A password policy has been configured to apply to only a portion of the directory.  This policy is configured to lock user accounts after 5 bad login attempts, however, it's never locking the user account.

Release : ALL

Component : SITEMINDER -POLICY SERVER

Customer had used the Expression feature to specify a DN indicating the portion of the directory to which this policy applies, however, this feature is only used to specify an expression to match users to the policy, and thus a static DN specified this way would never match the policy to any user.  

 To specify a static DN rather than use an expression, use the Lookup feature when configuring the policy rather than the Expression feature.