PingDirectory

Configuring the Length-Based Password Validator

Steps

  1. To edit the existing default configuration, run the dsconfig tool.

    Example:

    In this example, the required minimum number of characters in a password is set to five.

    $ bin/dsconfig create-password-validator \
  --validator-name "Length-Based Password Validator" \
  --set max-password-length:5 --set min-password-length:5

  2. Update an existing password policy to use the Length-Based Password Validator.

    Example:

    $ bin/dsconfig set-password-policy-prop \
  --policy-name "Default Password Policy" \
  --set "password-validator:Length-Based Password Policy"

  3. Test the Length-Based Password Validator by submitting a password that has fewer than the minimum number of required characters.

    Example:

    $ bin/ldappasswordmodify \
  --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword abcd

    Result:

    The LDAP password modify operation failed with result code 53
Error Message: The provided new password failed the validation checks defined in
the server: The provided password is shorter than the minimum required length of
5 characters