1. To edit the existing default configuration, run the dsconfig tool.

    In this example, we set the minimum number of unique characters that a password is allowed to contain to 3.

    $ bin/dsconfig set-password-validator-prop \ 
      --validator-name "Similarity-Based" --set min-unique-characters:3
  2. Update an existing password policy to use the Unique Characters Password Validator.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Unique Characters"
  3. Test the Unique Characters Password Validator by submitting a password that has fewer than the minimum number of unique characters, such as 3.
    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" \
      --newPassword aaaaa
    The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password does not contain enough unique characters. The minimum number of unique characters that may appear in a user password is 3