1

I'm using OpenAM 10.0.1 connected to my LDAP and i would like to detect when the password has expired.

If i set the attribute pwdLastSet = 0 on my user in active directory, when i log in with openAM the reason of the error is "{"code":401,"reason":"Unauthorized","message":"Invalid password !"} instead of a specific message for the password expiration.

Is there a mean to detect the difference between an invalid password and an expired password?

Thanks in advance for your help.

Denis Cucchietti
  • 201
  • 6
  • 16
  • Are you using AD authentication module? The LDAP authentication module does not decode AD proprietary responses. However I'm not sure for 10.0.1 as it's quite old. – Bernhard Thalmayr Apr 04 '16 at 10:17
  • I was trying to do this same thing with OpenAM 13 connected to OpenDJ 3. Using ldapsearch directly, I was shown expiration warnings "your password will expire in xxx" and during grace logins "Your password has expired"... after grace logins I just received "Invalid Credentials", which I think is strange. All of those messages are available contacting the LDAP directly, however I couldn't get any of these messages through OpenAM REST API. I ether received a success or failure with the message "Authentication Failed". – Joseph Fitzgerald Jun 23 '16 at 21:49

0 Answers0