ODSEE - BINDs Fail with - "Exceed password retry limit. Account locked." (Doc ID 1319793.1)

Last updated on MAY 01, 2023

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 SP1 and later
Information in this document applies to any platform.

Symptoms

Oracle Directory Server Enterprise Edition 6.3 (and higher)

After enabling account lockout users are locked out permanently after exceeding the passwordMaxFailure limit.

Password Compatibility Mode is set to DS5-compat, i.e.
pwd-compat-mode : DS5-compatible-mode

For example after binding incorrectly for 5 attempts the following is recorded on the next bind -

# ldapsearch -D "uid=<TEST_USER>, ou=People, dc=<SUFFIX_DN>" -w badpassword -b dc=<SUFFIX_DN> uid=<TEST_USER> dn
ldap_simple_bind: Constraint violation
ldap_simple_bind: additional info: Exceed password retry limit. Account locked.

Changes

The issue started after enabling a new global password policy.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

ODSEE - BINDs Fail with - "Exceed password retry limit. Account locked." (Doc ID 1319793.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!