diff --git a/CHANGES b/CHANGES
index ebb822784ddcbe344748de9aca982eabef8928b7..fe21a701db742f408e6f32b7efce02af24d0ec37 100644
--- a/CHANGES
+++ b/CHANGES
@@ -44,6 +44,7 @@ OpenLDAP 2.4.17 Engineering
 	Fixed slapo-collect missing equality match rule (ITS#6075)
 	Fixed slapo-dds entry expiration (ITS#6169)
 	Fixed slapo-perl symbols (ITS#5658)
+	Fixed slapo-ppolicy to honor pwdLockout (ITS#6168)
 	Fixed slapo-refint refint_repair handling (ITS#6056)
 	Added slapo-rwm rwm-drop-unrequested-attrs config option (ITS#6057)
 	Fixed slapo-rwm dn passing (ITS#6070)
diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c
index 639fc5beeb432f8dceaa73f4104e7bc9c5b62257..62324ca2f9d9958fbad9ff943decdd7154cc7c93 100644
--- a/servers/slapd/overlays/ppolicy.c
+++ b/servers/slapd/overlays/ppolicy.c
@@ -324,6 +324,9 @@ account_locked( Operation *op, Entry *e,
 
 	assert(mod != NULL);
 
+	if ( !pp->pwdLockout )
+		return 0;
+
 	if ( (la = attr_find( e->e_attrs, ad_pwdAccountLockedTime )) != NULL ) {
 		BerVarray vals = la->a_nvals;
 
diff --git a/tests/data/ppolicy.ldif b/tests/data/ppolicy.ldif
index 578aa6107d4df0bda7a7bbeb162ee61e2ad06d24..fdd0c48be1956f40d124c6e56b8492d43a77c89a 100644
--- a/tests/data/ppolicy.ldif
+++ b/tests/data/ppolicy.ldif
@@ -33,6 +33,7 @@ pwdMustChange: TRUE
 pwdMaxFailure: 3
 pwdFailureCountInterval: 120
 pwdSafeModify: TRUE
+pwdLockout: TRUE
 
 dn: uid=nd, ou=People, dc=example, dc=com
 objectClass: top