CLI Password Policy Methods

Contents
casso10
Contents
AllowNestedGroups Method Allows the Password Policy To Be Configured for Nested Groups
The AllowNestedGroups method allows the password policy to be configured for nested groups. This method applies only to LDAP directories.
Syntax
The AllowNestedGroups method has the following format:
Netegrity::PolicyMgtPwdPolicy->AllowNestedGroups([groupFlag])
Parameters
The AllowNestedGroups method accepts the following parameter:
  1. groupFlag
    (int)
    (Optional) Specifies whether to allow nested groups:
    • 1 to allow nested groups
    • 0 to disallow nested groups
Return Value
The AllowNestedGroups method returns one of the following values:
  • 0 if nested groups are not allowed.
  • 1 if nested groups are allowed.
AllowLowerPriorityPolicies Method Sets Flag To Determine whether Password Policies with Lower Priority Should Be Evaluated
The ApplyLowerPriorityPolicies method sets or retrieves the flag that determines whether password policies with lower priority should be evaluated after the current password policy is evaluated.
Syntax
The ApplyLowerPriorityPolicies method has the following format:
Netegrity::PolicyMgtPwdPolicy->ApplyLowerPriorityPolicies([lowerPriorityFlag])
Parameters
The ApplyLowerPriorityPolicies method accepts the following parameters:
  1. lowerPriorityFlag
    (int)
    (Optional) Specifies whether to enable evaluation of lower-priority password policies:
    • 1 enables evaluation of lower-priority password policies
    • 0 disables evaluation of lower-priority password policies
Return Value
The ApplyLowerPriorityPolicies method returns one of the following values:
  • A new or existing flag setting
  • undef
    if the call is unsuccessful
AuthLoginTrackFailure Method Allows a User To Login if Login Tracking Data Fails
The AuthLoginTrackFailure method sets or retrieves the flag for allowing a user to log in if login tracking data fails to be written to the user directory. Login tracking data includes login attempts and successful logins.
Syntax
The AuthLoginTrackFailure method has the following format:
Netegrity::PolicyMgtPwdPolicy->AuthLoginTrackFailure([trackingFlag])
Parameters
The AuthLoginTrackFailure method accepts the following parameter:
  1. trackingFlag
    (int)
    (Optional) Specifies whether to allow the user to login when login tracking fails:
    • 1 allows the user to login
    • 0 does not allow the user to login
Return Value
The AuthLoginTrackFailure method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
Remarks
If you enable this flag, users are allowed to log in even if login tracking data cannot be written to the user directory. If you disable this flag, users are not allowed to log in if login tracking data cannot be written to the user directory.
BadLoginDisablementPeriod Method Sets or Retrieves the Number of Minutes Before a User Account Is Disabled
The BadLoginDisablementPeriod method sets or retrieves the number of minutes before a user account is disabled after too many failed login attempts.
Syntax
The BadLoginDisablementPeriod method has the following format:
Netegrity::PolicyMgtPwdPolicy->BadLoginDisablementPeriod([disablementPeriod])
Parameters
The BadLoginDisablementPeriod method accepts the following parameters:
  1. disablementPeriod
    (int)
    (Optional) Specifies the number of minutes to allow before the user account is disabled.
Return Value
The BadLoginDisablementPeriod method returns one of the following values:
  • The new or existing disablement period
  • undef
    if the call is unsuccessful
Description Method Sets or Retrieves the Description of the Password Policy
The Description method sets or retrieves the description of the password policy.
Syntax
The Description method has the following format:
Netegrity::PolicyMgtPwdPolicy->Description([policyDesc])
Parameters
The Description method accepts the following parameter:
  1. policyDesc
    (string)
    (Optional) Specifies the description of the password policy.
Return Value
The Description method returns one of the following values:
  • The new or existing policy description
  • An empty string if the call is unsuccessful.
DictionaryMatch Method Sets the Minimum Number of Letters Required To Qualify a Password for Dictionary Checking
The DictionaryMatch method sets the minimum number of letters required to qualify a password for dictionary checking.
Syntax
The DictionaryMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->DictionaryMatch([dicMatchLen])
Parameters
The DictionaryMatch method accepts the following parameter:
  1. dicMatchLen
    (int)
    (Optional) Specifies the minimum number of letters required.
Return Value
The DictionaryMatch method returns one of the following values:
  • A new or existing minimum setting
  • undef
    if the call is unsuccessful
DictionaryPath Method Sets or Retrieves the Location of a Dictionary File
The DictionaryPath method sets or retrieves the location of a dictionary file that lists words that cannot be used in a password.
