Setting Password Expiration Time and Adding Validators
Some policies require that you set validators as well as properties. For example, assume that you want to set up the default password policy as follows:
• User passwords expire every 120 days
Use the max-password-age property to set this.
• The password must be at least six characters long and with at least three unique characters
Use the Length-Based Password Validator property to set the minimum length and the Unique Characters property to set the number of unique characters.
To set the password expiration time and add the length-based password validator and the unique character validator to the default password policy, enter the following commands:
dsconfig set-password-validator-prop
--validator-name "Length-Based Password Validator"
--set enabled:true --set min-password-length:6
--hostname localhost --port 4444 --bindDN "cn=Manager"
--bindPassword "admin" --no-prompt --trustAll
dsconfig set-password-validator-prop
--validator-name "Unique Characters"
--set enabled:true --set min-unique-characters:3
--hostname localhost --port 4444 --bindDN "cn=Manager"
--bindPassword "admin" --no-prompt --trustAll
dsconfig set-password-policy-prop
--policy-name "Default Password Policy"
--add "password-validator:Length-Based Password Validator"
--add "password-validator:Unique Characters"
--set "max-password-age:120 d"
--hostname localhost --port 4444 --bindDN "cn=Manager"
--bindPassword "admin" --no-prompt --trustAll