Password generators are used by OpenDJ during the LDAP password modify extended operation to construct a new password for the user. In other words, a directory administrator resetting a user's password can have OpenDJ directory server generate the new password.
$ ldappasswordmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --authzID "u:bjensen" The LDAP password modify operation was successful Generated Password: eak77qdi
The default password policy shown in Procedure 11.1, “To Adjust the Default Password Policy” uses the Random Password Generator.
$ dsconfig get-password-policy-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --policy-name "Default Password Policy" --property password-generator Property : Value(s) -------------------:-------------------------- password-generator : Random Password Generator $ dsconfig get-password-generator-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --generator-name "Random Password Generator" --property password-generator Property : Value(s) -----------------------:----------------------------------------------------- enabled : true password-character-set : alpha:abcdefghijklmnopqrstuvwxyz, numeric:0123456789 password-format : "alpha:3,numeric:2,alpha:3"
Notice that the default configuration for the Random Password Generator
defines two password-character-set values, and then uses
those definitions in the password-format so that generated
passwords have eight characters: three from the alpha set,
followed by two from the numeric set, followed by three
from the alpha set. The
password-character-set name must be ASCII.
To set the password generator that OpenDJ employs when constructing a
new password for a user, set the password-generator
property for the password policy that applies to the user.
The following example does not change the password policy, but instead changes the Random Password Generator configuration, and then demonstrates a password being generated upon reset.
$ dsconfig set-password-generator-prop --hostname opendj.example.com --port 4444 --bindDN "cn=Directory Manager" --bindPassword password --generator-name "Random Password Generator" --remove password-character-set:alpha:abcdefghijklmnopqrstuvwxyz --add password-character-set:alpha:ABCDEFGHIJKLMNOPQRSTUVWabcdefghijklmnopqrstuvwxyz --add password-character-set:punct:,./\`!@#\$%^&*:\;[]\"\'\(\)+=-_~\\ --set password-format:alpha:3,punct:1,numeric:2,punct:2,numeric:3,alpha:3,punct:2 --no-prompt $ ldappasswordmodify --port 1389 --bindDN "cn=Directory Manager" --bindPassword password --authzID "u:bjensen" The LDAP password modify operation was successful Generated Password: pld^06:)529HTq$'
If you also set up a password validator in the password policy as shown in Procedure 11.1, “To Adjust the Default Password Policy” and further described in Section 11.6, “Configuring Password Validation”, make sure the generated passwords are acceptable to the validator.