Syntax
The DictionaryPath method has the following format:
Netegrity::PolicyMgtPwdPolicy->DictionaryPath([dicPath])
Parameters
The DictionaryPath method accepts the following parameter:
  1. dicPath
    (string)
    (Optional) Specifies the new dictionary path.
Return Value
The DictionaryPath method returns one of the following values:
  • The new or existing dictionary path.
  • undef
    if the call is unsuccessful
Remarks
The dictionary file must be a text file located in a directory that all Policy Servers can access.
DisableAfterInactivityExpiration Method Disables an Inactive User's Account
The DisableAfterInactivityExpiration method sets or retrieves the flag for disabling a user's account if it has been inactive for a specified period.
Syntax
The DisableAfterInactivityExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy->DisableAfterInactivityExpiration([inactivityFlag])
Parameters
The DisableAfterInactivityExpiration method accepts the following parameters:
  1. inactivityFlag
    (int)
    (Optional) Specifies whether to disable the user's account
    1 disables the user's account after a specified period of inactivity
    0 keeps the account enabled and forces a password change
Return Value
The DisableAfterInactivityExpiration method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
Remarks
If the flag is set not to disable the user's account after the inactivity period, the user is required to change the password at the next login.
DisableAfterPwdExpiration Method Disables a User's Aaccount after the User's Password Expires
The DisableAfterPwdExpiration method sets or retrieves the flag for disabling a user's account after the user's password expires.
Syntax
The DisableAfterPwdExpiration method has the following format:
Netegrity::PolicyMgtPwdPolicy->DisableAfterPwdExpiration([expireFlag])
Parameters
The DisableAfterPwdExpiration method accepts the following parameter:
  1. expireFlag
    (type)
    (Optional) Specifies whether to disable the user's account:
    1 disable the user's account after the user's password expires
    0 keeps the account enabled and forces a password change
Return Value
The DisableAfterPwdExpiration method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
Remarks
If the flag is set not to disable the user's account after the password expires, the user is required to change the password at next login.
EntireDir Method Determines Whether the Password Policy Applies to the Entire Directory
The EntireDir method determines whether the password policy applies to the entire directory or just a part of it.
Syntax
The EntireDir method has the following format:
Netegrity::PolicyMgtPwdPolicy->EntireDir([dirFlag])
Parameters
The EntireDir method accepts the following parameters:
  1. dirFlag
    (int)
    (Optional) Specifies whether to apply the password policy to an entire directory:
    1 applies the password policy to the entire directory
    0 applies the password policy to just a portion of the directory
Return Value
The EntireDir method returns one of the following values:
  • 1 if the policy applies to the entire directory.
  • 0 if the policy applies to part of the directory.
Remarks
For information about specifying a part of an entire directory, see the descriptions of the PolicyMgtPwdPolicy>UserDirPath method and the PolicyMgtPwdPolicy>UserDirClass method.
ExpirationDelay Method Specifies the Number of Days a Password Can Be Used
The ExpirationDelay method specifies the number of days a password can be used until it must be changed.
Syntax
The ExpirationDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy->ExpirationDelay([expDelay])
Parameters
The ExpirationDelay method accepts the following parameter:
  1. expDelay
    (int)
    (Optional) Specifies the number of days that the password can be used.
Return Value
The ExpirationDelay method returns one of the following values:
  • The new or existing number of days
  • -1 if the call is unsuccessful
IsEnabled Method Enables or Disables a Password Policy
The IsEnabled method enables or disables a password policy.
Syntax
The IsEnabled method has the following format:
Netegrity::PolicyMgtPwdPolicy->IsEnabled([enableFlag])
Parameters
The IsEnabled method accepts the following parameter:
  1. enableFlag
    (int)
    (Optional) Specifies whether the password policy is enabled:
    • 1 enables the password policy
    • 0 disables the password policy
Return Value
The IsEnabled method returns one of the following values:
  • 1 if the policy is enabled
  • 0 if the policy is disabled
MaxLoginFailures Method Sets or Retrieves the Maximum Number of Failed Login Attempts
The MaxLoginFailures method sets or retrieves the maximum number of failed login attempts a user can make before the user account is disabled.
Syntax
The MaxLoginFailures method has the following format:
Netegrity::PolicyMgtPwdPolicy->MaxLoginFailures([maxLogin])
Parameters
The MaxLoginFailures method accepts the following parameter:
  1. maxLogin
    (int)
    (Optional) Specifies the number of failed login attempts.
