https://bugs.openldap.org/show_bug.cgi?id=9156

--- Comment #11 from Ondřej Kuzník ondra@mistotebe.net --- Draft 10 adds another way of expiring passwords (pwdEndTime) but that is not included in expiry warning calculation. It might be worth clarifying whether it should or should not be taken into consideration.

Neither is maxIdle but we don't really get a chance to exercise it as this is already done in a "non-idle" context.