The Dictionary Password Validator determines whether a proposed password is acceptable based on whether the given password value appears in a provided dictionary file.
A large dictionary file is provided with the server, but the administrator can supply an alternate dictionary. In this case, then the dictionary must be a plain-text file with one word per line.
↓Parent Component
↓Properties
↓dsconfig Usage
The Dictionary Password Validator component inherits from the Password Validator
The properties supported by this managed object are as follows:
Basic Properties: | Advanced Properties: |
---|---|
↓ description | None |
↓ enabled | |
↓ validator-requirement-description | |
↓ validator-failure-message | |
↓ dictionary-file | |
↓ case-sensitive-validation | |
↓ test-reversed-password |
Description | A description for this Password Validator |
Default Value | None |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether the password validator is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
validator-requirement-description
Description | Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator. |
Default Value | The requirement description will be automatically generated by the password validator. |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator. |
Default Value | The requirement description will be automatically generated by the password validator. |
Allowed Values | A string |
Multi-Valued | No |
Required | No |
Admin Action Required | None. Modification requires no further action |
Description | Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the Directory Server instance root. |
Default Value | For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt |
Allowed Values | A filesystem path |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. |
Default Value | false |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
Description | Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. |
Default Value | true |
Allowed Values | true false |
Multi-Valued | No |
Required | Yes |
Admin Action Required | None. Modification requires no further action |
To list the configured Password Validators:
dsconfig list-password-validators [--property {propertyName}] ...
To view the configuration for an existing Password Validator:
dsconfig get-password-validator-prop --validator-name {name} [--tab-delimited] [--script-friendly] [--property {propertyName}] ...
To update the configuration for an existing Password Validator:
dsconfig set-password-validator-prop --validator-name {name} (--set|--add|--remove) {propertyName}:{propertyValue} [(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Dictionary Password Validator:
dsconfig create-password-validator --validator-name {name} --type dictionary --set enabled:{propertyValue} [--set {propertyName}:{propertyValue}] ...
To delete an existing Password Validator:
dsconfig delete-password-validator --validator-name {name}