When logging in via LDAP though eDirectory, certain machines will not know if the users password has expired. This is a program that will query the LDAP server for a value, then if it is below the grace logins, alert the user.
To use this program, the machine it is installed on must be configured for LDAP authentication. On the LDAP Server Group, create an LDAP mapping to the eDirectory Login Grace remaining. This will the attribute that will be searched. In the Grace Remaining - template.sh file, there are comments for you to put in the information that is specific to your setup. This includes the LDAP server, uid LDAP mapping, log path, Application / Script to run, grace login set point and others.
This script is best run as a LoginHook or with another script at login. The template, working example for my setup, Executable program, as well as the Source for the program are included and commented. The Program is an XCode project, which can be installed on any Mac OS X machine. This allows for the program to be edited and tweaked for a setup that will work well for users.
The ZIP file includes the template, as well as the working configuration that is used at my workplace. I also included the Password Expire Application and the XCode source.