project is configured to enter the wrong password for 3 times in a row, that is, to lock the account for 5 seconds, but after 3 times of misinput, the correct password is used for openldap authentication during the lock period. It is found that the returned exception is the same as the password error exception, which is [LDAP: error code 49-Invalid Credentials]. How to distinguish between the account being locked and the password entered incorrectly?

how can I tell whether the account is locked or the password is entered incorrectly?

exception code authContext = new InitialLdapContext (env, controls);

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at com.cmcc.fcp.util.LdapUtil.authenticate(LdapUtil.java:102)
    at com.cmcc.fcp.controller.CustomAuthenticationHandler.seemsGood(CustomAuthenticationHandler.java:284)
    at com.cmcc.fcp.controller.CustomAuthenticationHandler.doAuthentication(CustomAuthenticationHandler.java:100)

how can I return different exceptions to distinguish? The point is how I distinguish between the two situations.