I would like the intruder lockout of an account in either AD or eDirectory
to synchronize to the opposite system. The solution must also unlock the
account after the expriation timeout.
I've seen Aaron Burgemeister's solution
(http://www.novell.com/coolsolutions/tip/16852.html) for disabling the AD
account when the eDir account is locked by intruder but this is not
precisely what I need and addresses only the eDir-to-AD sync, not the
I've tried allowing through the subscriber filter the "IntruderResetTime"
which is default mapped to the AD attribute "LockoutTime", but this fails
with syntax errors.