Oracle Fusion Middleware Evaluation Guide for Oracle Directory Server Enterprise Edition

Global Account Lockout

When a user account is locked due to consecutive failures to bind, the user account is effectively locked across the entire collection of servers.

You can configure user account lockout using the DSCC as illustrated in the following figure.

Account lockout configuration in the New Password Policy
wizard of the DSCC.

Directory Server now replicates account lockout data stored when a client application fails to authenticate to the server. When used together with the Directory Proxy Server capability to route binds appropriately, global account lockout can prevent a client application from gaining more than the number of tries you specify before being locked out across an entire directory service topology.

For more information, see Preventing Authentication by Using Global Account Lockout in Oracle Fusion Middleware Deployment Planning Guide for Oracle Directory Server Enterprise Edition.