Configure the Repeated Character Password Validator with the dsconfig
tool.
-
To edit the existing default configuration, run the dsconfig
tool.
- Set the maximum consecutive length of any character. Note:
For the following example, the maximum consecutive length of any character is set to 3. The validator rejects any passwords with 4 or more consecutive characters, such as "baaaa1" or "4eeeeb", etc.
$ bin/dsconfig set-password-validator-prop \ --validator-name "Repeated Characters" \ --set max-consecutive-length:3
- Configure the validator to reject any character from a pre-defined character
set that appears more than the specified number of times in a row (2). Note:
You can specify more than one character set. For example, the following validator defines two characters sets:
abc
and123
. It rejects any passwords with more than two consecutive characters from a character set, such as "aaa", "bbb", "ccc", "abc", or "123". However, a password, such as "12a3", is acceptable.$ bin/dsconfig set-password-validator-prop \ --validator-name "Repeated Characters" \ --set character-set:123 --set character-set:abc
- Set the maximum consecutive length of any character.
-
Update an existing password policy to use the Repeated Character Password
Validator.
$ bin/dsconfig --no-prompt set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Repeated Characters"
-
To test the Repeated Character Validator, submit a password that has more than the
maximum allowable length of consecutive characters.
For this example, the faulty password submitted is
baaa1
.$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" \ --newPassword baaa1
The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password contained too many instances of the same character appearing consecutively. The maximum number of times the same character may appear consecutively in a password is 2