Return Value
The MaxLoginFailures method returns one of the following values:
  • The new or existing failed login attempt setting
  • undef
    if the call is unsuccessful
MaxLoginInactive Method Sets or Retrieves the Number of Days of Inactivity Are Allowed
The MaxLoginInactive method sets or retrieves the number of days of inactivity allowed before a user's password expires.
Syntax
The MaxLoginInactive method has the following format:
Netegrity::PolicyMgtPwdPolicy->MaxLoginInactive([maxLoginInactive])
Parameters
The MaxLoginInactive method accepts the following parameters:
  1. maxLoginInactive
    (int)
    (Optional) Specifies the number of days of inactivity.
Return Value
The MaxLoginInactive method returns one of the following values:
  • The new or existing maximum inactivity period setting
  • undef
    if the call is unsuccessful
Name Method Sets or Retrieves the Password Policy Name
The Name method sets or retrieves the password policy name.
Syntax
The Name method has the following format:
Netegrity::PolicyMgtPwdPolicy->Name([policyName])
Parameters
The Name method accepts the following parameter:
  1. policyName
    (string)
    (Optional) Specifies the password policy name.
Return Value
The Name method returns one of the following values:
  • The new or existing policy name
  • undef
    if the call is unsuccessful
PwdAddRegExpMatch Method Adds a Regular Expression to the List of Expressions that New Passwords Must Match
The PwdAddRegExpMatch method adds a regular expression to the list of expressions that new passwords must match.
Syntax
The PwdAddRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAddRegExpMatch([tag] [, expression])
Parameters
The PwdAddRegExpMatch method accepts the following parameters:
  1. tag
    (string)
    (Optional) Specifies the name of the regular expression.
  2. expression
    (string)
    (Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpMatch method returns one of the following values:
  • 0 if the regular expression is successfully added
  • -1 if the call is unsuccessful
PwdAddRegExpNoMatch Method Adds a Regular Expression to the List of Expressions that New Passwords Must NOT Match
The PwdAddRegExpNoMatch method adds a regular expression to the list of expressions that new passwords must
not
match.
Syntax
The PwdAddRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAddRegExpNoMatch([tag] [, expression])
Parameters
The PwdAddRegExpNoMatch method accepts the following parameters:
  1. tag
    (string)
    (Optional) Specifies the name of the regular expression.
  2. expression
    (string)
    (Optional) Specifies the regular expression.
Return Value
The PwdAddRegExpNoMatch method returns one of the following values:
  • 0 if the regular expression is successfully added
  • -1 if the call is unsuccessful
PwdAllowDigits Method Specifies whether Passwords Are Allowed To Have Numeric Characters
The PwdAllowDigits method sets or retrieves the flag that specifies whether passwords are allowed to have numeric characters.
Syntax
The PwdAllowDigits method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowDigits([digitFlag])
Parameters
The PwdAllowDigits method accepts the following parameter:
  1. digitFlag
    (int)
    (Optional) Specifies whether passwords are allowed to have numeric characters:
    1 numeric characters are allowed
    0 if numeric characters are not allowed
Return Value
The PwdAllowDigits method returns one of the following values:
  • A new or existing flag setting
  • undef
    if the call is unsuccessful
PwdAllowLowercase Method Specifies whether Passwords Are Allowed To Have Lower Case Letters
The PwdAllowLowercase method sets or retrieves the flag that specifies whether passwords are allowed to have lower case letters.
Syntax
The PwdAllowLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowLowercase([lcFlag])
Parameters
The PwdAllowLowercase method accepts the following parameters:
  1. lcFlag
    (int)
    (Optional) Specifies whether lowercase letters are allowed in passwords:
    • 1 allows lowercase letters
    • 0 disallows lowercase letters
Return Value
The PwdAllowLowercase method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdAllowNonAlphNum Method Specifies whether Passwords Are Allowed To Have Non-Alphanumeric Characters
The PwdAllowNonAlphNum method sets or retrieves the flag that specifies whether passwords are allowed to have non-alphanumeric characters.
Syntax
The PwdAllowNonAlphNum method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowNonAlphaNum([nonAlphaNumFlag])
Parameters
The PwdAllowNonAlphNum method accepts the following parameters:
  1. nonAlphaNumFlag
    (int)
    (Optional) Specifies whether non-alphanumeric characters are allowed in passwords
    • 1 allows non-alphanumeric characters
    • 0 disallows non-alphanumeric characters
Return Value
The PwdAllowNonAlphNum method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdAllowNonPrintable Method Specifies whether Passwords Are Allowed To Have Non-Printable Characters
The PwdAllowNonPrintable method sets or retrieves the flag that specifies whether passwords are allowed to have non-printable characters. These characters cannot be displayed on a computer screen.
