Dictionary for a password policy
You can create a dictionary for a password policy rule that rejects certain terms as passwords.
To use a dictionary for a password policy rule, you must
first create and load a dictionary.ldif
file to the Identity Manager Server.
To create a dictionary for a password policy rule:
- Using an ASCII or other plain text editor, create a dictionary
that contains the list of terms in an LDAP Data Interchange Format
(LDIF) file.
For example, create a file similar to this
dictionary.ldif
file, which specifies the domain asdc=com
:dn: erword=test,erdictionaryname=password, ou=itim, dc=com erWord: test objectclass: top objectclass: erDictionaryItem dn: erword=secret,erdictionaryname=password, ou=itim, dc=com erWord: secret objectclass: top objectclass: erDictionaryItem dn: erword=password,erdictionaryname=password, ou=itim, dc=com erWord: password objectclass: top objectclass: erDictionaryItem
Use an LDAP browser to import the
dictionary.ldif
file on to the Identity Manager Server.Load the
dictionary.ldif
file on to the IBM® Security Directory Server with one of these procedures:- Use an LDAP browser to import the
dictionary.ldif
file. - On the command prompt of the LDAP server, enter this command on
one line.
ITDS_HOME/bin/ldapadd.exe -h hostname -D cn=adminuser -w adminpwd -V 3 -f dictionary.ldif
- -h hostname
- Specifies the host name of the computer on which the LDAP server is running.
- -D cn=adminuser
- Specifies the administrator's distinguished name to bind to the LDAP directory.
- -w adminpwd
- Specifies the administrator's distinguished name password, for simple authentication.
- -V ldap_version
- Specifies the version of the LDAP protocol to use. The default value is 3, for the LDAP v3 protocol. A value of 2 uses the LDAP v2 protocol.
- -f file
- Reads the entry modification information from a file such as
dictionary.ldif
, instead of from standard input.
- Use an LDAP browser to import the
The dictionary file can now be used in the password strength rule.