A password policy has been configured to apply to only a portion of the directory. This policy is configured to lock user accounts after 5 bad login attempts, however, it's never locking the user account.
Customer had used the Expression feature to specify a DN indicating the portion of the directory to which this policy applies, however, this feature is only used to specify an expression to match users to the policy, and thus a static DN specified this way would never match the policy to any user.
Release : ALL
Component : SITEMINDER -POLICY SERVER
To specify a static DN rather than use an expression, use the Lookup feature when configuring the policy rather than the Expression feature.