My Oracle Support Banner

ODSEE - BINDs Fail with - "Exceed password retry limit. Account locked." (Doc ID 1319793.1)

Last updated on MAY 01, 2023

Applies to:

Oracle Directory Server Enterprise Edition - Version 6.3 SP1 and later
Information in this document applies to any platform.


Oracle Directory Server Enterprise Edition 6.3 (and higher)

After enabling account lockout users are locked out permanently after exceeding the passwordMaxFailure limit.

Password Compatibility Mode is set to DS5-compat, i.e.
pwd-compat-mode : DS5-compatible-mode

For example after binding incorrectly for 5 attempts the following is recorded on the next bind -

# ldapsearch -D "uid=<TEST_USER>, ou=People, dc=<SUFFIX_DN>" -w badpassword -b dc=<SUFFIX_DN> uid=<TEST_USER> dn
ldap_simple_bind: Constraint violation
ldap_simple_bind: additional info: Exceed password retry limit. Account locked.


The issue started after enabling a new global password policy.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.