mihai.munteanu(a)thalesgroup.com wrote: Please provide the password policy as LDIF. Which exact LDAP operation is done when "admin unlocks test1's account". Are you just removing 'pwdAccountLockedTime'? I'm asking because there might be a misunderstanding how that is supposed to work. In this case it's an usage question better to be discussed on openldap-technical mailing list. Ciao, Michael.