Account lockout node uses username to lock user. Hence if user uses other attributes to be authenticated (such as mail), user would not be able to get the account lock.
- Create a user called demo and configure email address:
- Create a tree called testTree with the nodes mentioned in img1.
- Configure LDAP Decision node with the following configuration. A sample of LDAP Decision node configuration is listed below:
- Authenticate using testTree and using demo's email address with the correct password. It will login successfully.
- Authenticate using testTree again and using demo's email address with the wrong password for 4 times to trigger account lockout node
From Authentication log (using AM 6.5.3):