Hi!
We use OpenLDAP for user's authentication.
And now also implemented password policy.
Authentication
from Tomcat works without problem but customers find out about expired
passwords only after unsuccessful binding when all limits are exceeded.
ldapsearch with option "-e ppolicy" shows info about necessary password change.
Is possible to get the same info by BIND operation performing from other systems side again OpenLDAP?
Or
we must create special functions in application for user attributes
checking (pwdChangedTime, pwdGraceUseTime) and notification generation
?
Thanks in advance,