If you forget your cn=Proxy User
password, you can recover it using
different methods.
Note:
This topic applies only to the PingDirectoryProxy server.
-
To recover your password, do any of the following:
- The PingDirectory server supports a feature
called password retirement that allows you to set a new password while allowing
the current password to remain usable for a specified period of time. This can be
used to set a new password for the account while still allowing the current
password to remain temporarily available so that existing PingDirectoryProxy server instances will still be able to use
the current password to authenticate until you can update them with the new
password. To enable password retirement, update the
password-retirement-behavior
property in the root password policy for all PingDirectory server instances to include a value ofretire-on-administrative-reset
, and set themax-retired-password-age
property to indicate how long you want the current password to remain valid after setting a new password. Then, reset the Proxy User password for all of the PingDirectory server instances, and update all of the PingDirectoryProxy server instances to use the new password in their LDAP external server configuration. - If you do not know the clear-text value for the password but you have other PingDirectoryProxy server instances set up to use that password, then you can use the encoded password value from the LDAP external server configuration entry of one of the existing PingDirectoryProxy servers when creating the LDAP external server for new PingDirectoryProxy server instances.
- Create a new root user in the directory server instances with the appropriate set of privileges and have the new PingDirectoryProxy server instance use that account to authenticate. To use the new account, update all of the other PingDirectoryProxy instances.
- The PingDirectory server supports a feature
called password retirement that allows you to set a new password while allowing
the current password to remain usable for a specified period of time. This can be
used to set a new password for the account while still allowing the current
password to remain temporarily available so that existing PingDirectoryProxy server instances will still be able to use
the current password to authenticate until you can update them with the new
password. To enable password retirement, update the