• msgType(required): string
  Default Value: urn:ietf:params:rest:schemas:oracle:oud:1.0:ModifyResponse

  The REST message type
• searchResultEntries(required): array searchResultEntries
  Number of search result entries returned after the LDAP operation.
• totalResults(required): integer(int32)
  Specifies the number of entries created, and returned.

{
    "type":"object",
    "required":[
        "msgType",
        "totalResults",
        "searchResultEntries"
    ],
    "properties":{
        "msgType":{
            "description":"The REST message type",
            "default":"urn:ietf:params:rest:schemas:oracle:oud:1.0:ModifyResponse",
            "type":"string"
        },
        "totalResults":{
            "type":"integer",
            "format":"int32",
            "description":"Specifies the number of entries created, and returned."
        },
        "searchResultEntries":{
            "type":"array",
            "description":"Number of search result entries returned after the LDAP operation.",
            "items":{
                "$ref":"#/definitions/Password Policy SearchResultEntry"
            }
        }
    }
}

• Array of: object Password Policy SearchResultEntry

{
    "type":"array",
    "description":"Number of search result entries returned after the LDAP operation.",
    "items":{
        "$ref":"#/definitions/Password Policy SearchResultEntry"
    }
}

• attributes(required): object Password Policy Properties
• dn(required): string
  LDAP DN of the entry to be created

{
    "type":"object",
    "required":[
        "dn",
        "attributes"
    ],
    "properties":{
        "dn":{
            "description":"LDAP DN of the entry to be created",
            "type":"string"
        },
        "attributes":{
            "$ref":"#/definitions/Password Policy Properties"
        }
    }
}

• cn: string
  CN (common name) of the entry
• ds-cfg-account-status-notification-handler: array ds-cfg-account-status-notification-handler
  Specifies the names of the account status notification handlers that are used with the associated password storage scheme.
• ds-cfg-allow-expired-password-changes: boolean
  Default Value: false

  Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation.
• ds-cfg-allow-multiple-password-values: boolean
  Default Value: false

  Indicates whether user entries can have multiple distinct values for the password attribute.
• ds-cfg-allow-pre-encoded-passwords: boolean
  Default Value: false

  Indicates whether users can change their passwords by providing a pre-encoded value.
• ds-cfg-allow-user-password-changes: boolean
  Default Value: true

  Indicates whether users can change their own passwords.
• ds-cfg-default-password-storage-scheme(required): array ds-cfg-default-password-storage-scheme
  Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy.
• ds-cfg-deprecated-password-storage-scheme: array ds-cfg-deprecated-password-storage-scheme
  Specifies the names of the password storage schemes that are considered deprecated for this password policy.
• ds-cfg-expire-passwords-without-warning: boolean
  Default Value: false

  Indicates whether the Directory Server allows a user's password to expire even if that user has never seen an expiration warning notification.
• ds-cfg-force-change-on-add: boolean
  Default Value: false

  Indicates whether users are forced to change their passwords upon first authenticating to the Directory Server after their account has been created.
• ds-cfg-force-change-on-reset: boolean
  Default Value: false

  Indicates whether users are forced to change their passwords if they are reset by an administrator.
• ds-cfg-grace-login-count: integer(int32)
  Default Value: 0

  Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password.
• ds-cfg-idle-lockout-interval: string
  Default Value: 0 seconds

  Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out.
• ds-cfg-last-login-time-attribute: string
  Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy.
• ds-cfg-last-login-time-format: string
  Specifies the format string that is used to generate the last login time value for users with the associated password policy.
• ds-cfg-lockout-duration: string
  Default Value: 0 seconds

  Specifies the length of time that an account is locked after too many authentication failures.
• ds-cfg-lockout-failure-count: integer(int32)
  Default Value: 0

  Specifies the maximum number of authentication failures that a user is allowed before the account is locked out.
• ds-cfg-lockout-failure-expiration-interval: string
  Default Value: 0 seconds

  Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout.
• ds-cfg-lockout-soft-duration: string
  Default Value: 0 seconds

  Specifies the length of time that an account is temporarily locked after too many authentication failures.
• ds-cfg-lockout-soft-failure-count: integer(int32)
  Default Value: 0

  Specifies the maximum number of authentication failures that a user is allowed before the account is locked temporarily.
• ds-cfg-max-password-age: string
  Default Value: 0 seconds

  Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval).
• ds-cfg-max-password-reset-age: string
  Default Value: 0 seconds

  Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked.
• ds-cfg-min-password-age: string
  Default Value: 0 seconds

  Specifies the minimum length of time after a password change before the user is allowed to change the password again.
• ds-cfg-password-attribute(required): string
  Specifies the attribute type used to hold user passwords.
• ds-cfg-password-change-requires-current-password: boolean
  Default Value: false

  Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed.
• ds-cfg-password-expiration-warning-interval: string
  Default Value: 5 days

  Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user.
• ds-cfg-password-generator: string
  Specifies the name of the password generator that is used with the associated password policy.
• ds-cfg-password-history-count: integer(int32)
  Default Value: 0

  Specifies the maximum number of former passwords to maintain in the password history.
• ds-cfg-password-history-duration: string
  Default Value: 0 seconds

