Overview[1] #

PwdAccountLockedTime is defined in Draft-behera-ldap-password-policy as attribute holds the time that the user's account was locked. A locked account means that the password may no longer be used to authenticate. * "000001010000Z" value means that the account has been Administratively Disabled, and that only a password administrator can unlock the account.

• other values indicate the Timestampthat the user's account was locked by Intruder Detection !! LDAP Attribute Definition

The PwdAccountLockedTime AttributeTypes is defined as:

• OID of 1.3.6.1.4.1.42.2.27.8.1.17
• NAME: PwdAccountLockedTime
• DESC: 'The time an user account was locked'
• OBSOLETE flag (only if present)
• Supertype:
  • (only if present)
• EQUALITY: GeneralizedTimeMatch
• ORDERING: GeneralizedTimeOrderingMatch
• SYNTAX: 1.3.6.1.4.1.1466.115.121.1.24
• SINGLE-VALUE
• NO-USER-MODIFICATION
• USAGE: UserApplications
• Extended Flags:
  • X-ORIGIN:
• Used as MUST in:
• Used as MAY in:

EDirectory#

PwdAccountLockedTime, For EDirectory, is cleared upon a successful login following an Intruder Detection. !! More Information There might be more information for this subject on one of the following:

• 1.3.6.1.4.1.42.2.27.8.1.17
• 2.16.840.1.113719.1.1.6.1.33
• Administratively Disabled
• Draft-behera-ldap-password-policy
• Locked Account Check
• Locked By Intruder
• NdsLoginProperties
• NspmPasswordAux
• Password Policy State Information
• SCIM Password Management Extension

---

• [#1] - Draft-behera-ldap-password-policy