Memory account lockout in OpenSSO Enterprise must be disabled because the account lockout controls in the user data store will be used. You can use the OpenSSO Enterprise console to disable memory account lockout. See Enabling Account Lockout in Sun OpenSSO Enterprise 8.0 Administration Guide for detailed information.
Log in to the OpenSSO Enterprise console as administrator.
Click the Access Control tab.
Navigate to Top Level Realm > Authentication > Authentication Chaining.
In the Authentication Chaining section, click New.
Enter a name for the chain and click OK.
For this example: idmauth.
On the new chain's Properties page, add the LDAP module as REQUIRED, and click Save.
Click Back to Authentication.
For the value of Organization Authentication Configuration, choose the service just created .
Save changes and log out of OpenSSO Enterprise.
After completing this configuration, use /opensso/console to log in to the OpenSSO Enterprise console; do not /opensso/UI/Login. This ensures that the authentication module configured for the OpenSSO Enterprise administrator is used when logging into the OpenSSO Enterprise console, and that the LDAP module just configured is not used.