I'm not sure if this is a Client question or an eDir question.

Is there a way to have the client check for a pre-expiring password?

Right now, the client appears to only tell you that your password
expired when you login (IF it actually expired).

But let's say that the last time you changed your password, you did it
at say, 11:00 a.m.

But you login today at say, 9:00 a.m.

2 hours later, your password expires and all sorts of things that use
LDAP/eDir go bananas and intruder lockout your account (GroupWise, etc.)

I can get MOST things via LDAP if it's front-ended with iChain using the
password servlets, but not everything.

(Plus, if you change it while you're logged in and doing other things,
then it really messes things up until you logout and log back in again).