This topic has 4 replies, 2 voices, and was last updated 4 years, 10 months ago by 
-
Posts
-
Hi,
I enable this password validator with “ds-cfg-min-password-difference: 3”, how to check if it works??
Regards,
DarioHi,
In the documentation for the Similarity Based Password Validator, https://backstage.forgerock.com/static/docs/opendj/3.5/configref/similarity-based-password-validator.html, there’s a description of how it works, and how you need to change the password policy configuration when you use it:
it uses the Levenshtein Distance algorithm to determine the minimum number of changes (where a change may be inserting, deleting, or replacing a character) to transform one string into the other. It can be used to prevent users from making only minor changes to their current password when setting a new password. Note that for this password validator to be effective, it is necessary to have access to the user’s current password. Therefore, if this password validator is to be enabled, the password-change-requires-current-password attribute in the password policy configuration must also be set to true.
Hi Mark,
thanks for reply.
I set password-change-requires-current-password at true, for updating password with this configuration what kind of operation should I do client side??Regards,
DarioFor example, update the Default Password Policy to use the default configuration of the Similarity-Based Password Validator. The default setting for
min-password-differenceis 3.Then try some examples.
Confirm the initial password:
# Babs Jensen's first password is hifalutin: $ ldapsearch -D uid=bjensen,ou=people,dc=example,dc=com -w hifalutin -p 1389 -b dc=example,dc=com uid=bjensen userPassword dn: uid=bjensen,ou=People,dc=example,dc=com userPassword: {SSHA}Ow5mYXV6uvB29dQJnQV3VSP/bAMEnERgHMZ3Kw==Check that a password modify with a very similar password fails:
$ ldappasswordmodify -p 1389 --authzID dn:uid=bjensen,ou=people,dc=example,dc=com --currentPassword hifalutin --newPassword hifailutin The LDAP password modify operation failed: 19 (Constraint Violation) Additional Information: The provided new password failed the validation checks defined in the server: The provided password differs less than the minimum required difference of 3 charactersTry again with a password that differs by at least 3 characters:
$ ldappasswordmodify -p 1389 --authzID dn:uid=bjensen,ou=people,dc=example,dc=com --currentPassword hifalutin --newPassword hifalutin123 The LDAP password modify operation was successful
You must be logged in to reply to this topic.
