Hello We ran into the following problem: someone changes its password, but has a few devices with the old password recorderd. Before the user has time to update stored passwords, an buggy-client hammers servers with requests using the old password, and get the account locked by slapo-ppolicy. Perhaps there could be a setting in pwdPolicy or in slapd.conf so that there is a grace time after a password reset? For instance, the admin could configure that slapo-ppolicy should not lock a user if password has been changed less than X seconds ago. Opinions? -- Emmanuel Dreyfus manu(a)netbsd.org