--On Wednesday, March 13, 2019 5:49 PM +0100 Matus Honek
currently, granularity of pwdGraceUseTime is one second. This allows
client to successfully bind with old password as many times as they
want during N seconds (where N is equal to pwdGraceAuthnLimit) which
may be unwanted. Would it be possible to increase the granularity, and
if so, what size would make sense? Could it be made configurable?
I would suggest filing an ITS along the lines of ITS#7161.
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: