When connecting to PingDirectory or Oracle Directory Server, configure proxied authorization for the service account on the directory server if you intend to enable self-service password reset in any HTML Form Adapter instances that use this datastore. By doing so, users are not allowed to reset their passwords if their accounts have been disabled or if they have not been granted the permission to change their passwords.
Refer to the following resources to configure proxied authorization for the service account.
- For PingDirectory, see Working with Proxied Authorization in the PingDirectory Administration Guide.
- For Oracle Directory Server, go to Oracle's Oracle Fusion Middleware Deployment Planning Guide and search for Proxy Authorization.
- For Oracle Unified Directory, go to Oracle's online guide Fusion Middleware Administering Oracle Unified Directory and search for proxied authorization control in its glossary .
Note that Microsoft Active Directory does not support proxied authorization (see the Microsoft Active Directory Technical Specification at msdn.microsoft.com/library/cc223358.aspx).
For general information about proxied authorization, please refer to RFC4370.