As part of our Directory Server configuration we specify password policies allowing things such as grace logins, notification of impending password expiry, etc. In LDAP, if any of these cases arise (eg: password due to expire in 7 days) we would typically get a set of controls returned as part of the InitialLdapContext that would contain this information.

Crowd should support access to and propagation of this information.