Bad Password Count Cached in 11.1.1.6.0 (Doc ID 1544532.1)

Last updated on AUGUST 19, 2019

Applies to:

Goal

Active Directory (AD) bad password count is used to verify if a user is locked out (due to too many incorrect password entries) but it seems to be cached as the count stays at zero even when AD shows a higher number.

The code used is the following:

/**
* Extracts the bad password count from AD.
* @param username - the username for which the bad password count is to be extracted.
*/
public static String extractBadPasswordCount(String username)
throws IMException
{
return (String) UserMgmtUtil.extractUserPropertyFromAD(UserMgmtUtil.BAD_PASSWORD_COUNT_FIELD, username).get(0);
}
...
/**
* Extracts a property from AD.
* @param property - the property to be extracted.
* @param username - the username for which the property should be extracted.
*/
public static List extractUserPropertyFromAD(String property, String username)
throws IMException
{
_logger.entering("extractUserPropertyFromAD", "property: " + property + "; username: " + username);
UserProfile userProfile;
List userProperty;

// Get the user profile object
userProfile = getUserProfileFromAD(username);

userProperty = userProfile.getProperty(property).getValues();

return userProperty;
}
...
private static UserProfile getUserProfileFromAD(String username)
throws IMException
{
UserProfile userProfile;
try
{
final User user = WCSecurityUtility.getUserFromUserName(username);
if (user != null)
{
userProfile = user.getUserProfile();
}
else
{
throw new IMException("No user found in AD!!!");
}
}
catch (IMException e)
{
_logger.severe("Couldn't find user in AD for username " + username, e);
throw e;
}
return userProfile;
}

 
  
Is there a way to bypass this cache to make sure that the AD bad password count retrieved is always up-to-date?
 

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.