Just built and installed HEAD. After 'pwdMaxFailure' failed binds the user account is locked. Resetting the password deletes the attributes pwdAccountLockedTime and pwdFailureTime. However if I intentionally failed a bind once and then do a successful bind, the pwdFailureTime is not deleted as described in man slapo-ppolicy. -- Sam