1. Use dsconfig to edit the existing default configuration.
    • In this example, we set the maximum consecutive length of any character to 3. For example, the following validator rejects any passwords, such as "baaaa1" or "4eeeeb", etc.
      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set max-consecutive-length:3
    • Or, you can configure the validator to reject any character from a pre-defined character set that appears more than the specified number of times in a row (2). You can also specify more than one character set. For example, the following validator defines two characters sets: [abc] and [123]. It rejects any passwords with more than two consecutive characters from a character set. Thus, "aaa", "bbb", "ccc", "abc", or "123" and so on fails, but "12a3" is okay.
      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set character-set:123 --set character-set:abc
  2. Update an existing password policy to use the Repeated Character Password Validator.
    $ bin/dsconfig --no-prompt set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Repeated Characters"
  3. Test the Repeated Character Validator by submitting a password that has more than the maximum allowable length of consecutive characters.
    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" \ 
      --newPassword baaa1
    The LDAP password modify operation failed with result code 53 
    Error Message: The provided new password failed the validation checks defined 
    in the server: The provided password contained too many instances of the same 
    character appearing consecutively. The maximum number of times the same 
    character may appear consecutively in a password is 2