| Sun ONE Identity Server 6.1 Administration Guide |
Chapter 33
Password Reset Service AttributesThe Password Reset Service attributes are organization attributes. The values applied to them under Service Configuration become the default values for the Password Reset Service in a given organization. Organization attributes are not inherited by entries in the subtrees of the organization.
The Password Reset attributes are:
User Validation
This attribute specifies the value that is used to search for the user whose password is to be reset.
Secret Question
This field allows you to add a list of questions that the user can use to reset his/her password. To add a question, type it in the Secret Question filed and click Add. The selected questions will appear in the user’s User Profile page. The user can then select a question for resetting the password.
Users may create their own question if the Personal Question Enabled attribute is selected.
Search Filter
This attribute specifies the search filter to be used to find user entries.
Base DN
This attribute specifies the DN from which the user search will start. If no DN is specified, the search will start from the organization DN. You should not use cn=directorymanager as the base DN, due to proxy authentication conflicts.
Bind DN
This attribute value is used with Bind Password to reset the user password.
Bind Password
This attribute value is used with Bind DN to reset the user password.
Password Reset Option
This attribute determines the classname for resetting the password. The default classname is:
com.sun.identity.password.RandomPasswordGenerator
The password reset class can be customized through a plug-in. This class needs to be implemented by the PasswordGenerator interface. See the Sun ONE Identity Server Customization and API Guide for more information.
Password Change Notification Option
This attribute determines the method for user notification of password resetting. The default classname is:
com.sun.identity.password.EmailPassword
The password notification class can be customized through a plugin. This class needs to be implemented by the NotifyPassword interface. See the Sun ONE Identity Server Customization and API Guide for more information.
Password Reset Enabled
Selecting this attribute will enable the password reset feature.
Personal Question Enabled
Selecting this attribute will allow a user to create a unique question for password resetting.
Number of Questions
This value specifies the maximum number of questions to be asked in the password reset page.
Password Reset Failure Lockout Count
This attributes defines the number of attempts that a user may try to reset password, within the time interval defined in Password Reset Failure Lockout Interval, before being locked out.
For example, if Password Reset Failure Lockout Count is set to 5 and Login Failure Lockout Interval is set to 5 minutes, the user has five chances within five minutes to reset the password before being locked out.
Password Reset Failure Lockout Interval (minutes)
This attribute defines (in minutes) the amount of time in which the number of password reset attempts (as defined in Password Reset Failure Lockout Count) can be completed, before being locked out.
Email Address to Send Lockout Notification
This attribute specifies an email address that will receive notification if a user is locked out from the Password Reset service. Specify multiple email address in a space-separated list.
Warn User After N Failure
This attribute specifies the number of password reset failures that can occur before Identity Server sends a warning message that user will be locked out.
Password Reset Failure Lockout Duration (minutes)
This attribute defines (in minutes) the duration that user will not be able to attempt a password reset if a lockout has occurred.
Password Reset Failure Lockout Mode
This attribute specifies whether to disallow users to reset their password if that user initially fails to reset the password using the Password Reset application. By default, this feature is not enabled.
Password Reset Lockout Attribute Name
This attribute contains the inetuserstatus value that is set in Password Reset Lockout Attribute Value. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.
Password Reset Lockout Attribute Value
This attribute specifies the inetuserstatus value (contained in Password Reset Lockout Attribute Name) of the user status, as either active or inactive. If a user is locked out from Password Reset, and the Password Reset Failure Lockout Duration (minutes) variable is set to 0, inetuserstatus will be set to inactive, prohibiting the user from attempting to reset his or her password.
