Directory Services 7.4.3

Character Set Password Validator

The Character Set Password Validator determines whether a proposed password is acceptable by checking whether it contains a sufficient number of characters from one or more user-defined character sets and ranges.

For example, the validator can ensure that passwords must have at least one lowercase letter, one uppercase letter, one digit, and one symbol.

Parent

The Character Set Password Validator object inherits from Password Validator.

Character Set Password Validator properties

You can use configuration expressions to set property values at startup time. For details, see Property value substitution.

Basic Properties Advanced Properties

allow-unclassified-characters
character-set
character-set-ranges
enabled
min-character-sets

java-class

Basic properties

Use the --advanced option to access advanced properties.

allow-unclassified-characters

Synopsis

Indicates whether this password validator allows passwords to contain characters outside of any of the user-defined character sets and ranges.

Description

If this is "false", then only those characters in the user-defined character sets and ranges may be used in passwords. Any password containing a character not included in any character set or range will be rejected.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

character-set

Synopsis

Specifies a character set containing characters that a password may contain and a value indicating the minimum number of characters required from that set.

Description

Each value must be an integer (indicating the minimum required characters from the set which may be zero, indicating that the character set is optional) followed by a colon and the characters to include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz" indicates that a user password must contain at least three characters from the set of lowercase ASCII letters). Multiple character sets can be defined in separate values, although no character can appear in more than one character set.

Default value

If no sets are specified, the validator only uses the defined character ranges.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

character-set-ranges

Synopsis

Specifies a character range containing characters that a password may contain and a value indicating the minimum number of characters required from that range.

Description

Each value must be an integer (indicating the minimum required characters from the range which may be zero, indicating that the character range is optional) followed by a colon and one or more range specifications. A range specification is 3 characters: the first character allowed, a minus, and the last character allowed. For example, "3:A-Za-z0-9". The ranges in each value should not overlap, and the characters in each range specification should be ordered.

Default value

If no ranges are specified, the validator only uses the defined character sets.

Allowed values

A string.

Multi-valued

Yes

Required

No

Admin action required

None

Advanced

No

Read-only

No

enabled

Synopsis

Indicates whether the password validator is enabled for use.

Default value

None

Allowed values

true

false

Multi-valued

No

Required

Yes

Admin action required

None

Advanced

No

Read-only

No

min-character-sets

Synopsis

Specifies the minimum number of character sets and ranges that a password must contain.

Description

This property should only be used in conjunction with optional character sets and ranges (those requiring zero characters). Its value must include any mandatory character sets and ranges (those requiring greater than zero characters). This is useful in situations where a password must contain characters from mandatory character sets and ranges, and characters from at least N optional character sets and ranges. For example, it is quite common to require that a password contains at least one non-alphanumeric character as well as characters from two alphanumeric character sets (lower-case, upper-case, digits). In this case, this property should be set to 3.

Default value

The password must contain characters from each of the mandatory character sets and ranges and, if there are optional character sets and ranges, at least one character from one of the optional character sets and ranges.

Allowed values

An integer.

Lower limit: 0.

Multi-valued

No

Required

No

Admin action required

None

Advanced

No

Read-only

No

Advanced properties

Use the --advanced option to access advanced properties.

java-class

Synopsis

Specifies the fully-qualified name of the Java class that provides the password validator implementation.

Default value

org.opends.server.extensions.CharacterSetPasswordValidator

Allowed values

A Java class that extends or implements:

  • org.opends.server.api.PasswordValidator

Multi-valued

No

Required

Yes

Admin action required

The object must be disabled and re-enabled for changes to take effect.

Advanced

Yes

Read-only

No

Copyright © 2010-2024 ForgeRock, all rights reserved.