The rule selected as the “Is Account Locked Rule” determines if an account is locked. The full IDMXUser view is available to this rule. The rule takes the following arguments:
maxFailedPasswordLogins — An integer declaring the maximum number of failed password logins before an account is locked according to the Service Provider System Account Policy.
maxFailedQuestionLogins — An integer declaring the maximum number of failed question logins before an account is locked according to the Service Provider System Account Policy.
The rule should return true only if the account is locked.
The sample rule “Service Provider Example Is Account Locked Rule” operates on Sun Java System Directory Server 5.x. This rule expects that the accountUnlockTime and passwordRetryCount account attributes are defined in the LDAP resource schema map.