OpenDJ Restricted password list file

Tagged: 

This topic has 2 replies, 3 voices, and was last updated 5 years, 5 months ago by Rajesh R.

  • Author
    Posts
  • #15459

    Hi, We want to maintain a file which contains the list of bad passwords that we don’t want our customers to choose. Is there a way to achieve this in OpenDJ? This is not the password history related one which is specific to customer. But this Restricted list should apply basically to all DJ users.

    Any help here will be appreciated.

    Thanks,
    Anji.

    #15460
     Ludo
    Moderator

    Hi,

    Yes, OpenDJ has password validators that can be configured and enabled in password policies. One of them checks against a file (wordlist.txt). It’s name is dn: cn=Dictionary,cn=Password Validators,cn=config, and it’s disabled by default. You can change the file it checks against.

    I’ve been doing some research on lists of bad passwords and have started to build a file with about 35 000 bad passwords (either bad practice or known to be heavily used). If possible, I’d be interested in comparing such bad password files and replace the default OpenDJ wordlist with one of these files.

    • This reply was modified 5 years, 5 months ago by Ludo.
    #15472
     Rajesh R
    Participant

    @anji-yallacapitalone-com though not the specific use case that you’ve asked, I do have a screen-cast that talks about configuring Password Validators in OpenDJ. It’s based on the ForgeRock OpenDJ documentation and might give you some hints for your specific requirement:

    https://www.youtube.com/watch?v=5FCQafvq81A

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?