diff -up nss-pam-ldapd-0.8.13/man/nslcd.conf.5.ppolicy_option_default nss-pam-ldapd-0.8.13/man/nslcd.conf.5
--- nss-pam-ldapd-0.8.13/man/nslcd.conf.5.ppolicy_option_default	2019-09-17 09:53:26.723676439 +0200
+++ nss-pam-ldapd-0.8.13/man/nslcd.conf.5	2019-09-17 09:59:44.182750835 +0200
@@ -360,6 +360,14 @@ vulnerabilities which allow denial of se
 The default is to perform case-sensitve filtering of LDAP search
 results for the above maps.
 .TP 
+\*(T<\fBpam_authc_ppolicy\fR\*(T> yes|no
+This option specifies whether password policy controls are requested
+and handled from the LDAP server when performing user authentication.
+
+By default the controls are only requested and handled if this option
+is selected. This differs from the upstream default in order to retain
+backwards compatibility with previous RHEL-7 releases.
+.TP 
 \*(T<\fBpam_authz_search\fR\*(T> \fIFILTER\fR
 This option allows flexible fine tuning of the authorisation check that
 should be performed. The search filter specified is executed and