directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Carlo.Acco...@ibs-ag.com>
Subject ApacheDS differentiating Authentication Exceptions
Date Thu, 10 Nov 2011 15:55:32 GMT
Hi, Another question around failed login attempts.

We bind like this. With the env containing the user, pass and all other props.

LdapContext ctx = new InitialLdapContext(env,ctrls);

When the user supplies either an incorrect password or the account is locked, a javax.naming.AuthenticationException
is thrown.

And the resulting ctx is null, so there are no Response Controls available in these cases.

In both failure modes the stack traces are identical except for the value of ex.getMessage().

[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user
uid=xyz,o=corp]
[LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: account was permanently locked]

Other than comparing the strings above, is there another way to determine which event occurred?

We're running 2.0.0-M4-SNAPSHOT from the trunk.
Thank you.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message