A user was locked out on a backup or replica server in ldap using ppolicy.
The lock will not be reset by using the checkbox “Unlock account” in UMC.
You have enabled ppolicy and a user is locked out on a replica or backup server.
To reset the (ppolicy) lockout you need to set a new password for the user.
We count the login failures on each server. If the configured max. is reached the ppolicy sets the attribute pwdAccountLockedTime. This attribute is actual not replicated, so a locked account on a backup or replica will not be “freed” again by using the UMC checkbox.
This may be corrected with bug 53072