This topic applies only to the PingDirectoryProxy server.

  • To recover your password, do any of the following:
    • The PingDirectory server supports a feature called password retirement that allows you to set a new password while allowing the current password to remain usable for a specified period of time. This can be used to set a new password for the account while still allowing the current password to remain temporarily available so that existing PingDirectoryProxy server instances will still be able to use the current password to authenticate until you can update them with the new password. To enable password retirement, update the password-retirement-behavior property in the root password policy for all PingDirectory server instances to include a value of retire-on-administrative-reset, and set the max-retired-password-age property to indicate how long you want the current password to remain valid after setting a new password. Then, reset the Proxy User password for all of the PingDirectory server instances, and update all of the PingDirectoryProxy server instances to use the new password in their LDAP external server configuration.
    • If you do not know the clear-text value for the password but you have other PingDirectoryProxy server instances set up to use that password, then you can use the encoded password value from the LDAP external server configuration entry of one of the existing PingDirectoryProxy servers when creating the LDAP external server for new PingDirectoryProxy server instances.
    • Create a new root user in the directory server instances with the appropriate set of privileges and have the new PingDirectoryProxy server instance use that account to authenticate. To use the new account, update all of the other PingDirectoryProxy instances.