https://ldapmaster1.db.phx1.mozilla.com/phpldapadmin/cmd.php?cmd=template_engine&show_internal_attrs=true&server_id=1&dn=mail%3Dalessio.gastaldi%40libero.it%2Co%3Dnet%2Cdc%3Dmozilla The LDAP password for Alessio Gastaldi has expired, which should have happened because: pwdPolicySubentry = cn=community_passwords,ou=policies,dc=mozilla I've compared with another localizer's LDAP account and the only difference is the existence of this field (in Alessio's account): pwdChangedTime = 20111221074631 Alessio's password has been reset and emailed to him, so this is just an issue of it expiring again
I've verified that his password shouldn't expire and I'm not convinced that it ever did expire. According to http://linux.die.net/man/5/slapo-ppolicy pwdChangedTime is only useful if pwdMaxAge is also set, which it isn't for his user object or the community_passwords object. His account could have been locked out for any other reason, like a brute force attempt or just typing his password wrong 50 times. I'll mark this as invalid, but please re-open if an issue comes up again. Getting a full dump of his LDAP object at the time of the problem would be helpful as well (before resetting the password), as this would verify if it is locked out or expired or what.