Syntax
The PwdAllowNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowNonPrintable([nonPrintFlag])
Parameters
The PwdAllowNonPrintable method accepts the following parameters:
  1. nonPrintFlag
    (int)
    (Optional) Specifies whether non-printable characters are allowed in passwords:
    • 1 allows non-printable characters
    • 0 disallows non-printable characters
Return Value
The PwdAllowNonPrintable method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdAllowPunctuation Method Specifies whether Passwords Are Allowed To Have Punctuation Mark Characters
The PwdAllowPunctuation method sets or retrieves the flag that specifies whether passwords are allowed to have punctuation mark characters.
Syntax
The PwdAllowPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowPunctuation([punctuationMarkFlag])
Parameters
The PwdAllowPunctuation method accepts the following parameters:
  1. punctuationMarkFlag
    (int)
    (Optional) Specifies whether punctuation mark characters are allowed in passwords:
    • 1 allows punctuation mark characters
    • 0 disallows punctuation mark characters
Return Value
The PwdAllowPunctuation method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdAllowUpperCase Method Specifies whether Passwords Are Allowed To Have Upper Case Letters
The PwdAllowUpperCase method sets or retrieves the flag that specifies whether passwords are allowed to have upper case letters.
Syntax
The PwdAllowUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdAllowUppercase([upperCaseFlag])
Parameters
The PwdAllowUpperCase method accepts the following parameter:
  1. upperCaseFlag
    (int)
    (Optional) Specifies whether upper case letters are allowed in passwords:
    • 1 allows upper case letters
    • 0 disallows upper case letters
Return Value
The PwdAllowUpperCase method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdExpiryWarning Method Sets or Retrieves the Number of Days in Advance To Notify the User that the Password Will Expire
The PwdExpiryWarning method sets or retrieves the number of days in advance to notify the user that the password will expire.
Syntax
The PwdExpiryWarning method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdExpiryWarning([warningDays])
Parameters
The PwdExpiryWarning method accepts the following parameters:
  1. warningDays
    (int)
    (Optional) Specifies the number of days of advance notice.
Return Value
The PwdExpiryWarning method returns one of the following values:
  • The new or existing advance notice setting
  • undef
    if the call is unsuccessful
PwdForceLowerCase Method Determines whether To Convert Upper Case Letters in a New Password to Lower Case
The PwdForceLowerCase method sets or retrieves the flag that determines whether to convert any upper case letters in a new password to lower case.
Syntax
The PwdForceLowerCase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdForceLowerCase([forceLCFlag])
Parameters
The PwdForceLowerCase method accepts the following parameters:
  1. forceLCFlag
    (int)
    (Optional) Specifies whether for force new passwords into lower vase:
    • 1 converts any upper case letters to lower case
    • 0 does not convert upper case letters
Return Value
The PwdForceLowerCase method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdForceUpperCase Method Determines whether To Convert Lower Case Letters in a New Password to Upper Case
The PwdForceUpperCase method sets or retrieves the flag that determines whether to convert any lower case letters in a new password to upper case.
Syntax
The PwdForceUpperCase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdForceUpperCase([forceUCFlag])
Parameters
The PwdForceUpperCase method accepts the following parameters:
  1. forceUCFlag
    (int)
    (Optional) Specifies whether to force new passwords to use only upper case:
    • 1 forces upper case
    • 0 does not force upper case
Return Value
The PwdForceUpperCase method returns one of the following values:
  • The new or existing flag setting
  • undef
    if the call is unsuccessful
PwdGetAllRegExpMatch Method Retrieves the Name Tags of the Regular Expressions that New Passwords Must Match
The PwdGetAllRegExpMatch method retrieves the name tags of all the regular expressions that new passwords must match.
Syntax
The PwdGetAllRegExpMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdGetAllRegExpMatch()
Parameters
The PwdGetAllRegExpMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpMatch method returns one of the following values:
  • An array of name tags for the regular expressions that new passwords must match
  • undef
    if the call is unsuccessful
PwdGetAllRegExpNoMatch Method Retrieves the Name Tags of the Regular Expressions that New Passwords Must NOT Match
The PwdGetAllRegExpNoMatch method retrieves the name tags of all the regular expressions that new passwords must
not
match.
Syntax
The PwdGetAllRegExpNoMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdGetAllRegExpNoMatch()
Parameters
The PwdGetAllRegExpNoMatch method accepts no parameters.
