5046 ERROR_UNLOCK_FAILURE on password reset

[ianp1]

In my setup i use an OpenLDAP directory with the newest Snapshot. I activated the ppolicy overlay which seams to work, it locks accounts for too many failed logins.

However, when trying to reset a password gives me the 5046 ERROR_UNLOCK_FAILURE, because attribute pwdAccountLockedTime is not set. When i lock the account before trying, it works perfectly fine. I could of course ask my users to lock their accounts before resetting passwords, but i dont think thats how it is intended to work. Did i miss any configuration option to allow resetting of not-locked accounts?

Thanks