Character Set Password Validator

The Character Set Password Validator determines whether a proposed password is acceptable by checking whether it contains a sufficient number of characters from one or more user-defined character sets.

For example, the validator can ensure that passwords must have at least one lowercase letter, one uppercase letter, one digit, and one symbol.

Parent Component Properties dsconfig Usage

Parent Component

The Character Set Password Validator component inherits from the Password Validator

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 validator-requirement-description
 validator-failure-message
 character-set
 allow-unclassified-characters
 minimum-required-character-sets

Basic Properties

description

Description
A description for this Password Validator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the password validator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

validator-requirement-description

Description
Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator.
Default Value
The requirement description will be automatically generated by the password validator.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

validator-failure-message

Description
Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator.
Default Value
The requirement description will be automatically generated by the password validator.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

character-set

Description
Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be specified with an integer (indicating the minimum required characters from the set) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set.
A character set may be declared optional by preceding the characters in the set with an integer value of zero. This indicates that the password may, but is not required to, contain characters from that set. If the allow-unclassified-characters property has a value of "false", then this is the only way to permit characters from non-mandatory sets. Alternately, this may be used in conjunction with the minimum-required-character-sets property to indicate that a proposed password must contain characters from at least some minimum number of sets.
Default Value
None
Allowed Values
A string
Multi-Valued
Yes
Required
Yes
Admin Action Required
None. Modification requires no further action

allow-unclassified-characters

Description
Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets. If this is "false", then only those characters in the user-defined character sets may be used in passwords. Any password containing a character not included in any character set will be rejected.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

minimum-required-character-sets

Description
Specifies the minimum number of character sets that must be represented in a proposed password. This property is primarily useful if the validator is configured with multiple optional character sets (that is, character sets preceded by an integer value of zero), and a proposed password must contain characters from at least some number of those sets. For example, if you define optional sets of lowercase letters, uppercase letters, numeric digits, and symbols, you may specify a minimum-required-character-sets of three to indicate that a proposed password must contain characters from at least three of those sets.
Default Value
1
Allowed Values
An integer value. Lower limit is 1.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Validators:

dsconfig list-password-validators
     [--property {propertyName}] ...

To view the configuration for an existing Password Validator:

dsconfig get-password-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Validator:

dsconfig set-password-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Character Set Password Validator:

dsconfig create-password-validator
     --validator-name {name}
     --type character-set
     --set enabled:{propertyValue}
     --set character-set:{propertyValue}
     --set allow-unclassified-characters:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Validator:

dsconfig delete-password-validator
     --validator-name {name}