  Specifies the maximum length of time that passwords remain in the password history.
• ds-cfg-password-validator: array ds-cfg-password-validator
  Specifies the names of the password validators that are used with the associated password storage scheme.
• ds-cfg-previous-last-login-time-attribute: string
  Specifies the name or OID of the attribute type that is used to hold the one but last login time for users with the associated password policy.
• ds-cfg-previous-last-login-time-format: array ds-cfg-previous-last-login-time-format
  Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy.
• ds-cfg-require-change-by-time: string
  Specifies the time by which all users with the associated password policy must change their passwords.
• ds-cfg-require-secure-authentication: boolean
  Default Value: false

  Indicates whether users with the associated password policy are required to authenticate in a secure manner.
• ds-cfg-require-secure-password-changes: boolean
  Default Value: false

  Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials.
• ds-cfg-skip-force-change-reset-on-deprecate: boolean
  Default Value: false

  Indicates whether to skip force change on reset, when the user passwords are depricated and re-hashed with default storage scheme. Note: to set this flag to true, the force-change-on-reset must be true
• ds-cfg-skip-validation-for-administrators: boolean
  Default Value: false

  Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes.
• ds-cfg-state-update-failure-policy: string
  Default Value: reactive

  Allowed Values: [ "ignore", "proactive", "reactive" ]

  Specifies how the server deals with the inability to update password policy state information during an authentication attempt.
• objectclass(required): array objectclass
  Objectclass(es) which this entry belongs to.

{
    "type":"object",
    "required":[
        "objectclass",
        "ds-cfg-default-password-storage-scheme",
        "ds-cfg-password-attribute"
    ],
    "properties":{
        "objectclass":{
            "type":"array",
            "description":"Objectclass(es) which this entry belongs to.",
            "items":{
                "type":"string"
            }
        },
        "cn":{
            "type":"string",
            "description":"CN (common name) of the entry"
        },
        "ds-cfg-min-password-age":{
            "description":"Specifies the minimum length of time after a password change before the user is allowed to change the password again. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-require-change-by-time":{
            "description":"Specifies the time by which all users with the associated password policy must change their passwords. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-password-validator":{
            "description":"Specifies the names of the password validators that are used with the associated password storage scheme. ",
            "readOnly":false,
            "type":"array",
            "items":{
                "type":"string"
            }
        },
        "ds-cfg-password-generator":{
            "description":"Specifies the name of the password generator that is used with the associated password policy. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-password-history-count":{
            "description":"Specifies the maximum number of former passwords to maintain in the password history. ",
            "readOnly":false,
            "default":"0",
            "type":"integer",
            "format":"int32"
        },
        "ds-cfg-default-password-storage-scheme":{
            "description":"Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. ",
            "readOnly":false,
            "type":"array",
            "items":{
                "type":"string"
            }
        },
        "ds-cfg-allow-expired-password-changes":{
            "description":"Indicates whether a user whose password is expired is still allowed to change that password using the password modify extended operation. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-lockout-duration":{
            "description":"Specifies the length of time that an account is locked after too many authentication failures. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-lockout-soft-failure-count":{
            "description":"Specifies the maximum number of authentication failures that a user is allowed before the account is locked temporarily. ",
            "readOnly":false,
            "default":"0",
            "type":"integer",
            "format":"int32"
        },
        "ds-cfg-skip-force-change-reset-on-deprecate":{
            "description":"Indicates whether to skip force change on reset, when the user passwords are depricated and re-hashed with default storage scheme. Note: to set this flag to true, the force-change-on-reset must be true ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-allow-pre-encoded-passwords":{
            "description":"Indicates whether users can change their passwords by providing a pre-encoded value. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-password-change-requires-current-password":{
            "description":"Indicates whether user password changes must use the password modify extended operation and must include the user's current password before the change is allowed. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-allow-multiple-password-values":{
            "description":"Indicates whether user entries can have multiple distinct values for the password attribute. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-max-password-reset-age":{
            "description":"Specifies the maximum length of time that users have to change passwords after they have been reset by an administrator before they become locked. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-skip-validation-for-administrators":{
            "description":"Indicates whether passwords set by administrators are allowed to bypass the password validation process that is required for user password changes. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-last-login-time-attribute":{
            "description":"Specifies the name or OID of the attribute type that is used to hold the last login time for users with the associated password policy. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-require-secure-password-changes":{
            "description":"Indicates whether users with the associated password policy are required to change their password in a secure manner that does not expose the credentials. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-require-secure-authentication":{
            "description":"Indicates whether users with the associated password policy are required to authenticate in a secure manner. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-state-update-failure-policy":{
            "description":"Specifies how the server deals with the inability to update password policy state information during an authentication attempt. ",
            "readOnly":false,
            "default":"reactive",
            "type":"string",
            "enum":[
                "ignore",
                "proactive",
                "reactive"
            ]
        },
        "ds-cfg-grace-login-count":{
            "description":"Specifies the number of grace logins that a user is allowed after the account has expired to allow that user to choose a new password. ",
            "readOnly":false,
            "default":"0",
            "type":"integer",
            "format":"int32"
        },
        "ds-cfg-lockout-failure-expiration-interval":{
            "description":"Specifies the length of time before an authentication failure is no longer counted against a user for the purposes of account lockout. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-password-expiration-warning-interval":{
            "description":"Specifies the maximum length of time before a user's password actually expires that the server begins to include warning notifications in bind responses for that user. ",
            "readOnly":false,
            "default":"5 days",
            "type":"string"
        },
        "ds-cfg-allow-user-password-changes":{
            "description":"Indicates whether users can change their own passwords. ",
            "readOnly":false,
            "default":true,
            "type":"boolean"
        },
        "ds-cfg-force-change-on-reset":{
            "description":"Indicates whether users are forced to change their passwords if they are reset by an administrator. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-lockout-failure-count":{
            "description":"Specifies the maximum number of authentication failures that a user is allowed before the account is locked out. ",
            "readOnly":false,
            "default":"0",
            "type":"integer",
            "format":"int32"
        },
        "ds-cfg-password-history-duration":{
            "description":"Specifies the maximum length of time that passwords remain in the password history. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-lockout-soft-duration":{
            "description":"Specifies the length of time that an account is temporarily locked after too many authentication failures. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-expire-passwords-without-warning":{
            "description":"Indicates whether the Directory Server allows a user's password to expire even if that user has never seen an expiration warning notification. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        },
        "ds-cfg-max-password-age":{
            "description":"Specifies the maximum length of time that a user can continue using the same password before it must be changed (that is, the password expiration interval). ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-last-login-time-format":{
            "description":"Specifies the format string that is used to generate the last login time value for users with the associated password policy. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-previous-last-login-time-format":{
            "description":"Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. ",
            "readOnly":false,
            "type":"array",
            "items":{
                "type":"string"
            }
        },
        "ds-cfg-deprecated-password-storage-scheme":{
            "description":"Specifies the names of the password storage schemes that are considered deprecated for this password policy. ",
            "readOnly":false,
            "type":"array",
            "items":{
                "type":"string"
            }
        },
        "ds-cfg-previous-last-login-time-attribute":{
            "description":"Specifies the name or OID of the attribute type that is used to hold the one but last login time for users with the associated password policy. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-account-status-notification-handler":{
            "description":"Specifies the names of the account status notification handlers that are used with the associated password storage scheme. ",
            "readOnly":false,
            "type":"array",
            "items":{
                "type":"string"
            }
        },
        "ds-cfg-idle-lockout-interval":{
            "description":"Specifies the maximum length of time that an account may remain idle (that is, the associated user does not authenticate to the server) before that user is locked out. ",
            "readOnly":false,
            "default":"0 seconds",
            "type":"string"
        },
        "ds-cfg-password-attribute":{
            "description":"Specifies the attribute type used to hold user passwords. ",
            "readOnly":false,
            "type":"string"
        },
        "ds-cfg-force-change-on-add":{
            "description":"Indicates whether users are forced to change their passwords upon first authenticating to the Directory Server after their account has been created. ",
            "readOnly":false,
            "default":false,
            "type":"boolean"
        }
    }
}

