OK, I get that. What I don't get is why it won't automatically UNLOCK after lockout duration. The accountunlocktime stays set forever, and as long as that's set, the user can't log in and one of the admins has to clear the accountunlock time attribute manually. Thanks, Harry -----Original Message----- From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of William Sent: Thursday, February 12, 2015 9:54 PM To: General discussion list for the 389 Directory server project. Subject: Re: Question about accountunlocktime On Fri, 2015-02-13 at 01:49 +0000, harry.devine@xxxxxxx wrote: > Any insight on this???? > The value is utc. My current time is 13:16 UTC+10:30. When I lock the account I get: accountUnlockTime: 20150213031647Z Split up is 2015-02-13 0316.47 UTC Which is 1316 - 1030 = 0246 Add to this that my passwordLockoutDuration is 1800 aka 30 minutes: 0246 + 0030 = 0316. Thus: 2015-02-13 0316.47 UTC This is why you may see the accountUnlockTime in the past. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
