My Oracle Support Banner

Why Does Configured Password Policy Allow BINDs when Subsequent Requests are Rejected with Error 53 (Doc ID 1996252.1)

Last updated on MARCH 29, 2019

Applies to:

Oracle Directory Server Enterprise Edition - Version 5.2 and later
Information in this document applies to any platform.

Goal

A custom password policy has been created and it has been applied to a specific user entry to force a password reset.  When the user authenticates, the bind is successful (no error is returned), but subsequent operations on the same connection return the expected err=53.  Why does the authentication/bind not fail with the same error 53?  Below is the custom password policy being used...

dn: cn=CustomPasswordPolicy,dc=example,dc=com
pwdMinAge: 0
pwdLockoutDuration: 3600
pwdFailureCountInterval: 600
pwdMaxAge: 259200
pwdMaxFailure: 3
pwdLockout: TRUE
pwdExpireWarning: 86400
objectClass: top
objectClass: pwdPolicy
objectClass: sunPwdPolicy
objectClass: LDAPsubentry
cn: CustomPasswordPolicy
pwdAttribute: userPassword
pwdCheckQuality: 2
pwdMustChange: TRUE
pwdInHistory: 10
pwdMinLength: 8
pwdKeepLastAuthTime: TRUE

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.