We have problems with AA and eDirectory's Intruder Lockout.
Background: in eDirectory, the attribute lockedByIntruder is only removed from a locked account after the reset time has expired when the user makes a new login attempt.
AA with a chain LDAP password plus Second Factor checks the lockedByIntruder attribute and then reports that the account is locked. There is no login attempt, i.e. from the user's point of view the account is permanently locked, although the reset time has long since expired. (If user tries a login for example with GroupWise Web, the lockedByIntruder attribute is removed.)
The option "Bypass user lockout in repository" does not change that behavior. (In my opinion AA should not bypass user lockout in general, but only if the reset time has passed.)
How can we handle that problem? Any ideas?