1. To edit the existing default configuration for the Attribute Value Password Validator, run the dsconfig tool.

    In this example, the configuration change configures the validator to only examine a specified set of attributes.

    $ bin/dsconfig set-password-validator-prop \ 
      --validator-name "Attribute Value" \ 
      --set match-attribute:cn \ 
      --set match-attribute:sn \
      --set match-attribute:telephonenumber \ 
      --set match-attribute:uid
  2. Update an existing password policy to use the Attribute Value Password Validator.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Attribute Value"
  3. Test the Attribute Value Password Validator by submitting a password that is identical to one of the configured attributes (cn, sn, telephonenumber, uid).
    $ bin/ldappasswordmodify --authzID "uid=user.0,ou=People,dc=example,dc=com" \
      --newPassword user.0
    The LDAP password modify operation failed with result code 53 
    Error Message: The provided new password failed the validation checks defined in the 
    server: The provided password was found in another attribute in the user entry