To reset a user's LDAP account that has been locked due maxFailure bind failures, my client program performs the following steps:
On the user entry that is locked: set userPassword = to a new password value set pwdReset = TRUE delete pwdLockedTime operational attribute Testing w/ version 1.56 ppolicy module the above steps work flawlessly. The user must change password on subsequent bind per PW policy setting. But when I upgrade to latest version of ppolicy module, 1.60, I get constraint violation when I attempt removal of user's pwdLockedTime attribute. My question is, for situations when the user account is locked, how do we reset the user account programatically? I have found leaving the pwdReset flag alone will not unlock the user's account. Thanks, Shawn
