tags:

views:

191

answers:

1

There is a password policy in place on OpenDS preventing i.e. multiple login failures. If user manages to pass the limit, the logs of LDAP server will show, i.e.:

[17/Oct/2009:17:51:11 +0200] BIND RES conn=91 op=0 msgID=1 result=49 authFailureID=197126 authFailureReason="Rejecting a bind request for user uid=XXXXXXXX,ou=users,dc=XXXXXXX,dc=hr because the account has been locked due to too many failed authentication attempts" etime=1

How to receive the LDAP response code in ANY Java client API (on bind()) other than the "49", which is a generic "Invalid Credentials" response for all kinds of errors that can happen. LDAPException in JLDAP, and Exception in JNDI don't seem to contain any more useful information (to show to the user on the presentation layer) besides the "49" and the aforementioned "Invalid Credentials" message. Looking at the logs defeats the purpose of password policy entirely.

Any ideas?

Best regards, Bozo

A: 

Solved. It seems you can't receive a numerical response, but you can turn on (in OpenDS config) error messages on bind, and then you have to parse response into your application codes for failed login. Ridiculous.

bozo