You can configure the Repeated Character Password Validator with the dsconfig command. This validator ensures that user passwords don't contain character fragments, such as strings of repeated characters like "aaaaaa" or "aaabbb."
-
To edit the existing default configuration, run the dsconfig
tool.
- Set the maximum consecutive length of any character. Note:
For the following example, the maximum consecutive length of any character is set to 3. The validator rejects any passwords with 4 or more consecutive characters, such as "baaaa1" or "4eeeeb", etc.
$ bin/dsconfig set-password-validator-prop \ --validator-name "Repeated Characters" \ --set max-consecutive-length:3
- Configure the validator to reject any character from a pre-defined character
set that appears more than the specified number of times in a row (2). Note:
You can specify more than one character set. For example, the following validator defines two characters sets:
abc
and123
. It rejects any passwords with more than two consecutive characters from a character set, such as "aaa", "bbb", "ccc", "abc", or "123". However, a password, such as "12a3", is acceptable.$ bin/dsconfig set-password-validator-prop \ --validator-name "Repeated Characters" \ --set character-set:123 --set character-set:abc
- Set the maximum consecutive length of any character.
-
Update an existing password policy to use the Repeated Character Password
Validator.
$ bin/dsconfig --no-prompt set-password-policy-prop \ --policy-name "Default Password Policy" \ --set "password-validator:Repeated Characters"
-
To test the Repeated Character Validator, submit a password that has more than the
maximum allowable length of consecutive characters.
For this example, the faulty password submitted is
baaa1
.$ bin/ldappasswordmodify \ --authzID "uid=user.0,ou=People,dc=example,dc=com" \ --newPassword baaa1
The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password contained too many instances of the same character appearing consecutively. The maximum number of times the same character may appear consecutively in a password is 2