From f48c58b09661fd595a218ce964e1845306ba940a Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Wed, 01 Jun 2011 10:38:59 +0000
Subject: [PATCH] Fix OPENDJ-168: Enhance character set password validator to support optional character sets

---
 opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml |   38 +++++++++++++++++++++++++++++++++++++-
 1 files changed, 37 insertions(+), 1 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
index 031671d..69f133a 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/CharacterSetPasswordValidatorConfiguration.xml
@@ -24,6 +24,7 @@
   !
   !
   !      Copyright 2007-2008 Sun Microsystems, Inc.
+  !      Portions copyright 2011 ForgeRock AS
   ! -->
 <adm:managed-object name="character-set-password-validator"
   plural-name="character-set-password-validators"
@@ -67,7 +68,8 @@
     </adm:synopsis>
     <adm:description>
       Each value must be an integer (indicating the minimum required
-      characters from the set) followed by a colon and the characters to
+      characters from the set which may be zero, indicating that the
+      character set is optional) followed by a colon and the characters to
       include in that set (for example, "3:abcdefghijklmnopqrstuvwxyz"
       indicates that a user password must contain at least three
       characters from the set of lowercase ASCII letters). Multiple
@@ -103,4 +105,38 @@
       </ldap:attribute>
     </adm:profile>
   </adm:property>
+  <adm:property name="min-character-sets" mandatory="false">
+    <adm:synopsis>
+      Specifies the minimum number of character sets that a password must
+      contain.
+    </adm:synopsis>
+    <adm:description>
+      This property should only be used in conjunction with optional character
+      sets (those requiring zero characters). Its value must include any
+      mandatory character sets (those requiring great than zero characters).
+      This is useful in situations where a password must contain characters
+      from mandatory character sets, and characters from at least N optional
+      character sets. For example, it is quite common to require that a
+      password contains at least one non-alphanumeric character as well as
+      characters from two alphanumeric character sets (lower-case,
+      upper-case, digits). In this case, this property should be set to 3.  
+    </adm:description>
+  <adm:default-behavior>
+    <adm:alias>
+      <adm:synopsis>
+        The password must contain characters from each of the mandatory
+        character sets and, if there are optional character sets, at least
+        one character from one of the optional character sets.
+      </adm:synopsis>
+    </adm:alias>
+  </adm:default-behavior>
+  <adm:syntax>
+      <adm:integer />
+    </adm:syntax>
+    <adm:profile name="ldap">
+      <ldap:attribute>
+        <ldap:name>ds-cfg-min-character-sets</ldap:name>
+      </ldap:attribute>
+    </adm:profile>
+  </adm:property>
 </adm:managed-object>

--
Gitblit v1.10.0