<?xml version="1.0" encoding="UTF-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
! add the following below this CDDL HEADER, with the fields enclosed
|
! by brackets "[]" replaced with your own identifying information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2008 Sun Microsystems, Inc.
|
! Portions Copyright 2011 profiq, s.r.o.
|
! Portions copyright 2012 ForgeRock AS.
|
! -->
|
<adm:managed-object name="dictionary-password-validator"
|
plural-name="dictionary-password-validators"
|
package="org.opends.server.admin.std" extends="password-validator"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name />
|
determines whether a proposed password is acceptable based
|
on whether the given password value appears in a provided dictionary
|
file.
|
</adm:synopsis>
|
<adm:description>
|
A large dictionary file is provided with the server, but the
|
administrator can supply an alternate dictionary. In this case,
|
then the dictionary must be a plain-text file with
|
one word per line.
|
</adm:description>
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-dictionary-password-validator</ldap:name>
|
<ldap:superior>ds-cfg-password-validator</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property-override name="java-class" advanced="true">
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
org.opends.server.extensions.DictionaryPasswordValidator
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
</adm:property-override>
|
<adm:property name="dictionary-file" mandatory="true">
|
<adm:synopsis>
|
Specifies the path to the file containing a list of words that
|
cannot be used as passwords.
|
</adm:synopsis>
|
<adm:description>
|
It should be formatted with one word per line. The value can be an
|
absolute path or a path that is relative to the
|
<adm:product-name />
|
instance root.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>
|
For Unix and Linux systems: config/wordlist.txt.
|
For Windows systems: config\\wordlist.txt
|
</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string>
|
<adm:pattern>
|
<adm:regex>.*</adm:regex>
|
<adm:usage>FILE</adm:usage>
|
<adm:synopsis>
|
The path to any text file contained on the system that is
|
readable by the server.
|
</adm:synopsis>
|
</adm:pattern>
|
</adm:string>
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-dictionary-file</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="case-sensitive-validation" mandatory="true">
|
<adm:synopsis>
|
Indicates whether this password validator is to treat password
|
characters in a case-sensitive manner.
|
</adm:synopsis>
|
<adm:description>
|
If it is set to true, then the validator rejects a password only
|
if it appears in the dictionary with exactly the
|
same capitalization as provided by the user.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-case-sensitive-validation</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="test-reversed-password" mandatory="true">
|
<adm:synopsis>
|
Indicates whether this password validator is to test the reversed
|
value of the provided password as well as the order in which it
|
was given.
|
</adm:synopsis>
|
<adm:description>
|
For example, if the user provides a new password of
|
"password" and this configuration attribute is set to true, then
|
the value "drowssap" is also tested against attribute values
|
in the user's entry.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-test-reversed-password</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="check-substrings" mandatory="false">
|
<adm:synopsis>
|
Indicates whether this password validator is to match portions of
|
the password string against dictionary words.
|
</adm:synopsis>
|
<adm:description>
|
If "false" then only match the entire password against words
|
otherwise ("true") check whether the password contains words.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>true</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-check-substrings</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="min-substring-length" mandatory="false">
|
<adm:synopsis>
|
Indicates the minimal length of the substring within the password
|
in case substring checking is enabled.
|
</adm:synopsis>
|
<adm:description>
|
If "check-substrings" option is set to true, then this parameter
|
defines the length of the smallest word which should be used for
|
substring matching. Use with caution because values below 3 might
|
disqualify valid passwords.
|
</adm:description>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>5</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-min-substring-length</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
</adm:managed-object>
|
