To reset a user's LDAP account that has been locked
due maxFailure bind failures, my client program
performs the following steps:
On the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute
Testing w/ version 1.56 ppolicy module the above steps
work flawlessly. The user must change password on
subsequent bind per PW policy setting.
But when I upgrade to latest version of ppolicy
module, 1.60, I get constraint violation when I
attempt removal of user's pwdLockedTime attribute.
My question is, for situations when the user account
is locked, how do we reset the user account
programatically? I have found leaving the pwdReset
flag alone will not unlock the user's account.
Thanks,
Shawn