• Array of: string

{
    "description":"Specifies the names of the account status notification handlers that are used with the associated password storage scheme. ",
    "readOnly":false,
    "type":"array",
    "items":{
        "type":"string"
    }
}

• Array of: string

{
    "description":"Specifies the names of the password storage schemes that are used to encode clear-text passwords for this password policy. ",
    "readOnly":false,
    "type":"array",
    "items":{
        "type":"string"
    }
}

• Array of: string

{
    "description":"Specifies the names of the password storage schemes that are considered deprecated for this password policy. ",
    "readOnly":false,
    "type":"array",
    "items":{
        "type":"string"
    }
}

• Array of: string

{
    "description":"Specifies the names of the password validators that are used with the associated password storage scheme. ",
    "readOnly":false,
    "type":"array",
    "items":{
        "type":"string"
    }
}

• Array of: string

{
    "description":"Specifies the format string(s) that might have been used with the last login time at any point in the past for users associated with the password policy. ",
    "readOnly":false,
    "type":"array",
    "items":{
        "type":"string"
    }
}

• Array of: string

{
    "type":"array",
    "description":"Objectclass(es) which this entry belongs to.",
    "items":{
        "type":"string"
    }
}

• ldapErrorCode: integer(int32)
  Specifies the LDAP error code returned for the operation.
• message(required): string
  Error message returned returned for the operation.
• msgType(required): string
  Default Value: urn:ietf:params:rest:schemas:oracle:oud:1.0:ErrorResponse

  The REST message type

{
    "type":"object",
    "required":[
        "msgType",
        "message"
    ],
    "properties":{
        "msgType":{
            "description":"The REST message type",
            "default":"urn:ietf:params:rest:schemas:oracle:oud:1.0:ErrorResponse",
            "type":"string"
        },
        "message":{
            "description":"Error message returned returned for the operation.",
            "type":"string"
        },
        "ldapErrorCode":{
            "type":"integer",
            "format":"int32",
            "description":"Specifies the LDAP error code returned for the operation."
        }
    }
}