[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question pertaining to PPolicy overlay feature

To reset a user's LDAP account that has been locked
due  maxFailure bind failures, my client program
performs the following steps:   

On the user entry that is locked:
set userPassword = to a new password value
set pwdReset = TRUE
delete pwdLockedTime operational attribute

Testing w/ version 1.56 ppolicy module the above steps
work flawlessly. The user must change password on
subsequent bind per PW policy setting.

But when I upgrade to latest version of ppolicy
module, 1.60, I get constraint violation when I
attempt removal of user's pwdLockedTime attribute.

My question is, for situations when the user account
is locked, how do we reset the user account
programatically?  I have found leaving the pwdReset
flag alone will not unlock the user's account.