Do support checking the locked status of a user?
xiaolongzhou123 opened this issue · comments
Both incorrect password input and user lockout return the same result. How can these two situations be distinguished?
root@ldap-server:/# ldapwhoami -x -D "cn=abc,cn=dev,ou=tech,dc=example,dc=org" -H ldap://127.0.0.1 -w 12345678 -e ppolicy -v
ldap_initialize( ldap://127.0.0.1:389/??base )
ldap_bind: Invalid credentials (49); Account locked
dn: cn=abc,cn=dev,ou=tech,dc=example,dc=org
cn: abc
gidnumber: 500
givenname: abc
homedirectory: /home/users/1
loginshell: /bin/bash
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: abc
uid: 1
uidnumber: 1000
userpassword: {SSHA}9y1aXd4RvVJk1MM5Hxahn5aYNWV4wnO1
func main() {
l, err := ldap.Dial("tcp", "18.18.2.2:389")
if err != nil {
fmt.Println("连接失败", err)
}
_, err = l.SimpleBind(&ldap.SimpleBindRequest{
Username: "cn=abc,cn=dev,ou=tech,dc=example,dc=org",
Password: "123456",
})
fmt.Println(err)
}
"LDAP Result Code 49 "Invalid Credentials": "
I would suggest checking the underlying error first by type asserting it to the ldap error struct. There are additional fields which may have the information you desire.