Quanah,
thank you: Adding "-e relax" to ldapmodify did the trick.
Ulrich
-----Original Message----- From: Quanah Gibson-Mount quanah@fast-mail.org Sent: Friday, June 21, 2024 6:12 PM To: Windl, Ulrich u.windl@ukr.de; openldap-technical <openldap- technical@openldap.org> Subject: [EXT] Re: Q: Reset a locked user's password
--On Friday, June 21, 2024 8:55 AM +0000 "Windl, Ulrich" u.windl@ukr.de wrote:
ldap_modify: Constraint violation (19)
additional info: pwdGraceUseTime: no user modification allowed
So what are the options (for the user himself and for an admin)?
This may behave differently in later OpenLDAP releases where ppolicy has been significantly reworked. It also may be possible in 2.4 (but I can't say for sure) if you have manage access, and use both manage + relax.
--Quanah