This is a simple symptom-cause-solution blog entry only. I hope these blogs will help fellow administrators. Symptom With an Active Directory Authenticator configured, if a user logs in once with incorrect credentials further attempts to log in will fail, even with the correct username and password (until the server is restarted). If the user continues to login with correct credentials, WebLogic will eventually lockout the account. Cause This is a known bug for WebLogic 10 MP1. During authentication the AD provider binds twice using the same LDAP connection, once with the username password being authenticated, and once with the credentials supplied when you configure the LDAP provider. If authentication fails, the second binding doesn’t happen, and the unauthenticated LDAP connection is returned to the internal LDAP connection pool. This poses a problem when later trying to authenticate and the unauthenticated LDAP connection is retrieved from the pool... -Cobb...
Articles on enterprise java server administration