The Dictionary Password Validator determines whether a proposed password is acceptable based on whether the given password value appears in a provided dictionary file.
A large dictionary file is provided with the server, but the administrator can supply an alternate dictionary. In this case, then the dictionary must be a plain-text file with one word per line.
The Dictionary Password Validator object inherits from Password Validator.
Use the --advanced
option to access advanced properties.
Basic Properties
Advanced Properties
Synopsis | Indicates whether this password validator is to treat password characters in a case-sensitive manner. |
Description | If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user. |
Default Value | false |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Indicates whether this password validator is to match portions of the password string against dictionary words. |
Description | If "false" then only match the entire password against words otherwise ("true") check whether the password contains words. |
Default Value | true |
Allowed Values | true false |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Specifies the path to the file containing a list of words that cannot be used as passwords. |
Description | It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root. |
Default Value | For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt |
Allowed Values | The path to any text file contained on the system that is readable by the server. |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Indicates whether the password validator is enabled for use. |
Default Value | None |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Indicates the minimal length of the substring within the password in case substring checking is enabled. |
Description | If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords. |
Default Value | 5 |
Allowed Values | An integer. Lower limit: 0. |
Multi-valued | No |
Required | No |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. |
Description | For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry. |
Default Value | true |
Allowed Values | true false |
Multi-valued | No |
Required | Yes |
Admin Action Required | None |
Advanced | No |
Read-Only | No |
Synopsis | Specifies the fully-qualified name of the Java class that provides the password validator implementation. |
Default Value | org.opends.server.extensions.DictionaryPasswordValidator |
Allowed Values | A Java class that extends or implements: org.opends.server.api.PasswordValidator |
Multi-valued | No |
Required | Yes |
Admin Action Required | The object must be disabled and re-enabled for changes to take effect. |
Advanced | Yes |
Read-Only | No |