dsconfig get-password-validator-prop — Shows Password Validator properties
dsconfig get-password-validator-prop
{options}
The dsconfig get-password-validator-prop command takes the following options:
--validator-name {name}
The name of the Password Validator.
Password Validator properties depend on the Password Validator type, which depends on the {name} you provide.
By default, OpenDJ directory server supports the following Password Validator types:
Default {name}: Attribute Value Password Validator
Enabled by default: true
See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.
Default {name}: Character Set Password Validator
Enabled by default: true
See the section called “Character Set Password Validator” for the properties of this Password Validator type.
Default {name}: Dictionary Password Validator
Enabled by default: true
See the section called “Dictionary Password Validator” for the properties of this Password Validator type.
Default {name}: Length Based Password Validator
Enabled by default: true
See the section called “Length Based Password Validator” for the properties of this Password Validator type.
Default {name}: Repeated Characters Password Validator
Enabled by default: true
See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.
Default {name}: Similarity Based Password Validator
Enabled by default: true
See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.
Default {name}: Unique Characters Password Validator
Enabled by default: true
See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.
--property {property}
The name of a property to be displayed.
Password Validator properties depend on the Password Validator type, which depends on the {property} you provide.
By default, OpenDJ directory server supports the following Password Validator types:
Default {property}: Attribute Value Password Validator
Enabled by default: true
See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.
Default {property}: Character Set Password Validator
Enabled by default: true
See the section called “Character Set Password Validator” for the properties of this Password Validator type.
Default {property}: Dictionary Password Validator
Enabled by default: true
See the section called “Dictionary Password Validator” for the properties of this Password Validator type.
Default {property}: Length Based Password Validator
Enabled by default: true
See the section called “Length Based Password Validator” for the properties of this Password Validator type.
Default {property}: Repeated Characters Password Validator
Enabled by default: true
See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.
Default {property}: Similarity Based Password Validator
Enabled by default: true
See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.
Default {property}: Unique Characters Password Validator
Enabled by default: true
See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.
-E | --record
Modifies the display output to show one property value per line.
Password Validator properties depend on the Password Validator type, which depends on the null you provide.
By default, OpenDJ directory server supports the following Password Validator types:
Default null: Attribute Value Password Validator
Enabled by default: true
See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.
Default null: Character Set Password Validator
Enabled by default: true
See the section called “Character Set Password Validator” for the properties of this Password Validator type.
Default null: Dictionary Password Validator
Enabled by default: true
See the section called “Dictionary Password Validator” for the properties of this Password Validator type.
Default null: Length Based Password Validator
Enabled by default: true
See the section called “Length Based Password Validator” for the properties of this Password Validator type.
Default null: Repeated Characters Password Validator
Enabled by default: true
See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.
Default null: Similarity Based Password Validator
Enabled by default: true
See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.
Default null: Unique Characters Password Validator
Enabled by default: true
See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.
-z | --unit-size {unit}
Display size data using the specified unit. The value for UNIT can be one of b, kb, mb, gb, or tb (bytes, kilobytes, megabytes, gigabytes, or terabytes).
Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following Password Validator types:
Default {unit}: Attribute Value Password Validator
Enabled by default: true
See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.
Default {unit}: Character Set Password Validator
Enabled by default: true
See the section called “Character Set Password Validator” for the properties of this Password Validator type.
Default {unit}: Dictionary Password Validator
Enabled by default: true
See the section called “Dictionary Password Validator” for the properties of this Password Validator type.
Default {unit}: Length Based Password Validator
Enabled by default: true
See the section called “Length Based Password Validator” for the properties of this Password Validator type.
Default {unit}: Repeated Characters Password Validator
Enabled by default: true
See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.
Default {unit}: Similarity Based Password Validator
Enabled by default: true
See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.
Default {unit}: Unique Characters Password Validator
Enabled by default: true
See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.
-m | --unit-time {unit}
Display time data using the specified unit. The value for UNIT can be one of ms, s, m, h, d, or w (milliseconds, seconds, minutes, hours, days, or weeks).
Password Validator properties depend on the Password Validator type, which depends on the {unit} you provide.
By default, OpenDJ directory server supports the following Password Validator types:
Default {unit}: Attribute Value Password Validator
Enabled by default: true
See the section called “Attribute Value Password Validator” for the properties of this Password Validator type.
Default {unit}: Character Set Password Validator
Enabled by default: true
See the section called “Character Set Password Validator” for the properties of this Password Validator type.
