OpenAM Custom Password Generator : I told you in a previous post about the OpenLDAP Password Policy Module which allows defining the password complexity rules by configuring an external file.  OpenAM-CPG is an OpenAM reset password plugin using the same configuration file rules to generate random passwords .

Lately, one of our clients having OpenLDAP wanted his OpenAM reset password module being able to generate passwords compatible with the Password Policy Module. Fortunately, OpenAM allows the administrator to define a custom class to generate random passwords. So all we had to do, is to develop a class that implements the  PasswordGenerator interface and reads the rules of generation from the OpenLDAP PPM configuration file ppm.conf.

You can find this OpenAM plugin project here :

For more information, here is it’s README file :

 OpenAM Custom Password Generator (OpenLDAP PPM Compatible) 

The CustomPasswodGenerator class is an OpenAM plugin for password generation wich is compatible with the Password Policy Module for OpenLDAP (

  • Put CustomPasswordGenerator.class in the following folder of OpenAM web application : WEB-INF/classes
  • Put ppm.conf in the following path of OpenAM web application : WEB-INF/classes/com/sun/identity/password/plugins
  • In OpenAM set the Password Reset Option value to com.sun.identity.password.plugins.CustomPasswordGenerator )

Edit ppm.conf to configure. OpenAM-CPG is compatible with the OpenLDAP Password Policy Module, wich means if you have it, you should just copy it's ppm.conf to the OpenAM web application following path : WEB-INF/classes/com/sun/identity/password/plugins.