Name

dsconfig set-password-validator-prop — Modifies Password Validator properties

Synopsis

dsconfig set-password-validator-prop {options}

Options

The dsconfig set-password-validator-prop command takes the following options:

--validator-name {name}

The name of the Password Validator.

Password Validator properties depend on the Password Validator type, which depends on the {name} you provide.

By default, OpenDJ directory server supports the following Password Validator types:

attribute-value-password-validator

Default {name}: Attribute Value Password Validator

Enabled by default: true

See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.

character-set-password-validator

Default {name}: Character Set Password Validator

Enabled by default: true

See the section called “Character Set Password Validator” for the properties of this Password Validator type.

dictionary-password-validator

Default {name}: Dictionary Password Validator

Enabled by default: true

See the section called “Dictionary Password Validator” for the properties of this Password Validator type.

length-based-password-validator

Default {name}: Length Based Password Validator

Enabled by default: true

See the section called “Length Based Password Validator” for the properties of this Password Validator type.

repeated-characters-password-validator

Default {name}: Repeated Characters Password Validator

Enabled by default: true

See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.

similarity-based-password-validator

Default {name}: Similarity Based Password Validator

Enabled by default: true

See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.

unique-characters-password-validator

Default {name}: Unique Characters Password Validator

Enabled by default: true

See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.

--set {PROP:VALUE}

Assigns a value to a property where PROP is the name of the property and VALUE is the single value to be assigned. Specify the same property multiple times in order to assign more than one value to it.

Password Validator properties depend on the Password Validator type, which depends on the --validator-name {name} option.

--reset {property}

Resets a property back to its default values where PROP is the name of the property to be reset.

Password Validator properties depend on the Password Validator type, which depends on the --validator-name {name} option.

--add {PROP:VALUE}

Adds a single value to a property where PROP is the name of the property and VALUE is the single value to be added.

Password Validator properties depend on the Password Validator type, which depends on the --validator-name {name} option.

--remove {PROP:VALUE}

Removes a single value from a property where PROP is the name of the property and VALUE is the single value to be removed.

Password Validator properties depend on the Password Validator type, which depends on the --validator-name {name} option.

Attribute Value Password Validator

Password Validators of type attribute-value-password-validator have the following properties:

check-substrings
Description

Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.AttributeValuePasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

match-attribute
Description

Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry.

Default Value

All attributes in the user entry will be checked.

Allowed Values

The name of an attribute type defined in the server schema.

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

min-substring-length
Description

Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.

Default Value

5

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

test-reversed-password
Description

Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

Character Set Password Validator

Password Validators of type character-set-password-validator have the following properties:

allow-unclassified-characters
Description

Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

character-set
Description

Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set.

Default Value

If no sets are specified, the validator only uses the defined character ranges.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

character-set-ranges
Description

Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered.

Default Value

If no ranges are specified, the validator only uses the defined character sets.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.CharacterSetPasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

min-character-sets
Description

Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3.

Default Value

The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges.

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Dictionary Password Validator

Password Validators of type dictionary-password-validator have the following properties:

case-sensitive-validation
Description

Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

check-substrings
Description

Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

dictionary-file
Description

Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root.

Default Value

For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt

Allowed Values

The path to any text file contained on the system that is readable by the server.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.DictionaryPasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

min-substring-length
Description

Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.

Default Value

5

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

test-reversed-password
Description

Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry.

Default Value

true

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

Length Based Password Validator

Password Validators of type length-based-password-validator have the following properties:

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.LengthBasedPasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

max-password-length
Description

Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length.

Default Value

0

Allowed Values

An integer value. Lower value is 0. Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

min-password-length
Description

Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length.

Default Value

6

Allowed Values

An integer value. Lower value is 0. Upper value is 2147483647.

Multi-valued

No

Required

No

Admin Action Required

None

Advanced Property

No

Read-only

No

Repeated Characters Password Validator

Password Validators of type repeated-characters-password-validator have the following properties:

case-sensitive-validation
Description

Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.RepeatedCharactersPasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

max-consecutive-length
Description

Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

Unique Characters Password Validator

Password Validators of type unique-characters-password-validator have the following properties:

case-sensitive-validation
Description

Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

enabled
Description

Indicates whether the password validator is enabled for use.

Default Value

None

Allowed Values

true

false

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No

java-class
Description

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default Value

org.opends.server.extensions.UniqueCharactersPasswordValidator

Allowed Values

A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin Action Required

The Password Validator must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

min-unique-characters
Description

Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced.

Default Value

None

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

Yes

Admin Action Required

None

Advanced Property

No

Read-only

No