Use constraints to enforce max-password-length >= min-password-length The is used to determine whether a proposed password is acceptable based on whether the number of characters it contains falls within an acceptable range of values. ds-cfg-length-based-password-validator ds-cfg-password-validator org.opends.server.extensions.LengthBasedPasswordValidator Specifies the maximum number of characters that may be included in a proposed password. A value of zero indicates that there will be no upper bound enforced. 0 ds-cfg-max-password-length Specifies the minimum number of characters that must be included in a proposed password. A value of zero indicates that there will be no lower bound enforced. 1 ds-cfg-min-password-length