Skip to main content
Solved

DB authentication causes AD lockouts

  • March 17, 2021
  • 1 reply
  • 232 views

durette
Superhero (Customer)
Forum|alt.badge.img+19
  • Superhero (Customer)
  • 529 replies

Certain IT users need access to log in to a nonproduction environment as any arbitrary user.

We use LDAP authentication against Active Directory for all our environments. By resetting the user's database password, though, we can allow the system to fail LDAP authentication, then pass database authentication.

Under certain circumstances I have yet to fully understand, sometimes logging in as a user this way causes their AD account to get locked. Even after we log out of IFS as that user, the system still attempts AD authentication repeatedly.

When this happens, the only solution I have yet discovered is to restart the middleware.

Is this preventable?
When it happens, is there a less severe solution than restarting the middleware?

Best answer by dsj

Hi Kevin @durette,

 

In your scenario user lockout could  happen in the Weblogic security realm due to unsuccessful login attempts.

If you have access to the Weblogic admin console, then try following instead of restarting middleware.

  1. Click on the root
  2. Security
  3. Unlock User
  4. Provide user id
  5. save

 

See if it helps.

Cheers!
Damith

View original
Did this topic help you find an answer to your question?
This topic has been closed for comments

1 reply

dsj
Ultimate Hero (Partner)
Forum|alt.badge.img+22
  • Ultimate Hero (Partner)
  • 866 replies
  • Answer
  • March 17, 2021

Hi Kevin @durette,

 

In your scenario user lockout could  happen in the Weblogic security realm due to unsuccessful login attempts.

If you have access to the Weblogic admin console, then try following instead of restarting middleware.

  1. Click on the root
  2. Security
  3. Unlock User
  4. Provide user id
  5. save

 

See if it helps.

Cheers!
Damith


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings