Hi!
We use OpenLDAP for user's authentication. And now also implemented password policy.
Authentication from Tomcat works without problem but customers find out about expired passwords only after unsuccessful binding when all limits are exceeded.
ldapsearch with option "-e ppolicy" shows info about necessary password change.
Is possible to get the same info by BIND operation performing from other systems side again OpenLDAP? Or we must create special functions in application for user attributes checking (pwdChangedTime, pwdGraceUseTime) and notification generation ?
Thanks in advance,