Hello, currently, granularity of pwdGraceUseTime is one second. This allows client to successfully bind with old password as many times as they want during N seconds (where N is equal to pwdGraceAuthnLimit) which may be unwanted. Would it be possible to increase the granularity, and if so, what size would make sense? Could it be made configurable?
I would suggest filing an ITS along the lines of ITS#7161. Regards, Quanah -- Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: <http://www.symas.com>