How to Unlock an Account expired by Password Policy in Oracle Internet Directory

How to Unlock an Account expired by Password Policy in Oracle Internet Directory

• I created an account in Oracle Internet Directory as qasim.
  
• Implemented a password policy on this user that it should expire after 200 seconds.
  

After 200 seconds I tried to login with this user but got an error as below:

ldap_bind: DSA is unwilling to perform

ldap_bind: additional info: Account Policy Error :9050: GSL_ACCTDISABLED_EXCP :Your Account has been disabled. Please contact the administrator.

• This account can by unlocked through OIDDAS which is not present in my environment, so I had to use Directory Manager or command line tool. In the directory manager the option to unlock this account was disabled, so the only way was to use the command line tool.
  
• I created an ldif file as below
  

************unlock.ldif*****************



dn: cn=qasim,cn=users,dc=tap,dc=com

changetype: modify

add: orclpwdaccountunlock

orclpwdaccountunlock: 1

*************************************

• Executed below command and it successfully unlocked the account:
  

ldapmodify -h ldap.tap -p 389 -D cn=orcladmin -q -v -f unlock.ldif

Note: It will ask you orcladmin password, after you enter password it would unlock your account and output would be as below:.

Please enter bind password:

add orclpwdaccountunlock:

1

modifying entry cn=qasim,cn=users,dc=tap,dc=com

modify complete