Consider the following points when upgrading your version of Delegated Admin.
Considerations
Perform the following steps to enable the Initiate Password Reset menu option on user entries. This feature is enabled for new installs via the delegated-admin.dsconfig script run on install.
- Run the following command to enable the plugin needed for triggering Initiate
Password
Reset:
dsconfig set-plugin-prop \ --plugin-name "Modifiable Password Policy State Plugin" \ --set enabled:true --set "base-dn:${searchbasedn}" \ --set "filter:(|(objectClass=person)(objectClass=ds-cfg-user))"
- Run the following command to add a DA attribute to the users rest type for
ds-pwp-modifiable-state-json:
dsconfig create-delegated-admin-attribute \ --type-name users \ --attribute-type ds-pwp-modifiable-state-json \ --set "display-name:Modifiable Password Policy State" \ --set display-order-index:9999
To use the functionality where a help desk agent can trigger a password reset for a user, the Modifiable Password Policy State Plugin must be enabled on the Directory Server that serves as a resource backend.
When you install Delegated Admin 4.6, this plugin is enabled. If you are upgrading from a previous version of Delegated Admin, you must manually enable the plugin and add the ds-pwp-modifiable-state-json attribute as a Delegated Admin attribute.