All
We're switching our portal across from authenticating external users on a standalone LDAP to a dedicated MS Active Directory Domain for external users.
The portal is configured ( test environment ) for the new active directory, and can authenticate accounts in that directory. So, the basics are working just fine.
A custom login module is in place, and for the standalone LDAP this implemented some custom logic to determine whether an account password had expired based on a password last set date.
What I'd like to do is leverage the standard active directory user account control attribute to determine when a password has expired, so that this can be policy driven.
Using standard LDAP Java, you can surface this information by binding with the userid and password, and AD returns some standard error codes depending on the status of the account.
ie. BIND with a user ID and the wrong password you get an error return code containing:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 52e, v893
BIND with a user ID with a valid password, but where the password has expired through AD policy, you get an error code returned containing:
LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 773, v893
I'd like to pickup these return codes, but can't see how to surface them in the custom login module. I can see documentation for SAP portal showing them appearing in the error logs, so they are there.
So the simple question is how can I surface MS Active Directory account status through UAC in a custom login module.
Thanks in advance.