Return Value
The PwdGetAllRegExpNoMatch method returns one of the following values:
  • An array of name tags for the regular expressions that new passwords must not match.
  • undef
    if the call is unsuccessful
PwdGetRegExp Method Retrieves the Regular Expression for the Specified Name Tag
The PwdGetRegExp method retrieves the regular expression for the specified name tag.
Syntax
The PwdGetRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdGetRegExp(tag)
Parameters
The PwdGetRegExp method accepts the following parameter:
  1. tag
    (string)
    Specifies the name of the regular expression to retrieve.
Return Value
The PwdGetRegExp method returns one of the following values:
  • The specified regular expression
  • undef
    if the call is unsuccessful
PwdIgnoreSequence Method Determines whether To Ignore Sequence when Calculating the New Password
The PwdIgnoreSequence method specifies whether to ignore sequence (that is, character position) when the different-from-previous-characters percentage is calculated.
Syntax
The PwdIgnoreSequence method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdIgnoreSequence([pwdPctSeq])
Parameters
The PwdIgnoreSequence method accepts the following parameter:
  1. pwdPctSeq
    (int)
    (Optional) Specifies whether to ignore the sequence of characters when creating a new password:
    • 1 ignores sequence when calculating the previous password difference percentage
    • 0 considers sequence
Return Value
The PwdIgnoreSequence method returns one of the following values:
  • 1 to ignore sequence
  • 0 to consider sequence
Remarks
For example, suppose a user's previous password is BASEBALL12:
  • If you set this method to 1 (ignore sequence), the user can't choose 12BASEBALL as the new password. That's because the characters are the same as in the previous password, regardless of the character sequence.
  • If you set this method to 0 (consider sequence), the user can choose 12BASEBALL as the new password because the characters occur in a different sequence.
For greater security, pass 1 into this method.
PwdMaxLength Method Sets or Retrieves the Maximum Length for User Passwords
The PwdMaxLength method sets or retrieves the maximum length for user passwords.
Syntax
The PwdMaxLength method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMaxLength([maxPwdLength])
Parameters
The PwdMaxLength method accepts the following parameter:
  1. maxPwdLength
    (int)
    (Optional) Specifies the maximum password length.
Return Value
The PwdMaxLength method returns the new or existing password length setting.
PwdMaxRepeatingChar Method Sets or Retrieves the Maximum Number of Identical Characters
The PwdMaxRepeatingChar method sets or retrieves the maximum number of identical characters that can appear consecutively in a password.
Syntax
The PwdMaxRepeatingChar method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMaxRepeatingChar([maxPwdRepeat])
Parameters
The PwdMaxRepeatingChar method accepts the following parameter:
  1. maxPwdRepeat
    (int)
    (Optional) Specifies the maximum number of repeating characters.
Return Value
The PwdMaxRepeatingChar method returns the new or existing setting for repeating characters.
PwdMinAlpha Method Sets or Retrieves the Minimum Number of Alphabetic Characters a Password Must Contain
The PwdMinAlpha method sets or retrieves the minimum number of alphabetic characters (A-Z, a-z) that a password must contain.
Syntax
The PwdMinAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinAlpha([pwdMinAlpha])
Parameters
The PwdMinAlpha method accepts the following parameter:
  1. pwdMinAlpha
    (int)
    (Optional) Specifies the minimum number of alphabetic characters required.
Return Value
The PwdMinAlpha method returns the new or existing minimum number of alphabetic characters.
PwdMinAlphaNum Method Sets or Retrieves the Minimum Number of Alphanumeric Characters a Password Must Contain
The PwdMinAlphaNum method sets or retrieves the minimum number of alphanumeric characters (A-Z, a-z, 0-9) that a password must contain.
Syntax
The PwdMinAlphaNum method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinAlphaNum([pwdMinAlphaNum])
Parameters
The PwdMinAlphaNum method accepts the following parameters:
  1. pwdMinAlphaNum
    (int)
    (Optional) Specifies the minimum number of alphanumeric characters required.
Return Value
The PwdMinAlphaNum method returns the new or existing minimum number of alphanumeric characters.
PwdMinLength Method Sets or Retrieves the Minimum Length for User Passwords
The PwdMinLength method sets or retrieves the minimum length for user passwords.
Syntax
The PwdMinLength method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinLength([minPwdLength])
Parameters
The PwdMinLength method accepts the following parameters:
  1. minPwdLength
    (int)
    (Optional) Specifies the minimum length for user passwords.
Return Value
The PwdMinLength method returns the new or existing minimum password length.
