active-directoryldapspring-ldap

Spring ldap unlocking an account


I am trying to unlock user account using spring ldap and getting the error message ""Malformed 'LockoutTime' attribute value" exception.

My code looks like below

public boolean unlockAccount(Name dn) {
        ModificationItem item = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, new BasicAttribute("lockoutTime", 0));
        ldapTemplate.modifyAttributes(dn, new ModificationItem[] {item});
        return true;
}

I am using Windows server 2016 and Spring ldap 2.3.2.

Is 'lockoutTime' the correct attribute to unlock an account ? Is there anything else I am missing ?


Solution

  • In LDAP if you type the wrong password for more than 5 times, the account gets locked. If you want to unlock the user you have to delete an operational attribute name as pwdAccountLockedTime.

        public String unlockUser(Users pvo) {
        System.out.println("this is pvo" + pvo);
    
        Name dn = buildDn(pvo);
        DirContextOperations context = ldapTemplate.lookupContext(dn);
        ModificationItem[] modificationItems;
        modificationItems = new ModificationItem[1];
    
        modificationItems[0] = new ModificationItem(DirContext.REMOVE_ATTRIBUTE,
                new BasicAttribute("pwdAccountLockedTime"));
    
        ldapTemplate.modifyAttributes(dn, modificationItems);
    
        return "Account Unlocked";
    }
    

    build Dn for your LDAP and use the above code then the user gets unlocked.