When connecting to PingDirectory , configure the account usability control ACI for the service account on the directory server if you intend to enable self-service account unlock in any HTML Form Adapter instances that use this datastore.

  1. Create an LDIF file to capture the following ACI information.
    OID
    1.3.6.1.4.1.42.2.27.9.5.8
    Name
    Account Usability Control
    Permission
    read

    Following is an example file named aci.ldif.

    
    dn: ou=People,dc=example,dc=com
    changetype: modify
    add: aci
    aci: (targetcontrol="1.3.6.1.4.1.42.2.27.9.5.8")(version 3.0; acl "Access to the Account Usability Control"; allow (read) userdn="ldap:///uid=ServiceAccount,ou=Applications,dc=example,dc=com";)
  2. Use the ldapmodify command to configure the required ACI.
    $ ldapmodify -f <path>/aci.ldif 
    -h <host name> 
    -p <LDAP port> 
    -D <LDAP bind username> 
    -w <LDAP bind password>
                      

    (Line breaks are inserted for readability only.)