Authenticate and changePassword
For the RgyUser.authenticate() and RgyUser.changePassword(),
the Registry Direct Java™ API
generates errors that closely match the existing azn_util_password_authenticate and azn_util_password_change AZN
API errors.
The following table maps the error codes and the API errors:
| RgyException | AZN API Error | AZN status code | AZN API Message |
|---|---|---|---|
ServerDownRgyException |
AZN_S_FAILURE, ivacl_s_registry_server_down |
ivacl_s_registry_server_down | HPDAC0779E The LDAP registry server is down. |
| N/A | AZN_S_FAILURE, ivacl_s_registry_client_memory_error
|
ivacl_s_registry_client_memory_error | HPDAC0777E LDAP Registry client returned a memory error. |
MultipleDnFoundRgyException InvalidParametersRgyException
|
AZN_S_FAILURE, ivacl_s_registry_client_bad_ldap_dn
|
ivacl_s_registry_client_bad_ldap_dn | HPDAC0772E The LDAP user registry client returned an error status for the specified DN. |
| N/A | AZN_S_FAILURE, ivacl_s_registry_client_unavailable |
ivacl_s_registry_client_unavailable | HPDAC0771E The user registry client is unavailable. |
| (null returned) | AZN_S_FAILURE, ivauthn_invalid_username |
vauthn_invalid_username | HPDIA0202W An unknown user name was provided to Access Manager. |
PasswordSetInvalidRgy Exception |
AZN_S_U_PASSWORD_EXPIRED, 0 |
ivacl_s_azn_s_u_password_expired | HPDAC1354E aznAPI User password expired. |
AccountSetInvalidRgy Exception |
AZN_S_U_ACCOUNT_DISABLED, 0 |
ivacl_s_azn_s_u_account_disabled | HPDAC1364E aznAPI Account Login is disabled. |
|
AZN_S_U_TOD_ACCESS_DENIED, ivauthn_tod_denied |
ivauthn_tod_denied | HPDIA0218W Authentication by user denied at this time of the day. |
ErrPolicyAcctLockedOutRgyException |
AZN_S_U_ACCOUNT_LOCKEDOUT, 0 |
ivacl_s_azn_s_u_account_ lockedout | HPDAC1366E aznAPI The user account is locked out. |
ErrPolicyPwdTooShortRgy Exception |
AZN_S_U_PASSWORD_TOO_SHORT, 0 |
ivacl_s_azn_s_u_password_too_short | HPDAC1367E aznAPI New password is too short. |
ErrPolicyPwdHasSpacesRgyException |
AZN_S_U_PASSWORD_HAS_SPACES, 0 |
ivacl_s_azn_s_u_password_has_spaces | HPDAC1368E aznAPI New password has illegal spaces. |
ErrPolicyPwdTooManyRepeatedRgyException |
AZN_S_U_PASSWORD_TOO _MANY_REPEATED,
0 |
ivacl_s_azn_s_u_password_too_ many_repeated | HPDAC1369E aznAPI New password has too many repeated characters. |
ErrPolicyPwdTooFewAlphaRgyException |
AZN_S_U_PASSWORD_TOO _FEW_ALPHA, 0 |
ivacl_s_azn_s_u_password_ too_few_alpha | HPDAC1370E aznAPI New password has too few alphabetic characters. |
ErrPolicyPwdTooFewNonalpha RgyException |
AZN_S_U_PASSWORD_TOO _FEW_NONALPHA,
0 |
ivacl_s_azn_s_u_password_too_few_non_alpha | HPDAC1371E aznAPI New password has too few non-alphabetic characters. |
InsufficientAccessRgy Exception |
AZN_S_U_INSUFFICIENT _ACCESS, 0 |
ivacl_s_azn_s_u_insufficient_access | HPDAC1372E aznAPI Caller does not have the permission to perform requested operation. |
ErrPolicyAcctDisabledRgy Exception |
AZN_S_U_PASSWORD_ACCT _DISABLED, 0 |
ivacl_s_azn_s_u_password_tacct_disabled | HPDAC1374W aznAPI This account is disabled due to too many failed login attempts. |
ErrPolicyAcctLockedOutRgy Exception |
AZN_S_U_AUTHEN_FAILED _ACCT_LOCKEDOUT,
0 |
ivacl_s_azn_s_u_authen_failed_ acct_lockedout | HPDAC1376E aznAPI User registry authentication failed; the user account has been locked due to too many failed login attempts. |
ErrPolicyInvalidAcctDisabled RgyException
|
AZN_S_U_AUTHEN_FAILED _ACCT_DISABLED,
0 |
ivacl_s_azn_s_u_authen_failed_ acct_disabled | HPDAC1377E aznAPI User registry authentication failed; the user account has been disabled due to too many failed login attempts. |
| N/A | AZN_S_FAILURE, rgy_s_ira_server_in_config_only_mode |
rgy_s_ira_server_in_config_ only_mode | HPDRG0207W The LDAP server is an IBM® Tivoli® Directory Server in configuration only mode. Access Manager cannot operate normally with the LDAP server in this mode. |
NativePasswordExpiredRgyException (when ldap.enhanced-pwd-policy=true)
|
AZN_S_FAILURE, ivauthn_ldap_password_expired (when [ldap]
enhanced-pwd-policy = yes) |
ivauthn_ldap_password_expired | HPDIA0237W Authentication failed. The account cannot be logged in because the password expired. |
NativePasswordNoModRgyException (when ldap.enhanced-pwd-policy=true) |
AZN_S_FAILURE, ivauthn_ldap_password_no_mod (when [ldap]
enhanced-pwd-policy = yes) |
ivauthn_ldap_password_no_mod | HPDIA0318W The user does not have permission to modify their password. |
NativePasswordTooYoungRgyException (when ldap.enhanced-pwd-policy=true)
|
AZN_S_FAILURE, ivauthn_ldap_password_
too_young (when [ldap] enhanced-pwd-policy = yes) |
ivauthn_ldap_password_too_young | HPDIA0320W The user
cannot change their password until time period elapses
after the previous change. |
NativePassword InHistoryRgyException (when ldap.enhanced-pwd-policy=true)
|
AZN_S_FAILURE, ivauthn_ldap_password_
in_history (when [ldap] enhanced-pwd-policy = yes) |
ivauthn_ldap_password_in_history | HPDIA0322W The user is not permitted to use the new password as it was used recently. |
NativeAccountLocked RgyException (when ldap.enhanced-pwd-policy=true) |
AZN_S_FAILURE, ivauthn_ldap_account_locked |
ivauthn_ldap_account_locked | HPDIA0239W Authentication failed. The account is locked. |
NativeAccountInactivated RgyException (when ldap.enhanced-pwd-policy=true) |
AZN_S_FAILURE, ivauthn_ldap_account_inactivated (when [ldap]
enhanced-pwd-policy = yes) |
ivauthn_ldap_account_inactivated | HPDIA0241W Authentication failed. The account is deactivated. |
UnhandledRgyException and other RgyExceptions |
AZN_S_AZN_S_FAILURE, ivacl_s_registry_client_error |
ivacl_s_registry_client_error | HPDAC0773E The LDAP user registry client returned an unexpected failure status. |
WarningPassword ExpiresSoonRgy Exception (when ldap.enhanced-pwd-policy=true) |
N/A | N/A | N/A |