diff --git a/README.md b/README.md
index c28f58b..4d6522d 100644
--- a/README.md
+++ b/README.md
@@ -431,7 +431,7 @@ replace: olcAccess
 olcAccess: {0}to attrs=userPassword,pwdPolicySubentry by self write by anonymous auth by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" write by * none
 olcAccess: {1}to * by dn.exact="cn=admin,dc=example,dc=com" manage by * read
 ```
-This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.\
+This probably looks confusing and even scary now, but it's pretty simple, it basically adds the pwdPolicySubentry attribute to the attributes SASL EXTERNAL can write. We will come back to it later anyways.
 
 ```
 root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f update_acl.ldif
@@ -466,8 +466,41 @@ sn: Kirisame
 userPassword: {SSHA}cgT...  # Generate with: slappasswd -s yang
 ```
 That's a lot of data, but it creates our Supergirls directory, and with it the users reimu and marisa. 
-When copying and pasting, note there are 2 users that requires a password hash; by now you should know how to generate them, use the same password we are using here as well. 
 
-### <ins>_Blocking user after wrong password tries_</ins>
+### <ins>_Blocking user access with user's password after 3 tries_</ins>
+
+Let's apply the following policy on the user reimu from the Organizational Unit Supergirls: after failing to interact in any way with the LDAP server using the user's wrong password, the LDAP server with block the user and it will disabled of any action until an administrator unlocks it. 
+```
+root@example:/# vim apply_policy_reimu.ldif
+dn: uid=reimu,ou=Supergirls,dc=example,dc=com
+changetype: modify
+replace: pwdPolicySubentry
+pwdPolicySubentry: cn=default,ou=policies,dc=example,dc=com
+```
+And execute the apply_policy_reimu.ldif file
+```
+root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f apply_policy_reimu.ldif
+modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
+```
+Run **again** the following taking note of the new hashed passwords
+```
+root@example:/# slappasswd -s ying
+{SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
+```
+Finally, create a new file reset_reimu_password.ldif and replace the userPassword with the correct hashed password 
+```
+root@example:/# vim reset_reimu_password.ldif
+dn: uid=reimu,ou=Supergirls,dc=example,dc=com
+changetype: modify
+replace: userPassword
+userPassword: {SSHA}QkBaHJh2CFSq9dup+Hiest9jnYMgVrll
+```
+Execute reset_reimu_password.ldif
+```
+root@example:/# ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f reset_reimu_password.ldif
+modifying entry "uid=reimu,ou=Supergirls,dc=example,dc=com"
+```
+
+
 
 <!--ldappasswd -H ldap://server_domain_or_IP -x -D "cn=admin,dc=example,dc=com" -W -S "uid=bob,ou=people,dc=example,dc=com"-->
\ No newline at end of file