ODSEE - BINDs Fail with - "Exceed password retry limit. Account locked."
(Doc ID 1319793.1)
Last updated on JANUARY 30, 2022
Applies to:
Oracle Directory Server Enterprise Edition - Version 6.3 SP1 and laterInformation in this document applies to any platform.
Symptoms
Oracle Directory Server Enterprise Edition 6.3 (and higher)
After enabling account lockout users are locked out permanently after exceeding the passwordMaxFailure limit.
Password Compatibility Mode is set to DS5-compat, i.e.
pwd-compat-mode : DS5-compatible-mode
For example after binding incorrectly for 5 attempts the following is recorded on the next bind -
# ldapsearch -D "uid=<TEST_USER>, ou=People, dc=<SUFFIX_DN>" -w badpassword -b dc=<SUFFIX_DN> uid=<TEST_USER> dn
ldap_simple_bind: Constraint violation
ldap_simple_bind: additional info: Exceed password retry limit. Account locked.
ldap_simple_bind: Constraint violation
ldap_simple_bind: additional info: Exceed password retry limit. Account locked.
Changes
The issue started after enabling a new global password policy.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |