Excluding specific passwords

We can configure the system to prevent users from using specific words as passwords for their accounts.

Specified words are stored in a password dictionary in the LDAP Directory Server. This password dictionary contains a list of words that cannot be used as passwords. This dictionary can be modified through an LDAP browser by creating erDictionaryItem entries under the erDictionaryName=password entry. Alternatively, you can import an LDIF file with the entries listed into the Directory Server. The following is an example of an LDIF file with various words to exclude as passwords listed:

dn: erword=apple, erdictionaryname=password, ou=itim, dc=com
objectClass: top
objectClass: erdictionaryitem
erWord: apple

dn: erword=orange, erdictionaryname=password, ou=itim, dc=com
objectClass: top
objectClass: erdictionaryitem
erWord: orange

The only value that must be modified is the erword value. The erword value specifies the word that is not allowed to be used as a password.

After the password dictionary is populated with the wanted words, the password policies must be modified to use the dictionary. After importing the LDIF file, select the Do not allow in dictionary check box on the Rules page of password policies.

Parent topic: Password administration