1. To edit the existing default configuration, run the dsconfig tool.

    This example changes the requirement for special characters by making them optional in a password and adds a requirement to include at least two digits in the password. In this example, all newly created passwords must have at least one lowercase letter, one uppercase letter, two digits, and optionally any special characters listed.

    $ bin/dsconfig set-password-validator-prop \ 
      --validator-name "Character Set" \ 
      --remove character-set:1:0123456789 \ 
      --remove "character-set:1:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \ 
      --add character-set:2:0123456789 \
      --add "character-set:0:~\!@#\$\%^&*()-_=+[]{}\|;:,.<>/?" \
      --set allow-unclassified-characters:false
  2. Update an existing password policy to use the Character Set Password Validator.
    $ bin/dsconfig set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Character Set"
  3. Test the Character Set Password Validator by submitting a password that meets the requirements (one lowercase letter, one uppercase letter, two digits).

    This example should reject the given password because it does not pass the Character Set Password Validator.

    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" --newPassword abab1