com.tivoli.pd.jadmin
Class PDUser

java.lang.Object
  com.tivoli.pd.jutil.PDEnvironmentObject
      com.tivoli.pd.jadmin.PDUser

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class PDUser
extends com.tivoli.pd.jutil.PDEnvironmentObject
implements java.lang.Cloneable

This class represents a user in the Policy Directory Management Server. It may also represent a user that is defined only in the registry, but not within the the Policy Directory Management Server.

Modes: Local,Remote

See Also:

Serialized Form

Field Summary

static int	PDUSER_ADUSERREG Constant indicating an Active Directory user registry.
static java.lang.String	PDUSER_ALLPATTERN Constant used to match all names when listing users.
static int	PDUSER_DOMINOUSERREG Constant indicating a Domino user registry.
static int	PDUSER_LDAPUSERREG Constant indicating an LDAP user registry.
static int	PDUSER_MAXRETURN Constant used to return the maximum number possible when listing users.
static int	PDUSER_MULTIDOMAIN_ADUSERREG Constant indicating a multidomain Active Directory user registry.

Constructor Summary

PDUser(PDContext context, java.lang.Object name, PDMessages messages)
Creates a PDUser object with the specified input name.

Method Summary

java.lang.Object	clone() Returns a copy of this object.
static void	createUser(PDContext context, java.lang.String pdName, PDRgyUserName rgyName, java.lang.String description, char[] pwd, java.util.ArrayList groupNames, boolean ssoUser, boolean noPwdPolicy, PDMessages messages) Creates a user in the Policy Director Management Server.
static void	deleteUser(PDContext context, java.lang.String name, boolean deleteFromRgy, PDMessages messages) Deletes a user from the Policy Director Management Server and optionally delete it from the user registry.
boolean	equals(java.lang.Object obj) Determines whether this PDUser is equivalent to the input object.
java.lang.String	getDescription() Returns the user description from this object.
java.lang.String	getFirstName() Returns the the first name for this user as defined in the user registry.
java.util.ArrayList	getGroups() Returns a list of groups from this object that this user is a member of.
java.lang.String	getId() Returns the name for this user as defined by Policy Director.
java.util.Date	getLastLogin() Returns a setting from this object indicating the last time the user logged in.
java.lang.String	getLastName() Returns the the last name for this user as defined in the user registry.
java.util.Date	getLastPwdChange() Returns a setting from this object indicating the last time the user's password was changed.
PDPolicy	getPolicy() Returns the account policy associated with this user from this object.
java.lang.String	getRgyName() Returns the name for this user as defined in the user registry.
static int	getUserRgy(PDContext context, PDMessages messages) Returns an indicator of which type of user registry is configured for the Policy Director Management Server.
static void	importUser(PDContext context, java.lang.String pdName, PDRgyUserName rgyName, java.lang.String groupName, boolean ssoUser, PDMessages messages) Creates a user in the Policy Director Management Server by importing an existing user from the user registry.
boolean	isAccountValid() Returns a setting from this object indicating whether or not this user's account is valid.
boolean	isPasswordValid() Returns a setting from this object indicating whether or not this user's password is valid.
boolean	isPDUser() Returns a setting from this object indicating whether or not this user is defined to Policy Director.
boolean	isSSOUser()
static java.util.ArrayList	listUsers(PDContext context, java.lang.String pattern, long maxReturn, boolean listByRgyName, PDMessages messages) Lists users whose names match the input pattern.
void	setAccountValid(PDContext context, boolean isValid, PDMessages messages) Enables or disables this Policy Director user's account.
static void	setAccountValid(PDContext context, java.lang.String name, boolean isValid, PDMessages messages) Enables or disables the specified Policy Director user's account.
void	setDescription(PDContext context, java.lang.String newDesc, PDMessages messages) Modifies this Policy Director user's description.
static void	setDescription(PDContext context, java.lang.String name, java.lang.String newDesc, PDMessages messages) Modifies the description for the specified Policy Director user.
void	setPassword(PDContext context, char[] pwd, PDMessages messages) Modifies this Policy Director user's password and also sets the user's password valid indicator to true.
static void	setPassword(PDContext context, java.lang.String name, char[] pwd, PDMessages messages) Modifies the specified Policy Director user's password and also sets the user's password valid indicator to true.
void	setPasswordValid(PDContext context, boolean isValid, PDMessages messages) Enables or disables this Policy Director user's password.
static void	setPasswordValid(PDContext context, java.lang.String name, boolean isValid, PDMessages messages) Enables or disables the specified Policy Director user's password.
void	setSSOUser(PDContext context, boolean ssoUser, PDMessages messages)
static void	setSSOUser(PDContext context, java.lang.String name, boolean ssoUser, PDMessages messages)
java.lang.String	toString() Returns a String representation of this object.

