search cancel

Password policies in Siteminder are not working

book

Article ID: 239851

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

A password policy has been configured to apply to only a portion of the directory.  This policy is configured to lock user accounts after 5 bad login attempts, however, it's never locking the user account.

Cause

Customer had used the Expression feature to specify a DN indicating the portion of the directory to which this policy applies, however, this feature is only used to specify an expression to match users to the policy, and thus a static DN specified this way would never match the policy to any user.  

Environment

Release : ALL

Component : SITEMINDER -POLICY SERVER

Resolution

 To specify a static DN rather than use an expression, use the Lookup feature when configuring the policy rather than the Expression feature.