Configuring the Regular Expression Password Validator
About this task
Use the dsconfig
tool to configure the Regular Expression Password Validator.
Steps
-
Use
dsconfig
to create a regular expression password validator.Example:
The following password validator checks that the password contains at least one number, one lowercase letter, and one uppercase letter with no restrictions on password length. If the password matches the regular expression, then it is accepted. When using the following command, remember to include the LDAP/LDAPS connection parameters (host name and port), bind DN, and bind password.
$ bin/dsconfig create-password-validator \ --validator-name "Regular Expression" \ --type regular-expression --set enabled:true \ --set "match-pattern:^\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*\$" \ --set match-behavior:require-match
-
Update an existing password policy to use the regular expression password validator.
Example:
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Regular Expression"
-
Test the regular expression password validator by submitting a password that meets the requirements.
To meet the password requirements, make sure your password contains one number, one lowercase letter, and one uppercase letter.
Example:
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaA1
Result:
The LDAP password modify operation was successful
-
Test a password that does not meet the password requirements.
Example:
The following password should fail because no uppercase letter is present.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaa1
Result:
Error Message: The provided new password failed the validation checks defined in the server: The provided password is not acceptable because it does not match regular expression pattern '^\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*$'