Methods inherited from class com.tivoli.pd.jutil.PDEnvironmentObject

getContext, setContext

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PDUSER_LDAPUSERREG

public static final int PDUSER_LDAPUSERREG

Constant indicating an LDAP user registry.

See Also:

Constant Field Values

PDUSER_ADUSERREG

public static final int PDUSER_ADUSERREG

Constant indicating an Active Directory user registry.

See Also:

Constant Field Values

PDUSER_DOMINOUSERREG

public static final int PDUSER_DOMINOUSERREG

Constant indicating a Domino user registry.

See Also:

Constant Field Values

PDUSER_MULTIDOMAIN_ADUSERREG

public static final int PDUSER_MULTIDOMAIN_ADUSERREG

Constant indicating a multidomain Active Directory user registry.

See Also:

Constant Field Values

PDUSER_ALLPATTERN

public static final java.lang.String PDUSER_ALLPATTERN

Constant used to match all names when listing users.

See Also:

Constant Field Values

PDUSER_MAXRETURN

public static final int PDUSER_MAXRETURN

Constant used to return the maximum number possible when listing users.

See Also:

Constant Field Values

Constructor Detail

PDUser

public PDUser(PDContext context,
              java.lang.Object name,
              PDMessages messages)
       throws PDException

Creates a PDUser object with the specified input name. If the input name is a Policy Director user name, the user must be defined in Policy Director Management Server. If the input name is a registry user name, the user must be defined in the registry, but need not be defined to Policy Director.

This constructor corresponds to the ivadmin_user_get() and ivadmin_user_getbydn() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the name of the user to instantiate. If this is a Policy Director user, input the Policy Director name (a String). If this is a registry-only user, input the registry name (a PDRgyUserName object).

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

Method Detail

getGroups

public java.util.ArrayList getGroups()
                              throws PDException

Returns a list of groups from this object that this user is a member of. The list may be empty if this object represents a PDUser who is not a member of any group. Null is returned if this object represents a user who exists in the user registry but not in the Policy Director Management Server.

The returned list is a copy of the list in this object.

This method corresponds to the ivadmin_user_getmemberships() C API.

Returns:

an ArrayList of strings that represent the names of the groups of which this user is a member. The returned list may be empty if the user is not a member of any group. The return value is null if the user is not defined in the Management Server.

Throws:

PDException

getId

public java.lang.String getId()
                       throws PDException

Returns the name for this user as defined by Policy Director. Null is returned if this object represents a user who exists in the user registry but not in the Policy Director Management Server.

This method corresponds to the ivadmin_user_getid() C API.

Throws:

PDException

getRgyName

public java.lang.String getRgyName()
                            throws PDException

Returns the name for this user as defined in the user registry. The return value may not be null.

This method corresponds to the ivadmin_user_getdn() C API.

Throws:

PDException

getFirstName

public java.lang.String getFirstName()
                              throws PDException

Returns the the first name for this user as defined in the user registry. The return value may not be null, but it may be the empty string if the user registry does not require or use a first name attribute.

This method corresponds to the ivadmin_user_getcn() C API.

Throws:

PDException

getLastName

public java.lang.String getLastName()
                             throws PDException

Returns the the last name for this user as defined in the user registry. The return value may not be null, but it may be the empty string if the user registry does not require or use a last name attribute.

This method corresponds to the ivadmin_user_getsn() C API.

Throws:

PDException

getDescription

public java.lang.String getDescription()
                                throws PDException

Returns the user description from this object. The return value will never be null, but it may be an empty String if the description has not been set.

This method corresponds to the ivadmin_user_getdescription() C API.

Throws:

PDException

getPolicy

public PDPolicy getPolicy()
                   throws PDException

Returns the account policy associated with this user from this object. Specific policy operations can be performed on this PDPolicy object. Null is returned if this object represents a user who exists in the user registry but not in the Policy Director Management Server.

The returned policy is a copy of the policy in this object. To reflect any policy changes made through the copy back into a PDUser object, you must get a new instance of the user object.

