ADSI does not return proper code for Password Expired
We are trying to modify a vendor supplied system to get it to authenticate using our LDAPs. The vendor app is a hybrid IIS ASP/ASP.NET application so it seems necessary to use ADSI for authentication. We have had the solution working for more than a year, but now we want to expire passwords in our LDAP.
We have been testing with both Netscape Gateway LDAP engine 4.13 and/or Sun One Directory Server Version 5.2. At the moment, the problem I am facing is that I get the same error code from ADSI whether the attempted password is bad or the user DN and password are good but the account has expired. In other words, I cannot differentiate between an expired password and bad typing during the login attempt.
In either case [bad password or password expired], I get, -2147023570 Automation error Logon failure: unknown user name or bad password. I can log in successfully with an unexpired UID/password using the code so it looks like I have no code error. I have tried several times to make sure I am typing everything OK. My results are consistent.
I have found example code on the web that suggests I should be seeing the "error -2147016672 (1 from NDS) - password expired".
Could there be some sort of Netscape or Sun One LDAP configuration parameter that prevents sending the password expired error code/message?
Any other ideas what might be wrong?
We've tested using VB, VBScript [directly] and VBScript in ASP. Always the same results.
Here are the relevant sample lines {in VBScript}
We have been testing with both Netscape Gateway LDAP engine 4.13 and/or Sun One Directory Server Version 5.2. At the moment, the problem I am facing is that I get the same error code from ADSI whether the attempted password is bad or the user DN and password are good but the account has expired. In other words, I cannot differentiate between an expired password and bad typing during the login attempt.
In either case [bad password or password expired], I get, -2147023570 Automation error Logon failure: unknown user name or bad password. I can log in successfully with an unexpired UID/password using the code so it looks like I have no code error. I have tried several times to make sure I am typing everything OK. My results are consistent.
I have found example code on the web that suggests I should be seeing the "error -2147016672 (1 from NDS) - password expired".
Could there be some sort of Netscape or Sun One LDAP configuration parameter that prevents sending the password expired error code/message?
Any other ideas what might be wrong?
We've tested using VB, VBScript [directly] and VBScript in ASP. Always the same results.
Here are the relevant sample lines {in VBScript}
Set adsDSO = GetObject("LDAP:")
on error resume next
Set adsUser = adsDSO.OpenDSObject("LDAP://ourmachine.cusys.edu:portGoesHere/uid=" & UserName & ",o=whatever,c=US", "uid=" & UserName & ",o=whatever,c=US", Password, 0)
if err.number 0 then
if err.number = -2147016672 then
' Cannot seem to get here.
response.write "Error code: " & err.number & "<P>"
response.write "Error code for expired password<P>"
elseif err.number = -2147023570 then
response.write "Error code: " & err.number & "<P>"
response.write "Error code for bad credentials<P>"
else
response.write "Error code: " & err.number & "<BR>"
response.write err.description & "<P>"
' do more stuff ...