I never get a password change prompt for an expired password at the login screen or anywhere else for that matter. It does not work as the documentation describes. Everything else seems to be working just fine but once a user's password is expired, the account simply cannot log in at all.

The Access Requests log shows: Authentication failed due to expired password. Authentication for object 'CN=User.OU=Site.O=Tree' not allowed because the password is expired.

Is there something in particular that has to be set in the universal password policy to get this working? I used to be able to change a password from the Connect to Server screen if I had an expired password, but I'm not seeing that anymore either.