PingDirectoryProxy Server - PingDirectory

PingDirectoryProxy Server - PingDirectory - 8.2

PingDirectory

bundle

pingdirectory-82

ft:publication_title

PingDirectory

Product_Version_ce

PingDirectory 8.2

category

Product

pd-82

pingdirectory

ContentType_ce

Page created: 22 Jul 2020 |

Page updated: 1 Feb 2021

| 1 min read

8.2 Product PingDirectory Directory Capability Delegated Administration Product documentation Content Type Administration User task Installation IT Operations Audience Software Deployment Method IT Administrator Administrator System Administrator

If you are installing Delegated Admin on PingDirectoryProxy Server, you must configure the Proxy instance using the delegated-admin.dsconfig script as described in All locations except replicated PingDirectory Server instances.

In addition, you must perform the following steps to configure all instances of PingDirectory Server.

Modify delegated-admin.dsconfig by commenting out the following section:
```
*"Create an email account status notification handler for user creation."
```
This modified file is run on PingDirectoryProxy Server.
Copy the batch file delegated-admin.dsconfig and name it something similar to copy-of-delegated-admin.dsconfig and open the copy in a text editor.
Remove the following elements and sections from the file:
- Web-application-extension Delegator
- Access-token-validator PingFederateValidator
- Definition rest-resource-type
- Definition delegated-admin-rights
Leave the following configuration elements in the copy exactly as they are configured on PingDirectoryProxy Server. These should be the only elements remaining in the copy:
- Create an email account status notification handler for user creation (create-request-criteria and create-account-status-notification-handler).
- Virtual-attribute Delegated Admin Privilege (set-virtual-attribute-prop)
- Global ACI Authenticated access to the multi-update extended request for the Delegated Admin API (set-access-control-handler-prop)
- Global ACI Authenticated access to the no-op request control for the Delegated Admin API (set-access-control-handler-prop)
Save your changes to the copy.
For each PingDirectory Server instance, copy the PingDirectoryProxy/webapps/delegator/delegated-admin-account-created.template template to the PingDirectory/config/account-status-notification-email-templates/ directory.
Apply the commands from the copy of the batch file to all instances of PingDirectory Server as follows (for this example the copy is assumed to be named copy-of-delegated-admin.dsconfig):
```
$ ./bin/dsconfig \
--bindDN "cn=Directory Manager" \
--no-prompt \
--batch-file webapps/delegator/copy-of-delegated-admin.dsconfig \
--applyChangeTo server-group
```