Configuring the account usability control ACI - PingFederate

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task Product documentation Content Type Administrator Audience Software Deployment Method

When connecting to PingDirectory , configure the account usability control ACI for the service account on the directory server if you intend to enable self-service account unlock in any HTML Form Adapter instances that use this datastore.

Create an LDIF file to capture the following ACI information.

OID: 1.3.6.1.4.1.42.2.27.9.5.8
Name: Account Usability Control
Permission: read

Following is an example file named aci.ldif.


dn: ou=People,dc=example,dc=com
changetype: modify
add: aci
aci: (targetcontrol="1.3.6.1.4.1.42.2.27.9.5.8")(version 3.0; acl "Access to the Account Usability Control"; allow (read) userdn="ldap:///uid=ServiceAccount,ou=Applications,dc=example,dc=com";)

Use the ldapmodify command to configure the required ACI.

$ ldapmodify -f <path>/aci.ldif 
-h <host name> 
-p <LDAP port> 
-D <LDAP bind username> 
-w <LDAP bind password>

(Line breaks are inserted for readability only.)

Configuring the account usability control ACI - PingFederate - 10.0

PingFederate Server