---
title: Generate Password
description: The Generate Password extended operation is not a standard LDAP operation and has been developed internally for use within PingDirectory products. Its implementation in the Directory REST API is based on the existing GeneratePasswordExtendedRequest, GeneratePasswordExtendedResult, and GeneratePasswordExtendedOperationHandler classes in the UnboundID LDAP SDK. The API method serves as a translation layer between the client's HTTP request and Directory's internal LDAP operations.
component: pingdirectory
page_id: pingdirectory:directory:extended-operations/generate-password
canonical_url: https://developer.pingidentity.com/pingdirectory/directory/extended-operations/generate-password.html
section_ids:
  the-generate-password-extended-operation-handler-configuration: The Generate Password Extended Operation Handler Configuration
---

# Generate Password

The Generate Password extended operation is not a standard LDAP operation and has been developed internally for use within PingDirectory products. Its implementation in the Directory REST API is based on the existing [GeneratePasswordExtendedRequest](https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/unboundidds/extensions/GeneratePasswordExtendedRequest.html), [GeneratePasswordExtendedResult](https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/unboundidds/extensions/GeneratePasswordExtendedResult.html), and [GeneratePasswordExtendedOperationHandler](https://docs.ping.directory/PingDirectory/latest/config-guide/generate-password-extended-operation-handler.html) classes in the UnboundID LDAP SDK. The API method serves as a translation layer between the client's HTTP request and Directory's internal LDAP operations.

For more information on the LDAP Generate Password extended operation, refer to [GeneratePasswordExtendedRequest](https://docs.ldap.com/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/unboundidds/extensions/GeneratePasswordExtendedRequest.html). Its OID is `1.3.6.1.4.1.30221.2.6.62`.

## The Generate Password Extended Operation Handler Configuration

This API method acts as a layer between the client and the generate password extended operation handler that performs the internal LDAP extended operation. This handler offers the following configuration options:

* `default-password-policy`

  An optional, single-valued aggregation property that specifies the default password policy for requests that do not specify a password policy. If this is not specified, then the default password policy specified in the global configuration is used.

* `default-password-generator`

  A required, single-valued aggregation property that specifies the password generator to use if the requested password policy is not configured with a password generator.

* `maximum-passwords-per-request`

  An optional, single-valued integer property that specifies the maximum number of passwords that may be generated and returned for a single request. If this is not specified, a default value of `10` will be used.

* `maximum-validation-attempts-per-password`

  An optional, single-valued integer property that specifies the maximum number of validation attempts that should be allowed for each generated password. If this is not specified, a default value of `5` will be used.

|   |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|   | The server's out-of-the-box configuration includes an instance of this extended operation handler that is enabled. Even though the configuration definition will not have a default value for the `default-password-generator` configuration property, this configuration entry will include a value that points to the `cn=Passphrase,cn=Password Generators,cn=config` entry.The configuration entry will not include values for the `maximum-passwords-per-request` or `maximum-validation-attempts` configuration properties, so the default values from the configuration definition will be used. The out-of-the-box configuration entry will not have a value for the `default-password-policy` property and will use the default password policy as specified in the global configuration. |