PwdMinLowercase Method Sets or Retrieves the Minimum Number of Lower Case Letters a Password Must Contain
The PwdMinLowercase method sets or retrieves the minimum number of lower case letters that a password must contain.
Syntax
The PwdMinLowercase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinLowercase([pwdMinLC])
Parameters
The PwdMinLowercase method accepts the following parameter:
  1. pwdMinLC
    (int)
    (Optional) Specifies the minimum number of lower case letters that a password must contain.
Return Value
The PwdMinLowercase method returns new or existing minimum for lower case letters.
PwdMinNonAlpha Method Sets or Retrieves the Minimum Number of Non-Alphanumeric Characters A Password Must Contain
The PwdMinNonAlpha method sets or retrieves the minimum number of non-alphanumeric characters that a password must contain. These characters include punctuation marks and other symbols located on the keyboard, such as @, $, and *.
Syntax
The PwdMinNonAlpha method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinNonAlpha([pwdMinNonAlpha])
Parameters
The PwdMinNonAlpha method accepts the following parameters:
  1. pwdMinNonAlpha
    (int)
    (Optional) Specifies the minimum number of non-alphanumeric characters required.
Return Value
The PwdMinNonAlpha method returns the new or existing minimum number of non-alphanumeric characters.
PwdMinNonPrintable Method Sets or Retrieves the Minimum Number of Non-Printable Characters a Password Must Contain
The PwdMinNonPrintable method sets or retrieves the minimum number of non-printable characters that a password must contain. These characters cannot be displayed on a computer screen.
Syntax
The PwdMinNonPrintable method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinNonPrintable([pwdMinNonPrint])
Parameters
The PwdMinNonPrintable method accepts the following parameter:
  1. pwdMinNonPrint
    (int)
    (Optional) Specifies the minimum number of non-printable characters required.
Return Value
The PwdMinNonPrintable method returns The new or existing minimum number of non-printable characters.
PwdMinNumbers Method Sets or Retrieves the Minimum Number of Numeric Characters a Password Must Contain
The PwdMinNumbers method sets or retrieves the minimum number of numeric characters (0-9) that a password must contain.
Syntax
The PwdMinNumbers method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinNumbers([pwdMinNum])
Parameters
The PwdMinNumbers method accepts the following parameter:
  1. pwdMinNum
    (int)
    (Optional) Specifies the minimum number of numeric characters required.
Return Value
The PwdMinNumbers method returns the new or existing minimum number of numeric characters.
PwdMinProfileMatch Method Specifies the Minimum Character Sequence To Check against the User's Personal Information
The PwdMinProfileMatch method specifies the minimum character sequence to check against the user's personal information.
Syntax
The PwdMinProfileMatch method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinProfileMatch([pwdMatchAttr])
Parameters
The PwdMinProfileMatch method accepts the following parameter:
  1. pwdMatchAttr
    (int)
    (Optional) Specifies the minimum number of sequential characters to check.
Return Value
The PwdMinProfileMatch method returns the new or existing minimum setting.
Remarks
For example, if this value is set to 4,
CA Single Sign-On
prohibits the use of any four consecutive characters found in the user's personal information, such as the four last digits of the user's telephone number.
This field prevents a user from incorporating personal information in a password.
CA Single Sign-On
checks the password against attributes in the user's directory entry.
PwdMinPunctuation Method Sets or Retrieves the Minimum Number of Punctuation Marks a Password Must Contain
The PwdMinPunctuation method sets or retrieves the minimum number of punctuation marks that a password must contain. These characters include periods, commas, exclamation marks, slashes, hyphens, dashes, and other punctuation marks.
Syntax
The PwdMinPunctuation method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinPunctuation([pwdMinPunc])
Parameters
The PwdMinPunctuation method accepts the following parameter:
  1. pwdMinPunc
    (int)
    (Optional) Specifies the minimum number of punctuation marks required.
Return Value
The PwdMinPunctuation method returns the new or existing minimum number of punctuation marks.
PwdMinUppercase Method Sets or Retrieves the Minimum Number of Upper Case Letters a Password Must Contain
The PwdMinUppercase method sets or retrieves the minimum number of upper case letters that a password must contain.
Syntax
The PwdMinUppercase method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdMinUppercase([pwdMinUC])
Parameters
The PwdMinUppercase method accepts the following parameter:
  1. pwdMinUC
    (int)
    (Optional) Specifies the minimum number of upper case letters that a password must contain.
Return Value
The PwdMinUppercase method returns the new or existing minimum for upper case letters.
