My Oracle Support Banner

OID 11g Account Locked Incorrectly with Ldapcompare, Login Failure Counter is Not Reset After Successful Authentication (Doc ID 1357202.1)

Last updated on FEBRUARY 26, 2019

Applies to:

Oracle Internet Directory - Version 11.1.1 and later
Information in this document applies to any platform.
ldapcompare, orclpwdtracklogin, pwdmaxage, account lock


OID 11g version
Passing wrong password for user in ldap compare or in application login multiple times, the account is locked according to password policy.

If passing wrong password and then the correct password and again wrong password, the failure counter is not updated in OID.
For example:
a. Create password policy and allow wrong password 3 times.
b. Run ldapcompare 2 times with wrong password
c. Run ldapcompare with correct password
d. Run ldapcompare 1 time with wrong password
e. The account is locked.


Issue is specific to 11g OID versions. In previous releases, 10.1.4, the above example worked correctly, i.e. on step c. the failure counter reset to 0, and on steps d. e. account is not locked.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.