Configuration Reference Home
OpenDJ - Dictionary Password Validator

Dictionary Password Validator

The Dictionary Password Validator determines whether a proposed password is acceptable based on whether the given password value appears in a provided dictionary file.

A large dictionary file is provided with the server, but the administrator can supply an alternate dictionary. In this case, then the dictionary must be a plain-text file with one word per line.

Parent Component

The Dictionary Password Validator component inherits from the Password Validator

Properties

A description of each property follows.


Basic Properties: Advanced Properties:
↓ case-sensitive-validation ↓ java-class
↓ check-substrings
↓ dictionary-file
↓ enabled
↓ min-substring-length
↓ test-reversed-password

Basic Properties

case-sensitive-validation

Description
Indicates whether this password validator is to treat password characters in a case-sensitive manner. If it is set to true, then the validator rejects a password only if it appears in the dictionary with exactly the same capitalization as provided by the user.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

check-substrings

Description
Indicates whether this password validator is to match portions of the password string against dictionary words. If "false" then only match the entire password against words otherwise ("true") check whether the password contains words.
Default Value
true
Allowed Values
true
false
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

dictionary-file

Description
Specifies the path to the file containing a list of words that cannot be used as passwords. It should be formatted with one word per line. The value can be an absolute path or a path that is relative to the OpenDJ instance root.
Default Value
For Unix and Linux systems: config/wordlist.txt. For Windows systems: config\wordlist.txt
Allowed Values
The path to any text file contained on the system that is readable by the server.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

enabled

Description
Indicates whether the password validator is enabled for use.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No

min-substring-length

Description
Indicates the minimal length of the substring within the password in case substring checking is enabled. If "check-substrings" option is set to true, then this parameter defines the length of the smallest word which should be used for substring matching. Use with caution because values below 3 might disqualify valid passwords.
Default Value
5
Allowed Values
An integer value. Lower value is 0.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No

test-reversed-password

Description
Indicates whether this password validator is to test the reversed value of the provided password as well as the order in which it was given. For example, if the user provides a new password of "password" and this configuration attribute is set to true, then the value "drowssap" is also tested against attribute values in the user's entry.
Default Value
true
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No


Advanced Properties

java-class

Description
Specifies the fully-qualified name of the Java class that provides the password validator implementation.
Default Value
org.opends.server.extensions.DictionaryPasswordValidator
Allowed Values
A java class that implements or extends the class(es) :
org.opends.server.api.PasswordValidator
Multi-valued
No
Required
Yes
Admin Action Required
The Dictionary Password Validator must be disabled and re-enabled for changes to this setting to take effect
Advanced Property
Yes
Read-only
No