Error
Error Code: ORA-28053

Oracle Error ORA-28053: Inactive Account

📦 Oracle Database
📋

Description

This error indicates that an enterprise user's account in the directory service (e.g., Active Directory) is inactive. Oracle Database cannot authenticate the user because the directory service reports the account is disabled or locked.
💬

Error Message

the account is inactive
🔍

Known Causes

3 known causes
⚠️
Disabled Account
The user account has been explicitly disabled by an administrator in the directory service. This prevents the user from logging in.
⚠️
Account Locked
The user account has been locked due to multiple failed login attempts. This is a security measure to prevent unauthorized access.
⚠️
Account Expiration
The user account has expired based on the directory service's configured expiration policy. The account is automatically deactivated.
🛠️

Solutions

3 solutions available

1. Unlock the User Account easy

Directly unlock the user account that is reporting the inactive status.

1
Connect to the Oracle database as a user with DBA privileges (e.g., SYS or SYSTEM).
2
Execute the ALTER USER command to unlock the account.
ALTER USER username ACCOUNT UNLOCK;
3
Replace 'username' with the actual username that is experiencing the ORA-28053 error.

2. Verify and Reset Account Expiration medium

Check if the user account has expired and reset its expiration date if necessary.

1
Connect to the Oracle database as a user with DBA privileges.
2
Query the DBA_USERS view to check the account expiration date for the user.
SELECT username, account_status, expiry_date FROM dba_users WHERE username = 'USERNAME_HERE';
3
If 'expiry_date' is in the past or set to a specific date, reset it to 'UNLIMITED' or a future date.
ALTER USER username IDENTIFIED BY password ACCOUNT UNLIMITED;
-- OR to set a specific future expiration date:
-- ALTER USER username IDENTIFIED BY password PASSWORD EXPIRE; -- This will force a password change on next login and effectively reset expiry if password is changed.
-- For a specific date, use:
-- ALTER USER username IDENTIFIED BY password EXPIRY_DATE TO 'DD-MON-YYYY';
4
Replace 'username', 'password' (if setting a new password), and 'USERNAME_HERE' with the appropriate values. If you don't want to change the password, you can omit 'IDENTIFIED BY password' in the ALTER USER statement.

3. Check for Locked Account Due to Failed Logins medium

Investigate if the account has been locked by the system due to excessive failed login attempts.

1
Connect to the Oracle database as a user with DBA privileges.
2
Query DBA_USERS to check the account status. Look for 'LOCKED' or 'LOCKED(TIMED)' in the ACCOUNT_STATUS column.
SELECT username, account_status FROM dba_users WHERE username = 'USERNAME_HERE';
3
If the account is locked due to failed logins, it might automatically unlock after a certain period (defined by profile settings). To force an immediate unlock, use the UNLOCK command.
ALTER USER username ACCOUNT UNLOCK;
4
Consider reviewing the user's profile to understand the 'FAILED_LOGIN_ATTEMPTS' and 'PASSWORD_LOCK_TIME' settings. This can be done by querying DBA_PROFILES.
SELECT profile, resource_name, limit FROM dba_profiles WHERE profile = (SELECT profile FROM dba_users WHERE username = 'USERNAME_HERE') AND resource_name IN ('FAILED_LOGIN_ATTEMPTS', 'PASSWORD_LOCK_TIME');
5
Replace 'username' and 'USERNAME_HERE' with the relevant username.