Hi Aaron,
I'm not sure what version of 389 you are using but it works for me on
the latest version if I enable grace logins. Here are my settings:
cn=config
...
passwordChange: on
passwordGraceLimit: 2
passwordExp: on
passwordMaxAge: 30
$ ldapmodify -H ldap://localhost:389 -D
Hello,
Question: Is there a way to allow users to change their password if the
password has already expired?
I've been fighting this issue for months now and havn't found a resolution. My
users are able to change their password if it is not expired however once
expired even in the Grace