When connecting to PingDirectory or Oracle Directory Server, configure proxied authorization for the service account on the directory server if you intend to enable self-service password reset in any HTML Form Adapter instances that use this datastore. By doing so, users are not allowed to reset their passwords if their accounts have been disabled or if they have not been granted the permission to change their passwords.

Refer to the following resources to configure proxied authorization for the service account.

Note that Microsoft Active Directory does not support proxied authorization (see the Microsoft Active Directory Technical Specification at msdn.microsoft.com/library/cc223358.aspx).

For general information about proxied authorization, please refer to RFC4370.