Please consider adding a null check In ADUserAccounControl.addControl where it declares the String value:
String value = attr.getValue().get(0).toString();
I have coded it so that if attr.getValue() == null, then value="false". This change prevents errors if the mapper doesn't pass back any of the following attributes for whatever reason.
target.passwordNotRequired = false;
target.passwordExpired = false;
target.smartcardRequired = false;
target.lockOut = false;
target.dontExpirePassword = false;
The workaround to not having this connector modification is to ensure that all of these attributes get set to false. (I traditionally have had more custom code for userAccountControl. I am trying to go more default in the configuration.)
FWIW, we never expire passwords, accounts, lock them out, require smart cards, or any of that. So, none of these settings applies to us. This influences my view of these settings.
In the to AD mapper have an onUpdate script.
Confirm that the variable target does not contain the property lockOut.
Reconcile a user to AD. It will generate a null pointer exception trying to set the variable "value".