PwdPercentDiff Method Sets or Retrieves the Percentage of Different Characters a New Password Must Contain
The PwdPercentDiff method sets or retrieves the percentage of characters that a new password must contain that differ from characters in the previous password. If the value is set to 100, the new password cannot contain any characters that were in the previous password (unless the parameter
PwdIgnoreSeq
is set to 0).
Syntax
The PwdPercentDiff method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdPercentDiff([pwdPctDiff])
Parameters
The PwdPercentDiff method accepts the following parameter:
  1. pwdPctDiff
    (int)
    (Optional) Specifies the minimum percentage setting.
Return Value
The PwdPercentDiff method returns the new or existing minimum percentage setting.
PwdPolicyPriority Method Sets or Retrieves the Password's Evaluation Priority Setting
The PwdPolicyPriority method sets or retrieves the password's evaluation priority setting (1-1000). Policies are evaluated in descending order (1000 first, 1 last).
Syntax
The PwdPolicyPriority method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdPolicyPriority([priority])
Parameters
The PwdPolicyPriority method accepts the following parameters:
  1. priority
    (int)
    (Optional) Specifies the evaluation priority of this password policy.
Return Value
The PwdPolicyPriority method returns new or existing evaluation priority setting.
PwdRedirectionURL Method Sets or Retrieves the URL where the User is Redirected Example
The PwdRedirectionURL method sets or retrieves the URL where the user is redirected when an invalid password is provided. This must be the URL of the Password Services CGI.
Syntax
The PwdRedirectionURL method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdRedirectionURL([URL])
Parameters
The PwdRedirectionURL method accepts the following parameter:
  1. URL
    (string)
    (Optional) Specifies the redirection URL.
Return Value
The PwdRedirectionURL method returns one of the following values:
  • The new or existing URL
  • undef
    if the call is unsuccessful
PwdRemoveRegExp Method Removes the Regular Expression Associated with the Specified Name Tag
The PwdRemoveRegExp method removes the regular expression associated with the specified name tag.
Syntax
The PwdRemoveRegExp method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdRemoveRegExp(tag)
Parameters
The method accepts the following parameter:
  1. tag
    (string)
    Specifies the name of the regular expression to move.
Return Value
The PwdRemoveRegExp method returns one of the following values:
  • 0 on success
  • -1 if the call is unsuccessful
PwdReuseCount Method Specifies the Number of New Passwords that Must Be Used
The PwdReuseCount method specifies the number of new passwords that must be used before an old password can be reused.
Syntax
The PwdReuseCount method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdReuseCount([pwdReuseCount])
Parameters
The PwdReuseCount method accepts the following parameters:
  1. pwdReuseCount
    (int)
    (Optional) Specifies the password reuse setting.
Return Value
The PwdReuseCount method returns the new or existing password reuse setting.
PwdReuseDelay Method Specifies the Number of Days a User Must Wait Before Reusing a Password
The PwdReuseDelay method specifies the number of days a user must wait before reusing a password.
Syntax
The PwdReuseDelay method has the following format:
Netegrity::PolicyMgtPwdPolicy->PwdReuseDelay([pwdReuseDelay])
Parameters
The PwdReuseDelay method accepts the following parameter:
  1. pwdReuseDelay
    (type)
    (Optional) Specifies the password reuse delay setting.
Return Value
The PwdReuseDelay method returns the new or existing password reuse delay setting.
ReEnableAfterIncorrectPwd Method Determines whether To Re-enable a User Account after the Entry of an Incorrect Password
The ReEnableAfterIncorrectPwd method determines whether to re-enable a user account after the entry of an incorrect password or passwords.
Syntax
The ReEnableAfterIncorrectPwd method has the following format:
Netegrity::PolicyMgtPwdPolicy->ReEnableAfterIncorrectPwd([groupFlag])
Parameters
The ReEnableAfterIncorrectPwd method accepts the following parameter:
  1. groupFlag
    (int)
    (Optional) Specifies whether to re-enable a user account after the entry of an incorrect password:
    • 0 disables the account
    • 1 enables the account
Return Value
The ReEnableAfterIncorrectPwd method returns one of the following values:
  • 1 if a user account should be re-enabled after entry of an incorrect password or passwords.
  • 0 if a user should be allowed 1 login attempt after entry of an incorrect password or passwords.
Save Method Saves the Password Policy to the Policy Store
The Save method saves the password policy to the policy store.
Syntax
The Save method has the following format:
Netegrity::PolicyMgtPwdPolicy->Save( )
Parameters
The Save method accepts no parameters.
Return Value
The Save method returns one of the following values:
  • 0 if the call is successful
  • -1 if the call is unsuccessful
  • -4 if the user has insufficient privileges to save the changes.
