Page created: 4 Feb 2020
|
Page updated: 22 Jul 2020
| 1 min read
Product PingDirectory 8.1 Directory Capability Product documentation Content Type Administration User task Configuration IT Administrator Administrator Audience Software Deployment Method
-
Use dsconfig to edit the existing default configuration. In
this example, we set the minimum number of differences to 2.
$ bin/dsconfig set-password-validator-prop \ --validator-name "Similarity-Based Password Validator" \ --set min-password-difference:2
-
Update an existing password policy to use the Similarity-Based Password
Validator. The
password-change-requires-current-password
property must be set to TRUE, so that the password policy will ensure that the user’s current password is available when that user is choosing a new password.$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Similarity-Based Password Validator" \ --set password-change-requires-current-password:true
-
Test the Similarity-Based Password Validator by submitting a password that has
fewer than the minimum number of changes (e.g., 2). The
ldappasswordmodify command requires the
--currentPassword option when testing the Similarity-Based
Password Validator.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" \ --currentPassword abcde --newPassword abcdd
The LDAP password modify operation failed with result code 49