The userpassword cannot be reset due to authentication failure in @school
LDAP-Fehler Invalid credentials: SASL(-13): authentication failure: condition NotOnOrAfter 2020-01-15T07:42:10Z, current time is 2020-01-15T08:03:51Z
Check the time on your servers, especially master, and backup but also (school) slaves.
Mi 15. Jan 08:03:51 CET 2020
Or maybe you were hit by Bug 52888
The workaround here is to increase umc/saml/grace_time (as high as saml/idp/session-duration should work) and restart the ldap server