The Character Set Password Validator determines whether a proposed password is acceptable by checking whether it contains a sufficient number of characters from one or more user-defined character sets.
For example, the validator can ensure that passwords must have at least one lowercase letter, one uppercase letter, one digit, and one symbol.
The Character Set Password Validator component inherits from the Password Validator
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| validator-requirement-description | |
| validator-failure-message | |
| character-set | |
| allow-unclassified-characters | |
| minimum-required-character-sets |
| Description | A description for this Password Validator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the password validator is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
validator-requirement-description
| Description | Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be specified with an integer (indicating the minimum required characters from the set) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set. A character set may be declared optional by preceding the characters in the set with an integer value of zero. This indicates that the password may, but is not required to, contain characters from that set. If the allow-unclassified-characters property has a value of "false", then this is the only way to permit characters from non-mandatory sets. Alternately, this may be used in conjunction with the minimum-required-character-sets property to indicate that a proposed password must contain characters from at least some minimum number of sets. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | Yes |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets. If this is "false", then only those characters in the user-defined character sets may be used in passwords. Any password containing a character not included in any character set will be rejected. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
minimum-required-character-sets
| Description | Specifies the minimum number of character sets that must be represented in a proposed password. This property is primarily useful if the validator is configured with multiple optional character sets (that is, character sets preceded by an integer value of zero), and a proposed password must contain characters from at least some number of those sets. For example, if you define optional sets of lowercase letters, uppercase letters, numeric digits, and symbols, you may specify a minimum-required-character-sets of three to indicate that a proposed password must contain characters from at least three of those sets. |
| Default Value | 1 |
| Allowed Values | An integer value. Lower limit is 1. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Validators:
dsconfig list-password-validators
[--property {propertyName}] ...
To view the configuration for an existing Password Validator:
dsconfig get-password-validator-prop
--validator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Validator:
dsconfig set-password-validator-prop
--validator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Character Set Password Validator:
dsconfig create-password-validator
--validator-name {name}
--type character-set
--set enabled:{propertyValue}
--set character-set:{propertyValue}
--set allow-unclassified-characters:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Validator:
dsconfig delete-password-validator
--validator-name {name}