1. Use dsconfig to edit the existing default configuration. In this example, we set the minimum number of differences to 2.
    $ bin/dsconfig set-password-validator-prop \ 
      --validator-name "Similarity-Based Password Validator" \ 
      --set min-password-difference:2
  2. Update an existing password policy to use the Similarity-Based Password Validator. The password-change-requires-current-password property must be set to TRUE, so that the password policy will ensure that the user’s current password is available when that user is choosing a new password.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Similarity-Based Password Validator" \ 
      --set password-change-requires-current-password:true
  3. Test the Similarity-Based Password Validator by submitting a password that has fewer than the minimum number of changes (e.g., 2). The ldappasswordmodify command requires the --currentPassword option when testing the Similarity-Based Password Validator.
    $ bin/ldappasswordmodify \ 
      --authzID "uid=user.0,ou=People,dc=example,dc=com" \
      --currentPassword abcde --newPassword abcdd
    The LDAP password modify operation failed with result code 49