I have set up a special user that has rights to modify details of another user. This prevents the need for our applications to log in as the admin user, while still allowing password resets and such.
I'd like to give that user rights to delete the operational attribute pwdAccountLockedTime. I've created a subentry that allows the user to modify the password and such, but when I try to add in pwdAccountLockedTime, it's not allowing that to happen. The error message indicates that operational attributes cannot be modified by a user. Is there a way to allow for a user to delete that attribute? If not, is there a way to configure Apache DS to delete that attribute on a password change? // Mike
