This issue can be closed once we have a Rest2Ldap default mapping for enhanced password policy sub-entries and their associated state. The password policy resources should allow configuration of all aspects of password policy, including password validation. The password policy state should including meta-data about the last login time, account lockout, etc, as well as a reference to the applicable password policy.
It would be nice if we could provide some kind of restful mapping for subtreeSpecifications, but I think this is a nice to have that can be addressed later if needed.