OID 11g Account Locked Incorrectly with Ldapcompare, Login Failure Counter is Not Reset After Successful Authentication (Doc ID 1357202.1)

Last updated on SEPTEMBER 22, 2016

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
ldapcompare, orclpwdtracklogin, pwdmaxage, account lock


Symptoms

OID 11g version
Passing wrong password for user in ldap compare or in application login multiple times, the account is locked according to password policy.

If passing wrong password and then the correct password and again wrong password, the failure counter is not updated in OID.
For example:
a. Create password policy and allow wrong password 3 times.
b. Run ldapcompare 2 times with wrong password
c. Run ldapcompare with correct password
d. Run ldapcompare 1 time with wrong password
e. The account is locked.

Changes

Issue is specific to 11g OID versions. In previous releases, 10.1.4, the above example worked correctly, i.e. on step c. the failure counter reset to 0, and on steps d. e. account is not locked.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms