To Test Administrator-Initiated Password Reset

Before You Begin

The Directory Server must have logging and auditing features enabled. Use these features to monitor the Directory Server audit log as you complete the test. See the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide .

1. Log in as the Directory Administrator, and change the password for a test user.

   This simulates the password reset by a HelpDesk administrator.

2. Verify that the user's userPassword attribute was modified, and that the pwdreset attribute was set to TRUE using the audit log.

   The pwdreset attribute will force the user to change the password at the next login. The audit log might resemble this sample:

   time: 20090713074720
   dn: uid=idmuser1,dc=sun,dc=com
   changetype: modify
   replace: userPassword
   userPassword: {SSHA}4Bgy/HF9SGN9nnS4Ii6/KJj9ktFdAxQUIDvwVQ==
   -
   replace: modifiersname
   modifiersname: cn=admin,cn=administrators,cn=dscc
   -
   replace: modifytimestamp
   modifytimestamp: 20090713144720Z
   -
   replace: passwordexpirationtime
   passwordexpirationtime: 19700101000000Z
   -
   replace: pwdreset
   pwdreset: TRUE

3. Access the Identity Manager user URL.

   You are redirected to OpenSSO Enterprise for login.

4. Enter the test user name and password.

   You are redirected to Identity Manager to change your password. Note the following about the Identity Manager URL:

   • The URL is the one configured in ChangePassword.jsp.

   • The user is forwarded to the value of the goto parameter after the password has been successfully changed.

   • The value of the accountId parameter determines the account for which the password needs to be changed. Identity Manager will make the changes to the password on both Identity Manager and OpenSSO Enterprise.