1. To edit the existing default configuration, run the dsconfig tool.
    • Set the maximum consecutive length of any character.

      For the following example, the maximum consecutive length of any character is set to 3. The validator rejects any passwords with 4 or more consecutive characters, such as "baaaa1" or "4eeeeb", etc.

      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set max-consecutive-length:3
    • Configure the validator to reject any character from a pre-defined character set that appears more than the specified number of times in a row (2).

      You can specify more than one character set. For example, the following validator defines two characters sets: abc and 123. It rejects any passwords with more than two consecutive characters from a character set, such as "aaa", "bbb", "ccc", "abc", or "123". However, a password, such as "12a3", is acceptable.

      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set character-set:123 --set character-set:abc
  2. Update an existing password policy to use the Repeated Character Password Validator.
    $ bin/dsconfig --no-prompt set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Repeated Characters"
  3. To test the Repeated Character Validator, submit a password that has more than the maximum allowable length of consecutive characters.

    For this example, the faulty password submitted is baaa1.

    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" \ 
      --newPassword baaa1
    The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password contained too many instances of the same character appearing consecutively. The maximum number of times the same character may appear consecutively in a password is 2