Package org.identityconnectors.framework.common.objects

Class OperationalAttributes

  • public final class OperationalAttributes
extends Object
    Operational attributes have special meaning and cannot be represented by pure operations. For instance some administrators would like to create an account in the disabled state. They do not want this to be a two operation process since this can leave the door open to abuse. Therefore special attributes that can perform operations were introduced. The enable attribute could be added to the set of attributes sent to a Connector for the CreateOp operation. To tell the Connector to create the account with it in the disabled state whether the target resource itself has an attribute or an additional method must be called.

    • Field Detail

      • ENABLE_NAME

        public static final String ENABLE_NAME
        Gets/sets the enable status of an object.

      • ENABLE_DATE_NAME

        public static final String ENABLE_DATE_NAME
        Gets/sets the enable date for an object.

      • DISABLE_DATE_NAME

        public static final String DISABLE_DATE_NAME
        Gets/sets the disable date for an object.

      • LOCK_OUT_NAME

        public static final String LOCK_OUT_NAME
        Gets/sets the lock out attribute for an object.

      • PASSWORD_EXPIRATION_DATE_NAME

        public static final String PASSWORD_EXPIRATION_DATE_NAME
        Gets/sets the password expiration date for an object.

      • PASSWORD_EXPIRED_NAME

        public static final String PASSWORD_EXPIRED_NAME
        Gets/sets the password expired for an object.

      • PASSWORD_NAME

        public static final String PASSWORD_NAME
        Normally this is a write-only attribute. Sets the password for an object.

      • CURRENT_PASSWORD_NAME

        public static final String CURRENT_PASSWORD_NAME
        Used in conjunction with password to do an account level password change. This is for a non-administrator change of the password and therefore requires the current password.

        Note: This pseudo attribute is not a clean solution. It is mostly just a legacy. In original framework there was no clear way how to pass old/current password to an update operation. Therefore this pseudo-attribute was used. Do not use this this pseudo-attribute with newer operations, such as delta-based update operation. Delta-based update has a better was to dead with old/current password values.

      • FORCE_PASSWORD_CHANGE_NAME

        public static final String FORCE_PASSWORD_CHANGE_NAME
        Gets/sets flag that forces immediate password change by the user (e.g. during next log on). This can be used to set temporary password and the force user to change it to a permanent password.
        Since:
        1.5.0.0

      • OPERATIONAL_ATTRIBUTE_NAMES

        public static final Set<String> OPERATIONAL_ATTRIBUTE_NAMES

    • Method Detail

      • getOperationalAttributeNames

        public static Set<String> getOperationalAttributeNames()

      • isOperationalAttribute

        public static boolean isOperationalAttribute​(Attribute attr)