Sun OpenSSO Enterprise 8.0 Integration Guide

ProcedureTo Test Administrator-Initiated Password Reset

Before You Begin

The Directory Server must have logging and auditing features enabled. Use these features to monitor the Directory Server audit log as you complete the test. See the Sun Java System Directory Server Enterprise Edition 6.3 Administration Guide .

  1. Log in as the Directory Administrator, and change the password for a test user.

    This simulates the password reset by a HelpDesk administrator.

  2. Verify that the user's userPassword attribute was modified, and that the pwdreset attribute was set to TRUE using the audit log.

    The pwdreset attribute will force the user to change the password at the next login. The audit log might resemble this sample:

    time: 20090713074720
    dn: uid=idmuser1,dc=sun,dc=com
    changetype: modify
    replace: userPassword
    userPassword: {SSHA}4Bgy/HF9SGN9nnS4Ii6/KJj9ktFdAxQUIDvwVQ==
    replace: modifiersname
    modifiersname: cn=admin,cn=administrators,cn=dscc
    replace: modifytimestamp
    modifytimestamp: 20090713144720Z
    replace: passwordexpirationtime
    passwordexpirationtime: 19700101000000Z
    replace: pwdreset
    pwdreset: TRUE
  3. Access the Identity Manager user URL.

    You are redirected to OpenSSO Enterprise for login.

  4. Enter the test user name and password.

    You are redirected to Identity Manager to change your password. Note the following about the Identity Manager URL:

    • The URL is the one configured in ChangePassword.jsp.

    • The user is forwarded to the value of the goto parameter after the password has been successfully changed.

    • The value of the accountId parameter determines the account for which the password needs to be changed. Identity Manager will make the changes to the password on both Identity Manager and OpenSSO Enterprise.