UnboundID Metrics Engine - Attribute Value Password Validator

Metrics Engine Documentation Index
Configuration Reference Home

Attribute Value Password Validator

Note: this component is designated "advanced", which means that objects of this type are not expected to be created or altered in most environments. If you believe that such a change is necessary, you may want to contact UnboundID support in order to understand the potential impact of that change.

The Attribute Value Password Validator attempts to determine whether a proposed password is acceptable for use by determining whether that password is contained in any attribute within the user's entry.

It can be configured to look in all attributes in the user's entry or in a specified subset of attributes. It can perform both forward and reverse matching, and can match passwords which are substrings of attribute values, or attribute values which are substrings of passwords.

↓Parent Component
↓Properties
↓dsconfig Usage

Parent Component

The Attribute Value Password Validator component inherits from the Password Validator

Properties

The properties supported by this managed object are as follows:

Basic Properties:	Advanced Properties:
↓ description	None
↓ enabled
↓ match-attribute
↓ test-password-substring-of-attribute-value
↓ test-attribute-value-substring-of-password
↓ test-reversed-password

Basic Properties

description

Description	A description for this Password Validator
Default Value	None
Allowed Values	A string
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

enabled

Description	Indicates whether the password validator is enabled for use.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

match-attribute

Description	Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any user attribute in the target user's entry.
Default Value	All user attributes in the target user's entry will be checked.
Allowed Values	The name or OID of an attribute type defined in the server schema.
Multi-Valued	Yes
Required	No
Admin Action Required	None. Modification requires no further action

test-password-substring-of-attribute-value

Description	Indicates whether to reject any proposed password that is a substring of a value in one of the match attributes in the target user's entry.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

test-attribute-value-substring-of-password

Description	Indicates whether to reject any proposed password in which a value in one of the match attributes in the target user's entry is a substring of that password.
Default Value	false
Allowed Values	true false
Multi-Valued	No
Required	No
Admin Action Required	None. Modification requires no further action

test-reversed-password

Description	Indicates whether to perform matching against the reversed value of the provided password in addition to the order in which it was given.
Default Value	None
Allowed Values	true false
Multi-Valued	No
Required	Yes
Admin Action Required	None. Modification requires no further action

dsconfig Usage

To list the configured Password Validators:

dsconfig list-password-validators
     [--property {propertyName}] ...

To view the configuration for an existing Password Validator:

dsconfig get-password-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Validator:

dsconfig set-password-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Attribute Value Password Validator:

dsconfig create-password-validator
     --validator-name {name}
     --type attribute-value
     --set enabled:{propertyValue}
     --set test-reversed-password:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Validator:

dsconfig delete-password-validator
     --validator-name {name}