Our authentication has been integrated with our AD trough osuser.xml. The problem is that even if there is functionality to lock up the password after five (5) wrong password entries in AD, Confluence doesn't update the information before the session has been restarted.

If someone knows confluence-administrators user name, the person can try to guess the password countless times without Confluence lock the account. Meaning that the attribute in badPwdCount in AD increases every time user pushes the Log In button, but the after five wrong password entries the information about password being locked doesn't go from AD to Confluence. The problem disappears when session is restarted (meaning the browser session, not server session).