Enabling Account Information tab content
The Delegated Admin GUI’s Account Information tab provides information about a user account. For Delegated Admin to display the user account information, you must enable the Password Policy State JSON
virtual attribute for the users object class. You can then configure the information that appears.
Steps
-
For each PingDirectory instance that contains users, enable the
Password Policy State JSON
virtual attribute for the users object class.You don’t need to enable this virtual attribute on PingDirectoryProxy instances.
For example, the following command enables the virtual attribute for users with the person object class, which includes users whose REST resource type structural object class is derived from person, such as
inetOrgPerson
.$ bin/dsconfig set-virtual-attribute-prop \ --name "Password Policy State JSON" \ --set enabled:true \ --set require-explicit-request-by-name:true \ --set "filter:(objectClass=person)" \ --no-prompt --applyChangeTo server-group
After you enable the virtual attribute, delegated administrative users can access account information for a user in the Delegated Admin GUI.
The Account Information tab provides account status by default. To display the last login time and the password expiration date, you must set their properties. You configure these items per password policy.
When not configured, these entries appear as follows:
- LAST LOGIN
-
Last login time not available. However, that entry is also given when the user has not logged in)
- PASSWORD EXPIRATION
-
Password expiration date has not been enabled
You can configure these items in the Administrative Console or by using the
dsconfig
tool interactively or non-interactively. The following steps use the non-interactive approach. -
Decide the password policy for which you want to enable the last login time and password expiration date.
For more information, see Managing password policies.
dsconfig list-password-policies
-
Decide whether to include the last login time.
To include the last login time, decide which property to set. You can set either of the following properties:
-
maximum-recent-login-history-successful-authentication-count
-
last-login-time-format
If you use this property, make sure the
last-login-time-attribute
has its default valueds-pwp-last-login-time
.
Values for
last-login-time-format
include:-
yyyyMMddHHmmss’Z'
for second-level accuracy -
yyyyMMdd
for day-level accuracy
-
-
Decide whether to include the password expiration date.
To include this information, set the property
max-password-age
-
Set the desired password policy properties.
Example:
$bin/dsconfig set-password-policy-prop \ --policy-name "<password_policy_name>" \ --set maximum-recent-login-history-successful-authentication-count:<count_value> \ --set "max-password-age:<password_age_value>" \ --no-prompt --applyChangeTo server-group