My Oracle Support Banner

OUD12c - User Remains Locked on Isolated/Untrusted Replica (Doc ID 2824207.1)

Last updated on DECEMBER 01, 2021

Applies to:

Oracle Unified Directory - Version and later
Information in this document applies to any platform.


Environment and observed behavior:

- trusted and untrusted servers in the replication domain
- global password policy which locks users after 5 bad logins
- user is locked on an untrusted server
- lock state is sent to the trusted server (and ignored as the information comes from an untrusted server)
- password change is performed on a trusted server to clear the lockstate. This doesn't work because only the new password is replicated to the untrusted server and the user remains locked on the untrusted server.

This is due to the fact that on the trusted server the user was never locked, and therefore the server doesn't send a "clear lock" to the untrusted server.

In case of password changes, all lock/expiration states must be cleared on untrusted servers even if the lockstate on the trusted server is different.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.