My Oracle Support Banner

Locking a User in an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) Integration Environment with Oracle Unified Directory (OUD) after X Number of Unsuccessful Login Attempts From OAM sets obLockedOn with a Wrong timestamp Format (Doc ID 2661659.1)

Last updated on APRIL 27, 2023

Applies to:

Oracle Access Manager - Version and later
Identity Manager - Version and later
Information in this document applies to any platform.


In an Oracle Access Manager (OAM) / Oracle Identity Manager (OIM) 12c integration after X unsuccessful login attempts (Out Of The Box 3) OAM locks the user in OUD

After the third wrong password the user does get locked in OUD and OAM redirects the user to the OIM lock page

To lock the user in OUD, OAM sets some attributes in the OUD user entry, one of them is obLockedOn

dn: <$DN>


middleName: XXX

oblockedon: 2020042117054208z

obpasswordchangeflag: false

sn: XXXX

oblogintrycount: 3


The oblockedon which stores the time the user was locked in UTC (Zulu) time use a wrong format, small z , instead of the correct LDAP timestamp format with a capital Z as defined in RFC 4519  



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.