexpected problem occurs.
1984N/A   */
1984N/A  @Test()
1984N/A  public void testMinAgePlusWarningIntervalGreaterThanMaxAge()
1984N/A         throws Exception
1984N/A  {
1984N/A    String path = TestCaseUtils.createTempFile(
1984N/A      "dn: cn=Default Password Policy,cn=Password Policies,cn=config",
1984N/A      "changetype: modify",
2624N/A      "replace: ds-cfg-max-password-age",
2624N/A      "ds-cfg-max-password-age: 5 days",
1984N/A      "-",
2624N/A      "replace: ds-cfg-min-password-age",
2624N/A      "ds-cfg-min-password-age: 3 days",
1984N/A      "-",
1984N/A      "replace: ds-cfg-password-expiration-warning-interval",
1984N/A      "ds-cfg-password-expiration-warning-interval: 3 days");
1984N/A
1984N/A    String[] args =
1984N/A    {
1984N/A      "-h", "127.0.0.1",
1984N/A      "-p", String.valueOf(TestCaseUtils.getServerLdapPort()),
1984N/A      "-D", "cn=Directory Manager",
1984N/A      "-w", "password",
1984N/A      "-f", path
1984N/A    };
1984N/A
1984N/A    assertFalse(LDAPModify.mainModify(args, false, System.out, System.err) ==
1984N/A                0);
1984N/A  }
1984N/A
1984N/A
1984N/A
1984N/A  /**
296N/A   * Tests the <CODE>toString</CODE> methods with the default password policy.
296N/A   */
304N/A  @Test()
296N/A  public void testToStringDefault()
296N/A  {
296N/A    PasswordPolicy p = DirectoryServer.getDefaultPasswordPolicy();
296N/A    assertNotNull(p.toString());
296N/A  }
296N/A
296N/A
296N/A
296N/A  /**
296N/A   * Tests the <CODE>toString</CODE> methods with a password policy using the
296N/A   * authentication password syntax.
296N/A   *
296N/A   * @throws  Exception  If an unexpected problem occurs.
296N/A   */
304N/A  @Test()
296N/A  public void testToStringAuth()
296N/A         throws Exception
296N/A  {
296N/A    DN dn = DN.decode("cn=SHA1 AuthPassword Policy,cn=Password Policies," +
296N/A                      "cn=config");
5488N/A    PasswordPolicy p = (PasswordPolicy) DirectoryServer.getAuthenticationPolicy(dn);
296N/A    assertNotNull(p.toString());
296N/A  }
296N/A}
296N/A