My Oracle Support Banner

OID 10g Account Gets Locked Intermittently and the Failure Count Does Not Get Reset after Successful SSO login (Doc ID 735092.1)

Last updated on MARCH 13, 2019

Applies to:

Oracle Internet Directory - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.4 [Release 10gR1 to 10gR3]
Information in this document applies to any platform.


OID version
Accounts getting locked randomly before reaching the maximum failure count set in the password policy
Problem happens only with SSO login
Not reproducible using ldapbind  command

-- Steps To Reproduce:
Have the password policy set with the following attributes

Password Maximum Failure (pwdmaxfailure) = 3
Password Failure Count Interval  (pwdfailurecountinterval) = 0
Password Expiry Time (pwdmaxage) = 0

Try to login to SSO
- Two login attempts to SSO with wrong password
- Use the correct password for the 3rd attempt
- Login with the wrong password again and gets Account Locked error message

This can be further verified by checking the "pwdfailuretime" attribute value. This value doesn't get cleared after a successful login to SSO.

ldapsearch -h <oid_host> -p <oid_port> -D "cn=orcladmin" -w <password> -b "user_DN" -s base "objectclass=*" pwdfailuretime

Note: If the search doesn't return any values, then it means that the password failure count has been reset to 0


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.