Configuring the Directory Server
Before you can configure OpenSSO Enterprise for administrator-initiated password reset, you must configure the Directory Server must to meet the following conditions:
-
A password policy is configured and assigned to the test user's LDAP profile in the directory server. The password policy should have the following controls set:
- Enable Account Lockout
-
LDAP attribute: passwordLockout
- Failures Before Lockout
-
LDAP attribute: passwordMaxFailure
- Failure Count Reset
-
LDAP attribute: passwordResetFailureCount
- Set Limit on Lockout Duration
-
LDAP attribute: passwordUnlock
- Lockout Duration
-
LDAP attribute: passwordLockoutDuration
-
The passwordPolicySubentry attribute in the test user's LDAP profile is set with the DN of the password policy. This indicates that the that the password policy has been assigned to this user. Example:
cn=idm_integration,dc=sun,dc=com
See the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guidefor detailed instructions on configuring these settings.
- © 2010, Oracle Corporation and/or its affiliates