Consider the following rules and guidelines when you enforce account lockout for Informatica users:
- If an application service runs under a user account and the wrong password is provided for the application service, the user account can become locked when the application service tries to start. The Data Integration Service, Web Services Hub Service, and PowerCenter Integration Service are resilient application services that use a user name and password to authenticate with the Model Repository Service or PowerCenter Repository Service. If the Data Integration Service, Web Services Hub Service, or PowerCenter Integration Service continually try to restart after a failed login, the domain eventually locks the associated user account.
- If an LDAP user account is locked out of the Informatica domain and the LDAP authentication server, the Informatica domain administrator can unlock the account in the Informatica domain. The LDAP administrator can unlock the user account in the LDAP server.
- If you enable account lockout in the Informatica domain and in the LDAP server, configure the same threshold for login failures in the Informatica domain and in the LDAP server to avoid confusion about the account lockout policy.
- If account lockout is not enabled in the Informatica domain but a user is locked out, verify that the user is not locked out in the LDAP server.