Page created: 24 Jul 2019
|
Page updated: 6 Nov 2019
| 1 min read
7.3 Product PingDirectory
-
Use dsconfig to create a Regular Expression password
validator. The following password validator checks that the password contains at
least one number, one lowercase letter, and one uppercase letter with no
restrictions on password length. If the password matches the regular expression,
then it will be accepted. When using the following command, remember to include
the LDAP/LDAPS connection parameters (host name and port), bind DN, and bind
password.
$ bin/dsconfig create-password-validator \ --validator-name "Regular Expression" \ --type regular-expression --set enabled:true \ --set "match-pattern:^\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*\$" \ --set match-behavior:require-match
-
Update an existing password policy to use the Regular Expression
validator.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Regular Expression"
-
Test the Regular Expression Validator by submitting a password that meets the
requirements (contains one number, one lowercase letter, and one uppercase
letter), then run it again with a password that does not meet these
requirements.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaA1
The LDAP password modify operation was successful
-
Try another password. The following password should fail, because no uppercase
letter is present.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaa1
Error Message: The provided new password failed the validation checks defined in the server: The provided password is not acceptable because it does not match regular expression pattern '^\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*$'