Password Policy Does Not Affect Some Users
(Doc ID 357161.1)
Last updated on SEPTEMBER 03, 2019
Applies to:Oracle Internet Directory - Version 10.1.2 and later
Information in this document applies to any platform.
- Users providing an invalid password fail to have locked accounts, even though the failed attempts exceed the Password Policy value "Password maximum failure" (pwdmaxfailure)
- An ldapsearch returning the Realm Password Policy shows it is set as follows:
ldapsearch -h <OID_hostname> -p <OID_NON_SSL_port> -D "cn=orcladmin" -w <pwd> -b "cn=PwdPolicyEntry,cn=Common,cn=Products,cn=OracleContext,dc=<COMPANY>,dc=com" -s base (objectclass=*)
- OC4J_SECURITY was restarted following Password Policy changes
- ldapbinds for these users are also not abiding by the Password Policy
- The Realm context shows that the Password Policy should be governing these users. Navigate to Entry Management > dc=com > dc=<COMPANY> > dc=<COUNTRY-1> > cn=OracleContext > cn=Products > cn=Common:
Attribute orclcommonusersearchbase is set to:
Reference the Oracle Internet Directory Administrator's Guide, 10g Release 2 (10.1.2) > Chapter 15 Password Policies in Oracle Internet Directory > Setion 15.1.2 Default Password Policy:
To enforce this password policy, set to the appropriate value the orclcommonusersearchbase attribute in the common entry of the realm-specific Oracle Context.
- The realm Password Policy does apply to users under cn=users,dc=<COUNTRY-2>,dc=<COMPANY>,dc=com
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document