Right now you have to do that by command line but I know that @dvnkln did an enhancement request on that.
Endusers ofter use the wrong (old) password after they were force to changed their password in ldap (AD).
Currently the lock is only removed, if you remove it by shell or if the admin in the admin panel does reset the password of the user. Currently no other way is implemented.
I’ll change this to a Feature request. The community is free to vote for this Feature - that way we’ll be able to determine how important this feature is to everyone.
Zammad 5.0 introduced the option to unlock locked user accounts directly in Zammads UI. Since that moment failed LDAP logins also no longer count towards to failed logins to allow the LDAP server to do it’s part and also not lock out Zammad accounts permanently which required admin interaction.