From 739cc9fe3921b9f7f4f582980f61078a1c35eb33 Mon Sep 17 00:00:00 2001
From: Chris Ridd <chris.ridd@forgerock.com>
Date: Thu, 08 Nov 2012 14:11:59 +0000
Subject: [PATCH] Fix OPENDJ-620 Enhance character set password validator to understand classes like 'All non-Latin characters'

---
 opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml |   93 +++++++++++++++++++++++++++++++++++++---------
 1 files changed, 75 insertions(+), 18 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
index 69f133a..25657c2 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
@@ -24,7 +24,7 @@
   !
   !
   !      Copyright 2007-2008 Sun Microsystems, Inc.
-  !      Portions copyright 2011 ForgeRock AS
+  !      Portions Copyright 2011-2012 ForgeRock AS
   ! -->
 <adm:managed-object name="character-set-password-validator"
   plural-name="character-set-password-validators"
@@ -36,7 +36,7 @@
     <adm:user-friendly-name />
     determines whether a proposed password is acceptable by
     checking whether it contains a sufficient number of characters
-    from one or more user-defined character sets. 
+    from one or more user-defined character sets and ranges. 
   </adm:synopsis>
   <adm:description>
     For example, 
@@ -44,6 +44,18 @@
     have at least one lowercase letter, one uppercase letter, one digit,
     and one symbol.
   </adm:description>
+  <adm:constraint>
+    <adm:synopsis>
+      The <adm:user-friendly-name/> must have at least one character set
+      or range specified.
+    </adm:synopsis>
+    <adm:condition>
+      <adm:or>
+      	<adm:is-present property="character-set" />
+      	<adm:is-present property="character-set-ranges" />
+      </adm:or>
+    </adm:condition>
+  </adm:constraint>
   <adm:profile name="ldap">
     <ldap:object-class>
       <ldap:name>ds-cfg-character-set-password-validator</ldap:name>
@@ -59,7 +71,7 @@
       </adm:defined>
     </adm:default-behavior>
   </adm:property-override>
-  <adm:property name="character-set" mandatory="true"
+  <adm:property name="character-set" mandatory="false"
     multi-valued="true">
     <adm:synopsis>
       Specifies a character set containing characters that a password
@@ -76,6 +88,14 @@
       character sets can be defined in separate values, although no
       character can appear in more than one character set.
     </adm:description>
+    <adm:default-behavior>
+      <adm:alias>
+        <adm:synopsis>
+          If no sets are specified, the validator only uses the
+          defined character ranges.
+        </adm:synopsis>
+      </adm:alias>
+    </adm:default-behavior>
     <adm:syntax>
       <adm:string case-insensitive="false" />
     </adm:syntax>
@@ -85,16 +105,51 @@
       </ldap:attribute>
     </adm:profile>
   </adm:property>
+  <adm:property name="character-set-ranges" mandatory="false"
+    multi-valued="true">
+    <adm:synopsis>
+      Specifies a character range containing characters that a password
+      may contain and a value indicating the minimum number of
+      characters required from that range.
+    </adm:synopsis>
+    <adm:description>
+      Each value must be an integer (indicating the minimum required
+      characters from the range which may be zero, indicating that the
+      character range is optional) followed by a colon and one or more
+      range specifications. A range specification is 3 characters: the
+      first character allowed, a minus, and the last character allowed.
+      For example, "3:A-Za-z0-9". The ranges in each value should not
+      overlap, and the characters in each range specification should be
+      ordered.
+    </adm:description>
+    <adm:default-behavior>
+      <adm:alias>
+        <adm:synopsis>
+          If no ranges are specified, the validator only uses the
+          defined character sets.
+        </adm:synopsis>
+      </adm:alias>
+    </adm:default-behavior>
+    <adm:syntax>
+      <adm:string case-insensitive="false" />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:name>ds-cfg-character-set-ranges</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
   <adm:property name="allow-unclassified-characters" mandatory="true">
     <adm:synopsis>
       Indicates whether this password validator allows passwords to
       contain characters outside of any of the user-defined character
-      sets.
+      sets and ranges.
     </adm:synopsis>
     <adm:description>
       If this is "false", then only those characters in the user-defined
-      character sets may be used in passwords. Any password containing a 
-      character not included in any character set will be rejected.
+      character sets and ranges may be used in passwords. Any password
+      containing a  character not included in any character set or range
+      will be rejected.
     </adm:description>
     <adm:syntax>
       <adm:boolean />
@@ -107,26 +162,28 @@
   </adm:property>
   <adm:property name="min-character-sets" mandatory="false">
     <adm:synopsis>
-      Specifies the minimum number of character sets that a password must
-      contain.
+      Specifies the minimum number of character sets and ranges that a
+      password must contain.
     </adm:synopsis>
     <adm:description>
       This property should only be used in conjunction with optional character
-      sets (those requiring zero characters). Its value must include any
-      mandatory character sets (those requiring great than zero characters).
-      This is useful in situations where a password must contain characters
-      from mandatory character sets, and characters from at least N optional
-      character sets. For example, it is quite common to require that a
-      password contains at least one non-alphanumeric character as well as
-      characters from two alphanumeric character sets (lower-case,
-      upper-case, digits). In this case, this property should be set to 3.  
+      sets and ranges (those requiring zero characters). Its value must
+      include any mandatory character sets and ranges (those requiring greater
+      than zero characters). This is useful in situations where a password
+      must contain characters from mandatory character sets and ranges, and
+      characters from at least N optional character sets and ranges. For
+      example, it is quite common to require that a password contains at
+      least one non-alphanumeric character as well as characters from two
+      alphanumeric character sets (lower-case, upper-case, digits). In this
+      case, this property should be set to 3.  
     </adm:description>
   <adm:default-behavior>
     <adm:alias>
       <adm:synopsis>
         The password must contain characters from each of the mandatory
-        character sets and, if there are optional character sets, at least
-        one character from one of the optional character sets.
+        character sets and ranges and, if there are optional character sets
+        and ranges, at least one character from one of the optional character
+        sets and ranges.
       </adm:synopsis>
     </adm:alias>
   </adm:default-behavior>

--
Gitblit v1.10.0