0. we have configured that after 3 login failed attempts, the account to be
1. user test1 fails to login 3 times -> account is locked
Please provide the password policy as LDIF.
2. admin unlocks test1's account and notify test1 user
Which exact LDAP operation is done when "admin unlocks test1's account".
Are you just removing 'pwdAccountLockedTime'?
I'm asking because there might be a misunderstanding how that is
supposed to work. In this case it's an usage question better to be
discussed on openldap-technical mailing list.