Sun OpenSSO Enterprise 8.0 Administration Guide

ProcedureTo Configure the Service

  1. Select the realm for which the Password Reset service is registered.

  2. Click the Services tab.

  3. Click Password Reset from the services list.

  4. The Password Reset attributes appear, allowing you to define requirements for the Password Reset service. Make sure that the Password Reset service is enabled (it is by default). At a minimum, the following attributes must be defined:

    • User Validation

      • Secret Question

      • Bind DN

      • Bind Password

    The Bind DN attribute must contain a user with privileges for resetting the password (for example, Help Desk Administrator). Due a limitation in Directory Server, Password Reset does not work when the bind DN is cn=Directory Manager. The remaining attributes are optional. See the online help for a description of the service attributes.

  5. Enable Force Change Password After Reset.

    This optional step is the key part for the password reset service to force the user to change their password after a password reset. If this is not enabled then password reset service will ignore the pwdreset control from the Directory Server. This particular option is meaningful only if the password policy in the Directory Server is enabled to force the users to change the password upon an administrator-controlled password reset occurrence, so you must make a configuration change for the Directory Server.

    You can enable Force Change Password After Reset globally by selecting it in the global Password Reset attributes, or you can select if for individual users by selecting a User profile, clicking on Password Reset Options, and enabling the attribute.

  6. Select the Personal Question Enabled attribute if the user is to define his/her unique personal questions. Once the attributes are defined, click Save.