Password Policy Does Not Affect Some Users
(Doc ID 357161.1)
Last updated on JULY 01, 2016
Applies to:Oracle Internet Directory - Version: 10.1.2
Information in this document applies to any platform.
- Users providing an invalid password fail to have locked accounts, even though the failed attempts exceed the Password Policy value "Password maximum failure" (pwdmaxfailure)
- An ldapsearch returning the Realm Password Policy shows it is set as follows:
ldapsearch -h <OID_host> -p <OID_port> -D "cn=orcladmin" -w <pwd> -b "cn=PwdPolicyEntry,cn=Common,cn=Products,cn=OracleContext,dc=oracle,dc=com" -s base (objectclass=*)
- OC4J_SECURITY was restarted following Password Policy changes
- ldapbinds for these users are also not abiding by the Password Policy
- The Realm context shows that the Password Policy should be governing these users. Navigate to Entry Management > dc=com > dc=oracle > dc=us > cn=OracleContext > cn=Products > cn=Common:
Attribute orclcommonusersearchbase is set to:
Reference the Oracle Internet Directory Administrator's Guide, 10g Release 2 (10.1.2) > Chapter 15 Password Policies in Oracle Internet Directory > Setion 15.1.2 Default Password Policy:
To enforce this password policy, set to the appropriate value the orclcommonusersearchbase attribute in the common entry of the realm-specific Oracle Context.
- The realm Password Policy does apply to users under cn=users,dc=uk,dc=oracle,dc=com
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document