PingDirectory API Reference

Generate Password

The Generate Password extended operation is not a standard LDAP operation and has been developed internally for use within PingDirectory products. Its implementation in the Directory REST API is based on the existing GeneratePasswordExtendedRequest, GeneratePasswordExtendedResult, and GeneratePasswordExtendedOperationHandler classes in the UnboundID LDAP SDK. The API method serves as a translation layer between the client’s HTTP request and Directory’s internal LDAP operations.

For more information on the LDAP Generate Password extended operation, refer to GeneratePasswordExtendedRequest. Its OID is 1.3.6.1.4.1.30221.2.6.62.

The Generate Password Extended Operation Handler Configuration

This API method acts as a layer between the client and the generate password extended operation handler that performs the internal LDAP extended operation. This handler offers the following configuration options:

  • default-password-policy

    An optional, single-valued aggregation property that specifies the default password policy for requests that do not specify a password policy. If this is not specified, then the default password policy specified in the global configuration is used.

  • default-password-generator

    A required, single-valued aggregation property that specifies the password generator to use if the requested password policy is not configured with a password generator.

  • maximum-passwords-per-request

    An optional, single-valued integer property that specifies the maximum number of passwords that may be generated and returned for a single request. If this is not specified, a default value of 10 will be used.

  • maximum-validation-attempts-per-password

    An optional, single-valued integer property that specifies the maximum number of validation attempts that should be allowed for each generated password. If this is not specified, a default value of 5 will be used.

The server’s out-of-the-box configuration includes an instance of this extended operation handler that is enabled. Even though the configuration definition will not have a default value for the default-password-generator configuration property, this configuration entry will include a value that points to the cn=Passphrase,cn=Password Generators,cn=config entry.

The configuration entry will not include values for the maximum-passwords-per-request or maximum-validation-attempts configuration properties, so the default values from the configuration definition will be used. The out-of-the-box configuration entry will not have a value for the default-password-policy property and will use the default password policy as specified in the global configuration.