Page created: 22 Jul 2020
|
Page updated: 1 Feb 2021
| 1 min read
8.2 Product PingDirectory Directory Capability Product documentation Content Type Administration User task Configuration IT Administrator Administrator Audience Software Deployment Method
-
Use dsconfig to edit the existing default
configuration. In this example, we change the requirement for
special characters making them optional in a password, and add
a requirement that at least two digits must be included in the
password. Thus, in this example, all newly created passwords
must have at least one lowercase letter, one uppercase letter,
two digits, and optionally any special characters listed.
$ bin/dsconfig set-password-validator-prop \ --validator-name "Character Set" \ --remove character-set:1:0123456789 \ --remove "character-set:1:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \ --add character-set:2:0123456789 \ --add "character-set:0:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \ --set allow-unclassified-characters:false
-
Update an existing password policy to use the Character Set Password
Validator.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Character Set"
-
Test the Character Set Password Validator by submitting a password that meets
the requirements (one lowercase letter, one uppercase letter, two digits). The
following example should reject the given password because it does not pass the
Character Set Password Validator.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword abab1