JNDI bind/authentication failure - error code 49
807573Sep 6 2006 — edited Sep 6 2006I have an application using JNDI to authenticate users to a Directory Server repository through an LDAP bind. When the user is not successfully authenticated, I get a JNDI AuthenticationException with a message, "error code 49 - Invalid Credentials". This message seems to get displayed for every authentication failure reason, not just invalid credentials.
How do I determine the actual reason for the failure to bind? Specifically, the password profile is setup with password locking, password expiration, and "must change password" upon initial login. I would like to know how to find out:
1. If the user was locked out.
2. If the user's password expired.
3. If the user must change his/her password
(I can pretty much assume that any other failure is actually invalid credentials.)
I think that I can do #1 by checking the passwordRetryCount attribute and I think that I can do #2 by checking the passwordExpirationTime attribute. I have no idea how to do #3 though. And, is there a way to get this information without searching through attributes?
In this thread:
http://forum.java.sun.com/thread.jspa?messageID=4227692
AD seems to send back a specific reason code along with the error code 49 that indicates the actual reason for the failure. Is it possible to get this kind of information through JNDI from a bind failure? Or maybe there's a better way to perform authentication?
Any help would be much appreciated!