Default {unit}: Dictionary Password Validator
Enabled by default: true
See the section called “Dictionary Password Validator” for the properties of this Password Validator type.
Default {unit}: Length Based Password Validator
Enabled by default: true
See the section called “Length Based Password Validator” for the properties of this Password Validator type.
Default {unit}: Repeated Characters Password Validator
Enabled by default: true
See the section called “Repeated Characters Password Validator” for the properties of this Password Validator type.
Default {unit}: Similarity Based Password Validator
Enabled by default: true
See the section called “Similarity Based Password Validator” for the properties of this Password Validator type.
Default {unit}: Unique Characters Password Validator
Enabled by default: true
See the section called “Unique Characters Password Validator” for the properties of this Password Validator type.
Password Validators of type attribute-value-password-validator have the following properties:
Indicates whether this password validator is to match portions of the password string against attribute values. If "false" then only match the entire password against attribute values otherwise ("true") check whether the password contains attribute values.
true
true
false
No
No
None
No
No
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.AttributeValuePasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the name(s) of the attribute(s) whose values should be checked to determine whether they match the provided password. If no values are provided, then the server checks if the proposed password matches the value of any attribute in the user's entry.
All attributes in the user entry will be checked.
The name of an attribute type defined in the server schema.
Yes
No
None
No
No
Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.
5
An integer value. Lower value is 0.
No
No
None
No
No
Indicates whether this password validator should test the reversed value of the provided password as well as the order in which it was given.
None
true
false
No
Yes
None
No
No
Password Validators of type character-set-password-validator have the following properties:
Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges. If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected.
None
true
false
No
Yes
None
No
No
Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set. Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set.
If no sets are specified, the validator only uses the defined character ranges.
A String
Yes
No
None
No
No
Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range. Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered.
If no ranges are specified, the validator only uses the defined character sets.
A String
Yes
No
None
No
No
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.CharacterSetPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the minimum number of character sets and ranges that a password must contain. This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3.
The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges.
An integer value. Lower value is 0.
No
No
None
No
No
Password Validators of type dictionary-password-validator have the following properties:
Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user.
false
true
false
No
Yes
None
No
No
Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words.
true
true
false
No
No
None
No
No
Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root.
For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt
The path to any text file contained on the system that is readable by the server.
No
Yes
None
No
No
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.DictionaryPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.
5
An integer value. Lower value is 0.
No
No
None
No
No
Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry.
true
true
false
No
Yes
None
No
No
Password Validators of type length-based-password-validator have the following properties:
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.LengthBasedPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of characters that can be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length.
0
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
No
No
Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. If both minimum and maximum lengths are defined, then the minimum length must be less than or equal to the maximum length.
6
An integer value. Lower value is 0. Upper value is 2147483647.
No
No
None
No
No
Password Validators of type repeated-characters-password-validator have the following properties:
Indicates whether this password validator should treat password characters in a case-sensitive manner. If the value of this property is false, the validator ignores any differences in capitalization when looking for consecutive characters in the password. If the value is true, the validator considers a character to be repeating only if all consecutive occurrences use the same capitalization.
None
true
false
No
Yes
None
No
No
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.RepeatedCharactersPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the maximum number of times that any character can appear consecutively in a password value. A value of zero indicates that no maximum limit is enforced.
None
An integer value. Lower value is 0.
No
Yes
None
No
No
Password Validators of type similarity-based-password-validator have the following properties:
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.SimilarityBasedPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the minimum difference of new and old password. A value of zero indicates that no difference between passwords is acceptable.
None
An integer value. Lower value is 0. Upper value is 2147483647.
No
Yes
None
No
No
Password Validators of type unique-characters-password-validator have the following properties:
Indicates whether this password validator should treat password characters in a case-sensitive manner. A value of true indicates that the validator does not consider a capital letter to be the same as its lower-case counterpart. A value of false indicates that the validator ignores differences in capitalization when looking at the number of unique characters in the password.
None
true
false
No
Yes
None
No
No
Indicates whether the password validator is enabled for use.
None
true
false
No
Yes
None
No
No
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
org.opends.server.extensions.UniqueCharactersPasswordValidator
A Java class that implements or extends the class(es): org.opends.server.api.PasswordValidator
No
Yes
The Password Validator must be disabled and re-enabled for changes to this setting to take effect
Yes (Use --advanced in interactive mode.)
No
Specifies the minimum number of unique characters that a password will be allowed to contain. A value of zero indicates that no minimum value is enforced.
None
An integer value. Lower value is 0.
No
Yes
None
No
No