  • 10 if the path and class are empty.
Remarks
Call this method once after making all the modifications to the password policy that you intend to make. This method must be called for any changes to take effect.
StripEmbeddedWhiteSpace Method Determines whether To Strip New Passwords of Embedded White Space
The StripEmbeddedWhiteSpace method sets or retrieves the flag that determines whether to strip new passwords of embedded white space.
Syntax
The StripEmbeddedWhiteSpace method has the following format:
Netegrity::PolicyMgtPwdPolicy->StripEmbeddedWhiteSpace([stripEmbeddedFlag])
Parameters
The StripEmbeddedWhiteSpace method accepts the following parameter:
  1. stripEmbeddedFlag
    (int)
    (Optional) Specifies whether to strip embedded white space from new passwords:
    • 1 strips the embedded white space
    • 0 includes embedded white space
Return Value
The StripEmbeddedWhiteSpace method returns the new or existing flag setting.
StripLeadingWhiteSpace Method Determines whether To Strip New Passwords of Leading White Space
The StripLeadingWhiteSpace method sets or retrieves the flag that determines whether to strip new passwords of leading white space.
Syntax
The StripLeadingWhiteSpace method has the following format:
Netegrity::PolicyMgtPwdPolicy->StripLeadingWhiteSpace([stripLeadingFlag])
Parameters
The StripLeadingWhiteSpace method accepts the following parameter:
  1. stripLeadingFlag
    (int)
    (Optional) Specifies whether to strip leading white space from passwords:
    • 1 strips leading white space
    • 0 includes leading white space
Return Value
The StripLeadingWhiteSpace method returns the new or existing flag setting.
StripTrailingWhiteSpace Method Determines whether To Strip New Passwords of Trailing White Space
The StripTrailingWhiteSpace method sets or retrieves the flag that determines whether to strip new passwords of trailing white space.
Syntax
The StripTrailingWhiteSpace method has the following format:
Netegrity::PolicyMgtPwdPolicy->StripTrailingWhiteSpace([stripTrailingFlag])
Parameters
The StripTrailingWhiteSpace method accepts the following parameter:
  1. stripTrailingFlag
    (int)
    (Optional) Specifies whether to strip trailing white space from passwords:
    • 1 strips trailing white space
    • 0 includes trailing white space
Return Value
The StripTrailingWhiteSpace method returns the new or existing flag setting.
TrackLoginDetails Method Determines whether To Track Authentication Attempts and Successful Logins
The TrackLoginDetails method sets or retrieves the flag that determines whether to track authentication attempts and successful logins.
Syntax
The TrackLoginDetails method has the following format:
Netegrity::PolicyMgtPwdPolicy->TrackLoginDetails([trackingFlag])
Parameters
The TrackLoginDetails method accepts the following parameter:
  1. trackingFlag
    (int)
    (Optional) Specifies whether to enable login tracking:
    • 1 enables login tracking
    • 0 disables login tracking
Return Value
The TrackLoginDetails method returns the new or existing flag setting.
UserDirClass Method Sets or Retrieves the Directory Class if the Password Policy Applies to a Part of the Directory
The UserDirClass method sets or retrieves the directory class if the password policy applies to a part of the directory.
Syntax
The UserDirClass method has the following format:
Netegrity::PolicyMgtPwdPolicy->UserDirClass([path]) 
Parameters
The UserDirClass method accepts the following parameter:
  1. path
    (string)
    (Optional) Specifies the directory class.
Return Value
The UserDirClass method returns the new or existing directory class.
UserDirectory Method Sets or Retrieves the User Directory for the Password Policy
The UserDirectory method sets or retrieves the user directory for the password policy.
Syntax
The UserDirectory method has the following format:
Netegrity::PolicyMgtPwdPolicy->UserDirectory([userDir])
Parameters
The UserDirectory method accepts the following parameter:
  1. userDir
    (PolicyMgtUserDir)
    (Optional) Specifies the user directory for the password policy.
Return Value
The UserDirectory method returns a PolicyMgtUserDir object.
UserDirPath Method Sets or Retrieves the Directory Path if the Password Policy Applies to a Part of the Directory
The UserDirPath method sets or retrieves the directory path if the password policy applies to a part of the directory.
Syntax
The UserDirPath method has the following format:
Netegrity::PolicyMgtPwdPolicy->UserDirPath([path])
Parameters
The UserDirPath method accepts the following parameter:
  1. path
    (type)
    (Optional) Specifies the directory path.
Return Value
The UserDirPath method returns the new or existing directory path.