Use the dsconfig tool to configure the Regular Expression Password
Validator.
-
Use dsconfig to create a regular expression password
validator.
The following password validator checks that the password contains at least one number, one lowercase letter, and one uppercase letter with no restrictions on password length. If the password matches the regular expression, then it is accepted. When using the following command, remember to include the LDAP/LDAPS connection parameters (host name and port), bind DN, and bind password.
$ bin/dsconfig create-password-validator \ --validator-name "Regular Expression" \ --type regular-expression --set enabled:true \ --set "match-pattern:^\\w*(?=\\w*\\d)(?=\\w*[a-z])(?=\\w*[A-Z])\\w*\$" \ --set match-behavior:require-match -
Update an existing password policy to use the regular expression password
validator.
$ bin/dsconfig set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Regular Expression" -
Test the regular expression password validator by submitting a password that meets
the requirements.
Note:
To meet the password requirements, make sure your password contains one number, one lowercase letter, and one uppercase letter.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaA1The LDAP password modify operation was successful -
Test a password that does not meet the password requirements.
The following password should fail because no uppercase letter is present.
$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword baaa1Error Message: The provided new password failed the validation checks defined in the server: The provided password is not acceptable because it does not match regular expression pattern '^\w*(?=\w*\d)(?=\w*[a-z])(?=\w*[A-Z])\w*$'