Guillaume,
I did a test with your suggestion and now It is working when I change
the pwdMaxAge to some short time as 15 seconds but I don't receive any
message invite me to change the password or any warning message for
expiration time.
I see the follow message in debug mode:
uid=user1,ou=People,dc=sample,dc=com has an expired password
I set the attributes in default Policies:
pwsGraceAuthNLimit: 2
pwdAllowUserChange: TRUE
pwdExpireWarning: 10
pwdLockout: TRUE
pwdMaxAge: 15
pwdMustChange: TRUE
In my ldap client I have set:
pam_lookup_policy yes
Do I have to change something in PAM?