I have enabled pwdMaxAge and the ppolicy correctly locks an account if the the password's age is older than the given definition. But when I bind to an account with an expired password I only get the regular InvalidCredentials response. I want to be able to give the user a more descriptive error message (like: Your password has expired).
I have enabled ppolicy_use_lockout, but how can I get hands on the password policy response? The following log entries occour when i try to bind to an account with a password which is about to expire / has expired: Jan 13 13:24:57 foobar slapd[72391]: ppolicy_bind: Setting warning for password expiry for uid=foobar,cn=Users,dc=foo,dc=bar = 89129 seconds ... Jan 13 13:47:32 foobar slapd[72391]: ppolicy_bind: Entry uid=foobar,cn=Users,dc=foo,dc=bar has an expired password: -1 grace logins Thanks in advance Jørgen Løkke
