1. Create an LDIF file to capture the following ACI information.
    OID
    1.3.6.1.4.1.42.2.27.8.1.17
    Name
    pwdAccountLockedTime
    Permission
    all

    For more information, see the following example file named aci.ldif.

    dn: ou=People,dc=example,dc=com
    changetype: modify
    add: aci
    aci: (targetattr="ds-pwp-auth-failure||pwdAccountLockedTime")(version 3.0; acl "Allow unlock admin to lock and unlock user accounts"; allow (all) userdn="ldap:///uid=ServiceAccount,ou=Applications,dc=example,dc=com";)
  2. Use the ldapmodify command to configure the required ACI.
    $ ldapmodify -f <path>/aci.ldif 
    -h <host name> 
    -p <LDAP port> 
    -D <LDAP bind username> 
    -w <LDAP bind password>
    Note:

    Line breaks are inserted for readability only.