Configuring the Repeated Character Password Validator - PingDirectory - 9.3

PingDirectory 9.3

PingDirectory 9.3
PingDirectory 9.3 (Latest)

You can configure the Repeated Character Password Validator with the dsconfig command. This validator ensures that user passwords don't contain character fragments, such as strings of repeated characters like "aaaaaa" or "aaabbb."

  1. To edit the existing default configuration, run the dsconfig tool.
    • Set the maximum consecutive length of any character.

      For the following example, the maximum consecutive length of any character is set to 3. The validator rejects any passwords with 4 or more consecutive characters, such as "baaaa1" or "4eeeeb", etc.

      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set max-consecutive-length:3
    • Configure the validator to reject any character from a pre-defined character set that appears more than the specified number of times in a row (2).

      You can specify more than one character set. For example, the following validator defines two characters sets: abc and 123. It rejects any passwords with more than two consecutive characters from a character set, such as "aaa", "bbb", "ccc", "abc", or "123". However, a password, such as "12a3", is acceptable.

      $ bin/dsconfig set-password-validator-prop \ 
        --validator-name "Repeated Characters" \ 
        --set character-set:123 --set character-set:abc
  2. Update an existing password policy to use the Repeated Character Password Validator.
    $ bin/dsconfig --no-prompt set-password-policy-prop \ 
      --policy-name "Default Password Policy" \
      --set "password-validator:Repeated Characters"
  3. To test the Repeated Character Validator, submit a password that has more than the maximum allowable length of consecutive characters.

    For this example, the faulty password submitted is baaa1.

    $ bin/ldappasswordmodify \
      --authzID "uid=user.0,ou=People,dc=example,dc=com" \ 
      --newPassword baaa1
    The LDAP password modify operation failed with result code 53 Error Message: The provided new password failed the validation checks defined in the server: The provided password contained too many instances of the same character appearing consecutively. The maximum number of times the same character may appear consecutively in a password is 2