Hi,

  When users with an expired account try to log into PAM (SSH, Su, etc..) there is no warning displayed that the account is expired. The user is also allowed to login normally.
In the slapd logging, the following message is displayed:

Mar 18 12:46:25 sip slapd[11790]: ppolicy_bind: Entry uid=prajith,ou=people,dc=XXX,dc=XX has an expired password: 0 grace logins

In auth log
###
Mar 18 23:43:37 chiron-desktop-linux2 login[7411]: pam_unix(login:auth): authentication failure; logname=root uid=0 euid=0 tty=/dev/pts/0 ruser= rhost=  user=prajith
Mar 18 23:43:41 chiron-desktop-linux2 login[7411]: pam_unix(login:session): session opened for user prajith by root(uid=0)
###

here is my ldap.conf

########
base dc=XXX,dc=XX
uri ldap://XX.XX.XX
ldap_version 3
pam_lookup_policy yes
pam_password md5
pam_password exop
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,clamav,colord,daemon,dansguardi an,dnsmasq,festival,games,gnats,guest-yRzqOV,hplip,imspector,irc,kernoops,libuuid,libvir t-dnsmasq,libvirt-qemu,lightdm,list,lp,mail,man,messagebus,mysql,new s,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,statd,swift,sync,sys,syslog,usbmux ,uucp,whoopsie,www-data
####### 

Best Regards,
Prajith
http://prajith.in
--