Before you can configure OpenSSO Enterprise for administrator-initiated password reset, you must configure the Directory Server must to meet the following conditions:
A password policy is configured and assigned to the test user's LDAP profile in the directory server. The password policy should have the following controls set:
LDAP attribute: passwordLockout
LDAP attribute: passwordMaxFailure
LDAP attribute: passwordResetFailureCount
LDAP attribute: passwordUnlock
LDAP attribute: passwordLockoutDuration
The passwordPolicySubentry attribute in the test user's LDAP profile is set with the DN of the password policy. This indicates that the that the password policy has been assigned to this user. Example:
cn=idm_integration,dc=sun,dc=com
See the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guidefor detailed instructions on configuring these settings.