Password Validators are responsible for determining whether a proposed password is acceptable for use and could include checks like ensuring it meets minimum length requirements, that it has an appropriate range of characters, or that it is not in the history.
The password policy for a user specifies the set of password validators that should be used whenever that user provides a new password. In order to activate a password validator, the corresponding configuration entry must be enabled, and the DN of that entry should be included in the password-validator attribute of the password policy in which you want that validator active. All password validator configuration entries must contain the password-validator structural objectclass.
The following Password Validators are available in the server :
These Password Validators inherit from the properties described below.
The following components have a direct aggregation relation to Password Validators:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| validator-requirement-description | |
| validator-failure-message |
| Description | A description for this Password Validator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the password validator is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
validator-requirement-description
| Description | Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Validators:
dsconfig list-password-validators
[--property {propertyName}] ...
To view the configuration for an existing Password Validator:
dsconfig get-password-validator-prop
--validator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Validator:
dsconfig set-password-validator-prop
--validator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Password Validator:
dsconfig create-password-validator
--validator-name {name}
--type {type}
--set enabled:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Validator:
dsconfig delete-password-validator
--validator-name {name}