I am slightly confused about how to synchronize password expiration times
and grace logins between eDir and Active Directory. I have synchronized
passwords successfully, using Universal Password and by applying password
policies.

I think what I need to do is go into Schema Mapping Policies and map the
eDir attribute Login Grace Limit (and/or Login Grace Remaining) with a
corresponding AD attribute (eDir attribute, Password Expiration Time, is
already mapped). Then do I need to create any additional policies to make
this work?

I have searched documentation and other forum postings, but I am still
not sure about what exactly needs to be done to synch the number of days
before password expires and the number of grace logins (between eDir and
AD)? Schema mappings and added policies?