Directory Services 7.2.5

Attribute Value Password Validator

The Attribute Value Password Validator attempts to determine whether a proposed password is acceptable for use by determining whether that password is contained in any attribute within the user’s entry.

It can be configured to look in all attributes or in a specified subset of attributes.

Parent

The Attribute Value Password Validator object inherits from Password Validator.

Attribute Value Password Validator properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

check-substrings
enabled
match-attribute
min-substring-length
test-reversed-password

java-class

Basic properties

Use the --advanced option to access advanced properties.

check-substrings

Synopsis

Indicates whether this password validator is to match portions of the password string against attribute values.

Description

If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values.

Default value

true

Allowed values

true

false

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the password validator is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

match-attribute

Synopsis

Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user’s entry.

Default value

All attributes in the user entry will be checked.

Allowed values

The name of an attribute type defined in the LDAP schema.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

min-substring-length

Synopsis

Indicates the minimal length of the substring within the password in case substring checking is enabled.

Description

If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.

Default value

5

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

test-reversed-password

Synopsis

Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default value

org.opends.server.extensions.AttributeValuePasswordValidator

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No