Sun Java System Directory Server Enterprise Edition 6.1 Evaluation Guide

Global Account Lockout

This version of DSEE enables global account lockout. When a user account is locked due to consecutive failures to bind, the user account is effectively locked across the entire collection of servers.

You can configure user account lockout using the DSCC as illustrated in the following figure.

Account lockout configuration in the New Password Policy
wizard of the DSCC.

Directory Server now replicates account lockout data stored when a client application fails to authenticate to the server. When used together with the Directory Proxy Server capability to route binds appropriately, global account lockout can prevent a client application from gaining more than the number of tries you specify before being locked out across an entire directory service topology.

For more information, see Preventing Authentication by Using Global Account Lockout in Sun Java System Directory Server Enterprise Edition 6.1 Deployment Planning Guide.