The Similarity Based Password Validator determines whether a proposed password is acceptable by measuring how similar it is to the user's current password.
In particular, it uses the Levenshtein Distance algorithm to determine the minimum number of changes (where a change may be inserting, deleting, or replacing a character) to transform one string into the other. It can be used to prevent users from making only minor changes to their current password when setting a new password. Note that for this password validator to be effective, it is necessary to have access to the user's current password. Therefore, if this password validator is to be enabled, the password-change-requires-current-password attribute in the password policy configuration must also be set to true.
The Similarity Based Password Validator component inherits from the Password Validator
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| enabled | |
| validator-requirement-description | |
| validator-failure-message | |
| min-password-difference |
| Description | A description for this Password Validator |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Indicates whether the password validator is enabled for use. |
| Default Value | None |
| Allowed Values | true false |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
validator-requirement-description
| Description | Specifies a message that can be used to describe the requirements imposed by this password validator to end users. If a value is provided for this property, then it will override any description that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies a message that may be provided to the end user in the event that a proposed password is rejected by this validator. If a value is provided for this property, then it will override any failure message that may have otherwise been generated by the validator. |
| Default Value | The requirement description will be automatically generated by the password validator. |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable. |
| Default Value | None |
| Allowed Values | An integer value. Lower limit is 0. Upper limit is 2147483647 . |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured Password Validators:
dsconfig list-password-validators
[--property {propertyName}] ...
To view the configuration for an existing Password Validator:
dsconfig get-password-validator-prop
--validator-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing Password Validator:
dsconfig set-password-validator-prop
--validator-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Similarity Based Password Validator:
dsconfig create-password-validator
--validator-name {name}
--type similarity-based
--set enabled:{propertyValue}
--set min-password-difference:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing Password Validator:
dsconfig delete-password-validator
--validator-name {name}