Throws:

PDException

isPDUser

public boolean isPDUser()
                 throws PDException

Returns a setting from this object indicating whether or not this user is defined to Policy Director.

Returns:

true, if the user is defined to Policy Director; false, if the user is defined only in the user registry.

Throws:

PDException

isSSOUser

public boolean isSSOUser()

isAccountValid

public boolean isAccountValid()
                       throws PDException

Returns a setting from this object indicating whether or not this user's account is valid.

This method corresponds to the ivadmin_user_getaccountvalid() C API.

Returns:

true, if the user's account is valid; false, otherwise.

Throws:

PDException

getLastLogin

public java.util.Date getLastLogin()
                            throws PDException

Returns a setting from this object indicating the last time the user logged in.

This method corresponds to the ivadmin_user_getlastlogin() C API.

Returns:

Date of last login, or null if option not enabled or available.

Throws:

PDException

getLastPwdChange

public java.util.Date getLastPwdChange()
                                throws PDException

Returns a setting from this object indicating the last time the user's password was changed.

This method corresponds to the ivadmin_user_getlastpwdchange() C API.

Returns:

Date of last password change, or null if option not enabled or available.

Throws:

PDException

isPasswordValid

public boolean isPasswordValid()
                        throws PDException

Returns a setting from this object indicating whether or not this user's password is valid.

This method corresponds to the ivadmin_user_getpasswordvalid() C API.

Returns:

true, if the user's password is valid; false, otherwise.

Throws:

PDException

setSSOUser

public void setSSOUser(PDContext context,
                       boolean ssoUser,
                       PDMessages messages)
                throws PDException

Throws:

PDException

setAccountValid

public void setAccountValid(PDContext context,
                            boolean isValid,
                            PDMessages messages)
                     throws PDException

Enables or disables this Policy Director user's account. This change affects both the current object and the user in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setaccountvalid() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

isValid - true, to validate this user's account; false, to invalidate the account.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setPasswordValid

public void setPasswordValid(PDContext context,
                             boolean isValid,
                             PDMessages messages)
                      throws PDException

Enables or disables this Policy Director user's password. This change affects both the current object and the user in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setpasswordvalid() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

isValid - true, to validate this user's password; false, to invalidate the password.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setDescription

public void setDescription(PDContext context,
                           java.lang.String newDesc,
                           PDMessages messages)
                    throws PDException

Modifies this Policy Director user's description. This change affects both the current object and the user in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setdescription() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

newDesc - the new description. The description may not be null; use the empty String to clear the existing description. description.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setPassword

public void setPassword(PDContext context,
                        char[] pwd,
                        PDMessages messages)
                 throws PDException

Modifies this Policy Director user's password and also sets the user's password valid indicator to true. This change affects both the current object and the user in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setpassword() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

pwd - the new password. This password may not be null and must have a non-zero length.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

toString

public java.lang.String toString()

Returns a String representation of this object.

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Returns a copy of this object.

Overrides:

clone in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDUser is equivalent to the input object.

Overrides:

equals in class java.lang.Object

createUser

public static void createUser(PDContext context,
                              java.lang.String pdName,
                              PDRgyUserName rgyName,
                              java.lang.String description,
                              char[] pwd,
                              java.util.ArrayList groupNames,
                              boolean ssoUser,
                              boolean noPwdPolicy,
                              PDMessages messages)
                       throws PDException

Creates a user in the Policy Director Management Server.

This constructor corresponds to the ivadmin_user_create() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

pdName - the Policy Director user name. This value may not be null and must have a non-zero length.

rgyName - the registry user name. The registry name in this object must be non-null and have a non-zero length.

description - this argument is currently ignored; the description must be set explicitly using the setDescription method.

pwd - the user password. This password may not be null and must have a non-zero length.

groupNames - a list of group names (Strings) to which the user initially belongs. Can be null or empty.

ssoUser - true, if the user is capable of having single-signon credentials; false, otherwise.

noPwdPolicy - true, if password policy will not be enforced during creation; false, otherwise. This has no bearing on password policy enforcement after user creation.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

importUser

public static void importUser(PDContext context,
                              java.lang.String pdName,
                              PDRgyUserName rgyName,
                              java.lang.String groupName,
                              boolean ssoUser,
                              PDMessages messages)
                       throws PDException

Creates a user in the Policy Director Management Server by importing an existing user from the user registry.

