On 11/10/11 4:55 PM, carlo.acco...@ibs-ag.com wrote:
Hi, Another question around failed login attempts.
We bind like this. With the env containing the user, pass and all other props.
LdapContext ctx = new InitialLdapContext(env,ctrls);
When the user supplies either an incorrect password or the account is locked, a
javax.naming.AuthenticationException is thrown.
And the resulting ctx is null, so there are no Response Controls available in
these cases.
In both failure modes the stack traces are identical except for the value of
ex.getMessage().
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot
authenticate user uid=xyz,o=corp]
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was
permanently locked]
Other than comparing the strings above, is there another way to determine which
event occurred?
Sadly, no. The message is a composition between an error code (49 =
invalid credentials) and a string giving some information about the error.
Each server might provide a different message.
Now, you might create a JIRA requesting that the error message contains
an error code like :
[LDAP: error code 49 - INVALID_CREDENTIALS: err12345 : Bind failed: account was
permanently locked]
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
