From be2a4753d04b9c7efa0a2e5444c7de73fd1e5ee0 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Wed, 19 Dec 2012 16:14:49 +0000
Subject: [PATCH] Fix OPENDJ-665 Attribute Value Password Validator should implement check-substrings

---
 opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml |   49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 49 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
index ca4c751..658d772 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/AttributeValuePasswordValidatorConfiguration.xml
@@ -24,6 +24,7 @@
   !
   !
   !      Copyright 2007-2008 Sun Microsystems, Inc.
+  !      Portions Copyright 2012 ForgeRock, AS.
   ! -->
 <adm:managed-object name="attribute-value-password-validator"
   plural-name="attribute-value-password-validators"
@@ -79,6 +80,54 @@
       </ldap:attribute>
     </adm:profile>
   </adm:property>
+  <adm:property name="check-substrings" mandatory="false">
+    <adm:synopsis>
+      Indicates whether this password validator is to match portions of
+      the password string against attribute values.
+    </adm:synopsis>
+    <adm:description>
+      If "false" then only match the entire password against attribute values
+      otherwise ("true") check whether the password contains attribute values. 
+    </adm:description>
+    <adm:default-behavior>
+      <adm:defined>
+        <adm:value>true</adm:value>
+      </adm:defined>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:boolean />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:name>ds-cfg-check-substrings</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
+  <adm:property name="min-substring-length" mandatory="false">
+    <adm:synopsis>
+      Indicates the minimal length of the substring within the password
+      in case substring checking is enabled.
+    </adm:synopsis>
+    <adm:description>
+      If "check-substrings" option is set to true, then this parameter
+      defines the length of the smallest word which should be used for
+      substring matching. Use with caution because values below 3 might
+      disqualify valid passwords.
+    </adm:description>
+    <adm:default-behavior>
+      <adm:defined>
+        <adm:value>5</adm:value>
+      </adm:defined>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:integer />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:name>ds-cfg-min-substring-length</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
   <adm:property name="test-reversed-password" mandatory="true">
     <adm:synopsis>
       Indicates whether this password validator should test the reversed

--
Gitblit v1.10.0