directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Can you help me writing a custom password validator for apacheds
Date Fri, 03 Jul 2015 09:33:17 GMT
Le 03/07/15 10:52, Luv Gupta a écrit :
> Hi ,
>
> Can you help me writing a custom password validator for ApacheDS for some
> complexity validations for the password like enforcing one lowercase
> letter, one uppercase letter, one numeric and one special character,

Short answer : you have to implement the PasswordValidator interface
[1]. Put your check into the validate() method.

Once you have implemented this class, you have to tell the server to use
it : there is an ads-pwdValidator attribute that should contain the FQCN
of your implementation. An exemple is :

dn:
ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectClass: top
objectClass: ads-base
objectClass: ads-passwordPolicy
ads-pwdId: default
ads-pwdSafeModify: FALSE
ads-pwdMaxAge: 0
ads-pwdFailureCountInterval: 30
ads-pwdAttribute: userPassword
ads-pwdMaxFailure: 5
ads-pwdLockout: TRUE
ads-pwdMustChange: FALSE
ads-pwdLockoutDuration: 0
ads-pwdMinLength: 5
ads-pwdInHistory: 5
ads-pwdExpireWarning: 600
ads-pwdMinAge: 0
ads-pwdAllowUserChange: TRUE
ads-pwdGraceAuthNLimit: 5
ads-pwdCheckQuality: 1
ads-pwdMaxLength: 0
ads-pwdGraceExpire: 0
ads-pwdMinDelay: 0
ads-pwdMaxDelay: 0
ads-pwdMaxIdle: 0
ads-pwdValidator:
org.apache.directory.server.core.api.authn.ppolicy.DefaultPasswordValidator
ads-enabled: TRUE


Note : you *must* activate the PasswordPolicy interceptor.

[1]
http://svn.apache.org/viewvc/directory/apacheds/trunk/core-api/src/main/java/org/apache/directory/server/core/api/authn/ppolicy/PasswordValidator.java?view=markup




Mime
View raw message