1. Use dsconfig to edit the existing default configuration. In this example, we change the requirement for special characters making them optional in a password, and add a requirement that at least two digits must be included in the password. Thus, in this example, all newly created passwords must have at least one lowercase letter, one uppercase letter, two digits, and optionally any special characters listed.
    $ bin/dsconfig set-password-validator-prop \ 
      --validator-name "Character Set" \ 
      --remove character-set:1:0123456789 \ 
      --remove "character-set:1:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \ 
      --add character-set:2:0123456789 \
      --add "character-set:0:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \
      --set allow-unclassified-characters:false
  2. Update an existing password policy to use the Character Set Password Validator.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Character Set"
  3. Test the Character Set Password Validator by submitting a password that meets the requirements (one lowercase letter, one uppercase letter, two digits). The following example should reject the given password because it does not pass the Character Set Password Validator.
    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword abab1