Solved

DB authentication causes AD lockouts

  • 17 March 2021
  • 1 reply
  • 197 views

Userlevel 7
Badge +18

Certain IT users need access to log in to a nonproduction environment as any arbitrary user.

We use LDAP authentication against Active Directory for all our environments. By resetting the user's database password, though, we can allow the system to fail LDAP authentication, then pass database authentication.

Under certain circumstances I have yet to fully understand, sometimes logging in as a user this way causes their AD account to get locked. Even after we log out of IFS as that user, the system still attempts AD authentication repeatedly.

When this happens, the only solution I have yet discovered is to restart the middleware.

Is this preventable?
When it happens, is there a less severe solution than restarting the middleware?

icon

Best answer by dsj 17 March 2021, 16:10

View original

This topic has been closed for comments

1 reply

Userlevel 7
Badge +20

Hi Kevin @durette,

 

In your scenario user lockout could  happen in the Weblogic security realm due to unsuccessful login attempts.

If you have access to the Weblogic admin console, then try following instead of restarting middleware.

  1. Click on the root
  2. Security
  3. Unlock User
  4. Provide user id
  5. save

 

See if it helps.

Cheers!
Damith