Problem: LDAP lockout is not reset

Problem

A user was locked out on a backup or replica server in ldap using ppolicy.
The lock will not be reset by using the checkbox “Unlock account” in UMC.

Environment

You have enabled ppolicy and a user is locked out on a replica or backup server.

Solution

To reset the (ppolicy) lockout you need to set a new password for the user.

Root Cause

We count the login failures on each server. If the configured max. is reached the ppolicy sets the attribute pwdAccountLockedTime. This attribute is actual not replicated, so a locked account on a backup or replica will not be “freed” again by using the UMC checkbox.
This may be corrected with bug 53072

1 Like

This topic was automatically closed after 24 hours. New replies are no longer allowed.