Problem: The userpassword cannot be reset due to authentication failure in @school

Problem:

The userpassword cannot be reset due to authentication failure in @school

LDAP-Fehler Invalid credentials: SASL(-13): authentication failure: condition NotOnOrAfter 2020-01-15T07:42:10Z, current time is 2020-01-15T08:03:51Z

Solution:

Check the time on your servers, especially master, and backup but also (school) slaves.
date
Mi 15. Jan 08:03:51 CET 2020

Or maybe you were hit by Bug 52888
The workaround here is to increase umc/saml/grace_time (as high as saml/idp/session-duration should work) and restart the ldap server