This constructor corresponds to the ivadmin_user_import() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

pdName - the Policy Director user name. This value may not be null and must have a non-zero length.

rgyName - an object specifying the registry user name. This value may not be null or specify a null or zero-length name.

groupName - the initial group to which the user belongs. Can be null.

ssoUser - true, if the user is capable of having single-signon credentials; false, otherwise.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

deleteUser

public static void deleteUser(PDContext context,
                              java.lang.String name,
                              boolean deleteFromRgy,
                              PDMessages messages)
                       throws PDException

Deletes a user from the Policy Director Management Server and optionally delete it from the user registry.

This method corresponds to the ivadmin_user_delete() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the Policy Director user name. Cannot be null.

deleteFromRgy - true, if the user should be deleted from the user registry in addition to the Policy Director Management Server; false, otherwise.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

listUsers

public static java.util.ArrayList listUsers(PDContext context,
                                            java.lang.String pattern,
                                            long maxReturn,
                                            boolean listByRgyName,
                                            PDMessages messages)
                                     throws PDException

Lists users whose names match the input pattern. The returned list may be empty but it will never be null.

If listByRgyName is false, list the Policy Director users that match the specified pattern. If listByRgyName is true, list the registry users whose names match the specified pattern.

This method corresponds to the ivadmin_user_list() and ivadmin_user_listbydn() C APIs.

Parameters:

context - the context for communicating with the Policy Director Management Server.

pattern - the pattern for user names to match. For LDAP registries, this pattern is interpreted as a literal string, with the exception of the asterisk ('*') character, which is interpreted as a metacharacter that matches zero or more characters. Asterisks can be located at the beginning, in the middle or at the end of the pattern, and the pattern can contain multiple asterisks. PDUSER_ALLPATTERN matches all names. Non-LDAP registries that are supported in the future may not follow these pattern rules.

maxReturn - the maximum number of user names to return. This argument must be greater than or equal to 0. The value of 0 or PDUSER_MAXRETURN means return all users. This number can also be limited by the registry server so the maximum number returned is really the minimum of the server configuration and this value.

listByRgyName - true, if the users should be matched by their registry names; false, if the users should be matched by their Policy Director names.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Returns:

an ArrayList of strings that represent the names of users. The returned list will never be null.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

getUserRgy

public static int getUserRgy(PDContext context,
                             PDMessages messages)
                      throws PDException

Returns an indicator of which type of user registry is configured for the Policy Director Management Server.

This method corresponds to the ivadmin_context_getuserreg() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Returns:

an identifier for the type of user registry being used. For example, if LDAP is serving as the user registry, PDUSER_LDAPUSERREG will be returned. Other supported registries include Active Directory and Domino.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setDescription

public static void setDescription(PDContext context,
                                  java.lang.String name,
                                  java.lang.String newDesc,
                                  PDMessages messages)
                           throws PDException

Modifies the description for the specified Policy Director user. This change affects only user data in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setdescription() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the Policy Director user name.

newDesc - the new description. The description may not be null; use the empty String to clear the existing description.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setSSOUser

public static void setSSOUser(PDContext context,
                              java.lang.String name,
                              boolean ssoUser,
                              PDMessages messages)
                       throws PDException

Throws:

PDException

setAccountValid

public static void setAccountValid(PDContext context,
                                   java.lang.String name,
                                   boolean isValid,
                                   PDMessages messages)
                            throws PDException

Enables or disables the specified Policy Director user's account. This change affects only user data in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setaccountvalid() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the Policy Director user name.

isValid - true, to validate this user's account; false, to invalidate the account.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setPasswordValid

public static void setPasswordValid(PDContext context,
                                    java.lang.String name,
                                    boolean isValid,
                                    PDMessages messages)
                             throws PDException

Enables or disables the specified Policy Director user's password. This change affects only user data in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setpasswordvalid() C API.

Parameters:

context - the context for communicating with the Policy Director Management Server.

name - the Policy Director user name.

isValid - true, to validate this user's password; false, to invalidate the password.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setPassword

public static void setPassword(PDContext context,
                               java.lang.String name,
                               char[] pwd,
                               PDMessages messages)
                        throws PDException

Modifies the specified Policy Director user's password and also sets the user's password valid indicator to true. This change affects only user data in the Policy Director Management Server.

This method corresponds to the ivadmin_user_setpasswordvalid() C API.

Parameters:

context - the authentication context for communicating with the Policy Director Management Server.

name - the Policy Director user name.

pwd - the new password. This password may not be null and must have a non-zero length.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.