How can openldap determine whether it is locked or user name password error caused by too many wrong passwords in a row?

The openldap on the

project is configured to enter the wrong password for 3 times in a row, that is, to lock the account for 5 seconds, but after 3 times of misinput, the correct password is used for openldap authentication during the lock period. It is found that the returned exception is the same as the password error exception, which is [LDAP: error code 49-Invalid Credentials]. How to distinguish between the account being locked and the password entered incorrectly?

how can I tell whether the account is locked or the password is entered incorrectly?

exception code authContext = new InitialLdapContext (env, controls);

javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3154)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3100)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2886)
    at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2800)
    at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
    at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
    at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
    at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
    at javax.naming.InitialContext.init(InitialContext.java:244)
    at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
    at com.cmcc.fcp.util.LdapUtil.authenticate(LdapUtil.java:102)
    at com.cmcc.fcp.controller.CustomAuthenticationHandler.seemsGood(CustomAuthenticationHandler.java:284)
    at com.cmcc.fcp.controller.CustomAuthenticationHandler.doAuthentication(CustomAuthenticationHandler.java:100)

how can I return different exceptions to distinguish? The point is how I distinguish between the two situations.

Jul.31,2021

generally speaking, in the details of error code 49, there should be a sub-code, similar to the following:
LDAP: error code 49-80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 701, v1db0

the child code above is 701, and each value has a different meaning. If you look it up on google, you can get:

< table > < thead > < tr > < th > Error Code < / th > < th > Description < / th > < / tr > < / thead > < tbody > < tr > < td > 525 < / td > < td > user not found < / td > < / tr > < tr > < td > 52e < / td > < td > invalid credentials < / td > < / tr > < tr > < td > 530 < / td > < td > not permitted to logon at this time < / td > < / tr > < tr > < td > 531 < / td > < td > not permitted to logon at this workstation < / td > < / tr > < tr > < td > 532 < / td > < td > password expired (remember to check the user set in osuser.xml also) < / td > < / tr > < tr > < td > 533 < / td > < td > account disabled < / td > < / tr > < tr > < td > 701 < / td > < td > account expired < / td > < / tr > < tr > < td > 773 < / td > < td > user must reset password < / td > < / tr > < tr > < td > 775 < / td > < td > user account locked < / td > < / tr > < / tbody > < / table >

so you can tell whether you are lock or not

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e95d52-158e.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e95d52-158e.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?