IDP v3 - OpenLDAP password policy - locked account

Emilio Penna emilio.penna at
Tue May 19 12:50:03 EDT 2015


I´m testing idp v3 with openldap password policy (ppolicy overlay).

I have configured ldap-authn-config.xml as suggested by comments in that
file, and seems to work OK.

Expired and expiring account warnings in the idp login page are working
fine. The issue is with locked accounts.

In case of locked accounts, I would like to inform the user with a
message like "Your account is locked".

I tested with a locked account, and the idp gives the message "The
password you entered was incorrect."
(Sniffing the ldap traffic I see the control in LDAP bindResponse:
controlType: passwordPolicy, error: accountLocked)

I saw some messages in idp source, referred to locked accounts
(, so I think that it could be possible to
inform the user of locked accounts.

any pointers?

thanks in advance

Emilio Penna
Universidad de la Republica
Montevideo - Uruguay

More information about the users mailing list