The password expiring and password expired controls
PingDirectory server supports the password expiring and password expired controls, as described in draft-vchu-ldap-pwd-policy-00.
The password expiring control can be included in the response to a successful bind attempt to indicate that the user’s password is about to expire. Its value indicates the length of time until the password actually expires.
The password expired control can be included in the response to a successful or failed bind attempt to indicate that the user’s password has expired and must be changed. If the bind operation was successful, then it means that the user must change their password before they are allowed to request any other operations. If the bind operation failed, then it means that the password must be reset before the user can access their account.