These are new features for this release of the Delegated Administration application:

  • The Delegated Administration application is designed so that delegated administrative users don't need to understand the underlying technology supporting the account management features, i.e., LDAP. The Delegated Administration application allows for resource types to be configured to link to other entries within the system. These links can now be used to view and modify referenced entry allowing for a simpler interface to manage the entire entry.
  • Delegated administrative users need the ability to assist users with account and password issues. This version of the Delegated Administration application improves account management by allowing administrators to view specific information about an account, such as the last time the password was changed, the assigned password policy, and the history of recent login attempts. The configuration of the assigned password policy determines what information is available.
  • Many businesses have developed precise processes to handle password changes for their users. Delegated administrative users can now trigger a password reset process for a user. This process would trigger the existing process that would invoke the self service password reset process defined by the business.

Upgrade considerations

Upgrade considerations are no longer part of the release notes. That information is now in Upgrade considerations.

Known issues and limitations

The following are known issues and limitations of this release:

  • Unable to Download User Report within PingCloud or when DA is deployed on a separate server. This issue is corrected by exposing the Content-Disposition header in the Delegated Admin servlet's CORS policy. To apply this change, run the following dsconfig command.

    dsconfig set-http-servlet-cross-origin-policy-prop \
        --policy-name "Delegated Admin Cross-Origin Policy"  \
        --set cors-exposed-headers:Content-Disposition
  • Delegated Admin ACIs are deleted via replication. You can work around this issue by waiting for the server to finish rebooting, or by making a configuration change within delegated admin that would trigger the regeneration of the ACIs from a server that is still up.
  • There is an issue triggering the Self Service Password Reset in Delegated Admin when deployed on Proxy server. This can be corrected by adding the password reset privilege to the user requiring the privilege. The following is an example ldif command that would make the correction.

    bin/ldapmodify <<+
    dn: uid=YourUser,ou=People,dc=example,dc=com
    changetype: modify
    add: ds-privilege-name
    ds-privilege-name: password-reset
  • For resource types that use a reference attribute to another entry, regardless of whether the target entry is of the same resource type, if the distinguished name (DN) of the targeted entry is modified, entries that reference the targeted entry will no longer have a valid link to the entry.

Resolved issues

The following issues have been resolved with this release of Delegated Admin 4.6.

Ticket ID Description


Fixed an issue where Delegated Admin 4.2.0 had an intermittent, infinite spinner issue when signing on.


Fixed an issue where in versions 4.2.0-4.4.0, Delegated Admin produced an error on edit or create of resource types that contained an attribute with an unrecognized data type. For supported data types, see Configuring attributes and attribute search on PingDirectory Server. Delegated Admin 4.4.1 addresses this error.


Fixed an issue where a locked user account showed as locked in the search view, but the DA UI was showing it as unlocked (or enabled in the UI) when editing that user account.