Unlocking locked Accounts in Oracle Internet Directory (OID)

From time to time you may have to unlock an account in Oracle Internet Directory (OID) which isn't IDM/OIM-controlled (so no selfservice is available, for example for technical users).

There are at least two ways to achieve this:

1. Use OIDDAS (OID Delegated Administration Service)
Login to OIDDAS (this depends on which version of OID you are using), search and find the user and unlock it.

2. Use LDAP-Tools
I recommend this way, because it is much faster (for example if you have multiple accounts to unlock) and you see whats going on under the hood. It should work with all recent version of OID (from 10.1.2.0.2). Determine the distinguished name of the user (for example cn=lisa,cn=Users,dc=example,dc=com) and create a ldif file which sets the Attribute orclpwdaccountunlock to 1:

cn=lisa,cn=Users,dc=example,dc=com
changetype: modify
add: orclpwdaccountunlock
orclpwdaccountunlock: 1

Apply this via ldapmodify and the account is unlocked again. You also can set orclpwdaccountunlock directly via your favorite LDAP-Browser.

After that, the attributes pwdaccountlockedtime and pwdfailuretime (which mark the account as locked) will be gone.

And, by the way, you can find all locked accounts in your directory with executing the following ldap-search:

(pwdaccountlockedtime=*)