com.tivoli.pd.rgy.RgyUser

RgyUser extends RgyEntity to provide user-specific methods. The following section explains the methods in the RgyUser interface:

authenticate()

Fetch the policy and account state attribute values from RgyUser to ensure the values used during authentication are the latest cached values in the RgyUser instance. This method does not generate a Security Verify Access credential.

If the authentication is successful, no error is generated. Otherwise, an error which indicates the reason for the failure is generated. Failure might be caused by a wrong password or any other factors, such as an unavailable account.

The Security Verify Access password validation policy is based on policies and account states. The Registry Direct Java API password validation process is compatible with the Security Verify Access password validation process. Prototype:

void authenticate(char[] password) throws RgyException;

Authentication takes the time of day access restriction into account. When setting a password policy, the user might provide a list of days, start time, and end time. The start time and end time apply to each day on the list. If the specified start time is greater than the specified end time, then the access is allowed until the specified end time of the next day.

changePassword()

Authenticates the current password and, if successful, sets the password to the new value.

If the authentication of the current password succeeds, the API sets the new password value. If the configuration property ldap.enhanced-pwd-policy is enabled, the password is updated by using the users credential. This method supports the native LDAP policy, which requires users to change the password after the administrator resets the password. Use the setPassword() method to reset the administrative password.

Prototype:

void changePassword(char[] currentPassword, char[] newPassword) throws RgyException;

setPassword()

Sets the account password to the new value. This method updates the user password by using the administrative account credentials of the Registry Direct API. If a specific native LDAP policy is enabled for the account, this method resets the native registry account state. Use this method when the administrator resets the user password, or the user password is reset by using the user-self-care password recovery process.

Prototype:

void setPassword(char[] newPassword) throws RgyException;

listGroups() and listNativeGroups()

listGroups() lists the groups to which the user belongs.

listNativeGroups() method returns a list of the native IDs of the groups. The list might include groups that are not Security Verify Access enabled. The group list is not cached in the RgyUser instance, and each invocation of the methods searches the registry to determine the membership.

Prototype:

Set <string> listGroups() throws RgyException;
Set <string> listNativeGroups() throws RgyException;
importNativeUser()

Converts the LDAP native user account into a Security Verify Access entity. Prototype:

void importNativeUser(String userId, RgyAttributes rgyAttributes,
String groupId) throws RgyException;

Parent topic: Published API