Configuring the Unique Characters Password Validator
Use the dsconfig tool to configure, update, and test the Unique Characters Password Validator.
Steps
-
To edit the existing default configuration, run the
dsconfigtool.Example:
In this example, we set the minimum number of unique characters that a password is allowed to contain to 3.
$ bin/dsconfig set-password-validator-prop \ --validator-name "Unique Characters" --set min-unique-characters:3 -
Update an existing password policy to use the Unique Characters Password Validator.
Example:
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Unique Characters" -
Test the Unique Characters Password Validator by submitting a password that has fewer than the minimum number of unique characters, such as 3.
Example:
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" \ --newPassword aaaaaResult:
The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password does not contain enough unique characters. The minimum number of unique characters that may appear in a user password is 3