Password Validator

Password Validators are responsible for determining whether a proposed password is acceptable for use and could include checks like ensuring it meets minimum length requirements, that it has an appropriate range of characters, or that it is not in the history.

The password policy for a user specifies the set of password validators that should be used whenever that user provides a new password. In order to activate a password validator, the corresponding configuration entry must be enabled, and the DN of that entry should be included in the password-validator attribute of the password policy in which you want that validator active. All password validator configuration entries must contain the password-validator structural objectclass.

Direct Subcomponents Relations to This Component Properties dsconfig Usage

Direct Subcomponents

The following Password Validators are available in the server :

These Password Validators inherit from the properties described below.

Relations to This Component

The following components have a direct aggregation relation to Password Validators:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 enabled
 validator-requirement-description
 validator-failure-message

Basic Properties

description

Description
A description for this Password Validator
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

enabled

Description
Indicates whether the password validator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action

validator-requirement-description

Description
Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator.
Default Value
The requirement description will be automatically generated by the password validator.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

validator-failure-message

Description
Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator.
Default Value
The requirement description will be automatically generated by the password validator.
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured Password Validators:

dsconfig list-password-validators
     [--property {propertyName}] ...

To view the configuration for an existing Password Validator:

dsconfig get-password-validator-prop
     --validator-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing Password Validator:

dsconfig set-password-validator-prop
     --validator-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Password Validator:

dsconfig create-password-validator
     --validator-name {name}
     --type {type}
     --set enabled:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing Password Validator:

dsconfig delete-password-validator
     --validator-name {name}