1. Use dsconfig to create a Regular Expression password validator. The following password validator checks that the password contains at least one number, one lowercase letter, and one uppercase letter with no restrictions on password length. If the password matches the regular expression, then it will be accepted. When using the following command, remember to include the LDAP/LDAPS connection parameters (host name and port), bind DN, and bind password.
    $ bin/dsconfig create-password-validator \ 
      --validator-name "Regular Expression" \ 
      --type regular-expression --set enabled:true \ 
      --set "match-pattern:^\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*\$" \ 
      --set match-behavior:require-match
  2. Update an existing password policy to use the Regular Expression validator.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Regular Expression"
  3. Test the Regular Expression Validator by submitting a password that meets the requirements (contains one number, one lowercase letter, and one uppercase letter), then run it again with a password that does not meet these requirements.
    $ bin/ldappasswordmodify \ 
      --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaA1
    The LDAP password modify operation was successful
  4. Try another password. The following password should fail, because no uppercase letter is present.
    $ bin/ldappasswordmodify \ 
      --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaa1
    Error Message: The provided new password failed the validation checks 
    defined in the server: The provided password is not acceptable because it does 
    not match regular expression pattern '^\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*$'