It appears your intent is to unlock an account which has been locked by too many incorrect password attempts in OpenLdap.
If the user account is locked (pwdLockout is TRUE) then it may be unlocked by an administrator using either of the following procedures:
Delete the operational attribute pwdAccountLockedTime. This procedure allows the user to continue to use the current password and is only effective if the password has not expired.
Add the operational attribute pwdReset with a value of either TRUE or FALSE. FALSE is only effective if the password has not expired and has the same effect as deleting pwdAccountLockedTime.
In most openLDAP versions, you can remove the pwdAccountLockedTime.
Some versions may require using the ManageDIT control. Both of these assuming you have proper permissions.
According to rfc4512 section 3.4, "Not all operational attributes are user modifiable."
-jim